On Sun, 2 Jan 2011 19:45:09 +0900 Norikatsu Shigemura <[email protected]> wrote:
> Hi Klaus. > > On openCryptoki, dlopen(3) assumes that resolve relative path > by /etc/ld.so.conf.d/opencryptoki.conf. However, on FreeBSD, > even if 'ldconfig -m /usr/local/lib/opencryptoki/stdll' (same > as /etc/ld.so.conf.d/opencryptoki.conf), dlopen(3) doesn't > resolve relative path (path name required .so.1 suffix). So > libopencryptoki.so can't load STDLLs. > > I made a patch to fix this issue by absolute path instead of > relative path. I guess this is ok. The relative path was introduced in commit 25feaa2b as part of making opencryptoki useful in bi-arch architecture. But since only one pkcsslotd instance is running at a given time, and only pkcsslotd itself should make use of pk_config_data, I think it's OK to use full paths to bit-mode dependent libraries. Thanks for the patch. Applied to the master branch. PS.: If you'd like to complement this patch, please remove any references to the $<TOK>_FN variables in the file below. They don't seem to be useful anymore. -Klaus > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > --- opencryptoki-2.3.2/usr/sbin/pkcs_slot/pkcs_slot.in.orig 2010-07-29 > 21:28:41.000000000 +0900 > +++ opencryptoki-2.3.2/usr/sbin/pkcs_slot/pkcs_slot.in 2011-01-02 > 18:45:17.577675947 +0900 > @@ -477,29 +477,29 @@ > > if [ $DEPTH = "deep" ] > then > -echo > "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|$DEVICE|$DEEP4758_DLL_FN|$DEEP4758_INIT" > >>$CFGFILE > +echo > "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|$DEVICE|$DEEP4758_DLL|$DEEP4758_INIT" > >>$CFGFILE > > elif [ $DEPTH = "ica" ] > then > -echo > "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$ICA_DLL_FN|$ICA_INIT" > >>$CFGFILE > +echo > "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$ICA_DLL|$ICA_INIT" > >>$CFGFILE > elif [ $DEPTH = "bcom" ] > then > -echo > "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$BCOM_DLL_FN|$BCOM_INIT" > >>$CFGFILE > +echo > "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$BCOM_DLL|$BCOM_INIT" > >>$CFGFILE > elif [ $DEPTH = "aep" ] > then > -echo > "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$AEP_DLL_FN|$AEP_INIT" > >>$CFGFILE > +echo > "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$AEP_DLL|$AEP_INIT" > >>$CFGFILE > elif [ $DEPTH = "cr" ] > then > -echo > "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CR_DLL_FN|$CR_INIT" > >>$CFGFILE > +echo > "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CR_DLL|$CR_INIT" > >>$CFGFILE > elif [ $DEPTH = "soft" ] > then > -echo > "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|FALSE|0|0|1|1|NONE|$SOFT_DLL_FN|$SOFT_INIT" > >>$CFGFILE > +echo > "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|FALSE|0|0|1|1|NONE|$SOFT_DLL|$SOFT_INIT" > >>$CFGFILE > elif [ $DEPTH = "tpm" ] > then > -echo > "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$TPM_DLL_FN|$TPM_INIT" > >>$CFGFILE > +echo > "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$TPM_DLL|$TPM_INIT" > >>$CFGFILE > elif [ $DEPTH = "cca" ] > then > -echo > "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CCA_DLL_FN|$CCA_INIT" > >>$CFGFILE > +echo > "TRUE|0|$SLOT_DESCRIPTION|$MANUFACTURER|TRUE|FALSE|TRUE|0|0|1|1|NONE|$CCA_DLL|$CCA_INIT" > >>$CFGFILE > fi > > @CHMOD@ -R g+wrX @localstatedir@/lib/opencryptoki > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > > Thank you. > -- Klaus Heinrich Kiwi | [email protected] | http://blog.klauskiwi.com Open Source Security blog : http://www.ratliff.net/blog IBM Linux Technology Center : http://www.ibm.com/linux/ltc ------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl _______________________________________________ Opencryptoki-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
