Public bug reported: When opencryptoki is installed, it creates a symlink from /etc/pkcs11 to /var/lib/opencryptoki, which is readable only by root.
This means that anything using p11-kit to find the PKCS#11 modules which are configured to be available in the system (which is basically any well-behaved application) now breaks: $ openconnect -c 'pkcs11:token=eToken;id=%01' server.example.com POST https://server.example.com/ Attempting to connect to server [fec0::1]:443 p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Permission denied Error loading certificate from PKCS#11: PKCS #11 initialization error. Loading certificate failed. Aborting. $ p11tool --list-tokens p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Permission denied pkcs11_init: PKCS #11 initialization error. ** Affects: opencryptoki (Ubuntu) Importance: Undecided Status: New ** Affects: p11-kit (Ubuntu) Importance: Undecided Status: New ** Also affects: p11-kit (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to p11-kit in Ubuntu. https://bugs.launchpad.net/bugs/1648634 Title: opencryptoki breaks p11-kit Status in opencryptoki package in Ubuntu: New Status in p11-kit package in Ubuntu: New Bug description: When opencryptoki is installed, it creates a symlink from /etc/pkcs11 to /var/lib/opencryptoki, which is readable only by root. This means that anything using p11-kit to find the PKCS#11 modules which are configured to be available in the system (which is basically any well-behaved application) now breaks: $ openconnect -c 'pkcs11:token=eToken;id=%01' server.example.com POST https://server.example.com/ Attempting to connect to server [fec0::1]:443 p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Permission denied Error loading certificate from PKCS#11: PKCS #11 initialization error. Loading certificate failed. Aborting. $ p11tool --list-tokens p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Permission denied pkcs11_init: PKCS #11 initialization error. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/1648634/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp