rpmlint warnings/errors
Kent E Yoder
yoder1 at us.ibm.com
Wed Jun 7 15:04:36 UTC 2006
fedora-extras-list-bounces at redhat.com wrote on 06/07/2006 09:18:15 AM:
> On Wed, 7 Jun 2006 07:58:33 -0500, Daniel H Jones wrote:
>
> > There is a versioned .so file, however, applications that use this
package
> > often perform a dlopen(libopencryptoki.so, ...) at runtime. Removing
this
> > link from the base package would cause problems for those applications
> > (or force the installer to create the symlinks themselves).
>
> No application should ever dlopen the non-versioned .so at run-time. If
it
> does, it needs to be patched. An application is built for a specific
> API/ABI and must not expect an arbitrary .so to be the right one.
You are absolutely correct under normal circumstances, but this is a bit
of a special case. libopencryptoki.so implements the PKCS#11 API, which
is designed to be used in exactly this way. PKCS#11 apps routinely provide
a way for you to specify which PKCS#11 API .so you'd like to use. This is
because different PKCS#11 implementations *should* be interchangeable,
since they each provide the same API, but may support different hardware
under the covers. In fact, fedora already ships one such program with the
opensc package, "pkcs11-tool".
> > DHJ> W: opencryptoki devel-file-in-non-devel-package
> > DHJ> /usr/lib/libopencryptoki.so
>
> Also note that ldconfig creates a symbolic link from *.so to the most
> recent versioned *.so.X, which would break such an application badly
when
> multiple versions are installed.
In this case it shouldn't, and if it does, we have a bug to fix. :-) The
PKCS#11 API actually provides an API to get its own list of implemented
functions and API version level. PKCS#11 apps must be designed in such a
way as to query these in order to keep from breaking.
Thanks,
Kent
>
> --
> fedora-extras-list mailing list
> fedora-extras-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-extras-list
More information about the fedora-extras-list
mailing list