[Bug 512954] New: Review Request: openCryptoki - Implementation of the PKCS#11 (Cryptoki) specification v2.11

bugzilla at redhat.com bugzilla at redhat.com
Tue Jul 21 13:34:32 UTC 2009 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

Summary: Review Request: openCryptoki - Implementation of the PKCS#11 (Cryptoki) specification v2.11

https://bugzilla.redhat.com/show_bug.cgi?id=512954

           Summary: Review Request: openCryptoki - Implementation of the
                    PKCS#11 (Cryptoki) specification v2.11
           Product: Fedora
           Version: rawhide
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: medium
          Priority: medium
         Component: Package Review
        AssignedTo: nobody at fedoraproject.org
        ReportedBy: mschmidt at redhat.com
         QAContact: extras-qa at fedoraproject.org
                CC: notting at redhat.com, fedora-package-review at redhat.com
   Estimated Hours: 0.0
    Classification: Fedora
    Target Release: ---


Spec URL: http://michich.fedorapeople.org/openCryptoki/openCryptoki.spec
SRPM URL:
http://michich.fedorapeople.org/openCryptoki/openCryptoki-2.2.8-2.fc11.src.rpm
Description:
openCryptoki implements the PKCS#11 specification v2.11. It includes support
for cryptographic hardware such as the Trusted Platform Module (TPM) as well as
a software token for testing.

Scratch build in Koji:
http://koji.fedoraproject.org/koji/taskinfo?taskID=1489377

rpmlint output:

openCryptoki.src: W: strange-permission pkcs_slot.sh 0755
openCryptoki.src: W: strange-permission pkcs11_startup.sh 0755
-- 0755 is reasonable permission for executable scripts.

openCryptoki-devel.x86_64: W: no-documentation
-- True, but I don't think it's necessary to include the PKCS#11 specification
in the package.

openCryptoki.x86_64: W: devel-file-in-non-devel-package
/usr/lib64/opencryptoki/stdll/libpkcs11_sw.so
openCryptoki.x86_64: W: devel-file-in-non-devel-package
/usr/lib64/opencryptoki/libopencryptoki.so
openCryptoki.x86_64: W: devel-file-in-non-devel-package
/usr/lib64/opencryptoki/stdll/libpkcs11_tpm.so
-- The *.so files are needed for openCryptoki to work as expected. The
pkcs11_startup script must find /usr/lib64/opencryptoki/stdll/*.so , otherwise
the daemon won't run. And the documentation suggests that applications should
dlopen PKCS11_API.so (which is a symlink to libopencryptoki.so).

openCryptoki.x86_64: W: non-standard-gid /var/lib/opencryptoki pkcs11
openCryptoki.x86_64: E: non-standard-dir-perm /var/lib/opencryptoki 0770
-- /var/lib/opencryptoki is owned by root:pkcs11. The pkcs11 group is created
in %pre scriptlet.

openCryptoki.x86_64: W: dangling-relative-symlink
/usr/lib64/opencryptoki/methods ../../sbin
openCryptoki.x86_64: W: dangling-relative-symlink /usr/lib64/pkcs11/methods
../../sbin
-- The symlinks point to /usr/sbin, which is always present (owned by the
"filesystem" package).

openCryptoki.x86_64: W: non-conffile-in-etc
/etc/ld.so.conf.d/opencryptoki-x86_64.conf
openCryptoki.x86_64: W: incoherent-init-script-name pkcsslotd ('opencryptoki',
'opencryptokid')
-- This is intentional, pkcsslotd is the name of the daemon.

There was a review request for openCryptoki some time ago, but it was abandoned
(bug 426152).
BTW, openCryptoki can provide access to interesting cryptographic hardware on
s390, but it's not what I'm focusing on for now.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the Fedora-package-review mailing list