Critical parts of library missing from the package

Bug #198618 reported by David Smith
16
Affects Status Importance Assigned to Milestone
opencryptoki (Ubuntu)
Fix Released
Medium
Emilio Pozuelo Monfort
Hardy
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: opencryptoki

Package: opencryptoki
Version: 2.2.5+dfsg-1ubuntu1

Why did you remove /usr/lib/opencryptoki/stdll/* from the package?

$ ls -al debian/tmp/usr/lib/opencryptoki/stdll/
Total 616
drwxr-xr-x 2 dds dds 4096 2008-03-04 14:43 .
drwxr-xr-x 3 dds dds 4096 2008-03-04 14:43 ..
lrwxrwxrwx 1 dds dds 15 2008-03-04 14:43 PKCS11_SW.so -> libpkcs11_sw.so
-rwxr-xr-x 1 dds dds 830 2008-03-04 14:43 libpkcs11_sw.la
lrwxrwxrwx 1 dds dds 21 2008-03-04 14:43 libpkcs11_sw.so -> libpkcs11_sw.so.0.0.0
lrwxrwxrwx 1 dds dds 21 2008-03-04 14:43 libpkcs11_sw.so.0 -> libpkcs11_sw.so.0.0.0
-rwxr-xr-x 1 dds dds 301238 2008-03-04 14:43 libpkcs11_sw.so.0.0.0
-rwxr-xr-x 1 dds dds 852 2008-03-04 14:43 libpkcs11_tpm.la
lrwxrwxrwx 1 dds dds 22 2008-03-04 14:43 libpkcs11_tpm.so -> libpkcs11_tpm.so.0.0.0
lrwxrwxrwx 1 dds dds 22 2008-03-04 14:43 libpkcs11_tpm.so.0 -> libpkcs11_tpm.so.0.0.0
-rwxr-xr-x 1 dds dds 299061 2008-03-04 14:43 libpkcs11_tpm.so.0.0.0

Those are the backends (software and TPM) that opencryptoki requires to do anything useful. Please add them back-in!
The whole point of this package is to be able to use the TPM chip as a PKCS11 smartcard and without that libpkcs11_tpm.so.0.0.0 it's impossible.

Also, please be careful with the contents of /usr/lib/pkcs11; the symlink "methods -> ../../sbin" is dangerous and the PKCS11_API.so symlink is not managed by alternatives so it will become contentious with other PCKS11 libraries. Better to just not set it in the first place.

Cheers,
- dds

/etc/lsb-release:
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=8.04
DISTRIB_CODENAME=hardy
DISTRIB_DESCRIPTION="Ubuntu hardy (development branch)"

Revision history for this message
Emil Sit (emilsit) wrote :

Hello,

I am not familiar with this package but these files are definitely missing from the Ubuntu package, while being present in the Debian one. I compared:
    http://packages.debian.org/lenny/i386/libopencryptoki0/filelist
    http://packages.ubuntu.com/hardy/i386/libopencryptoki0/filelist

I'll mark this as confirmed and subscribe Stephan Hermann who last uploaded the package.

Thanks.

Changed in opencryptoki:
status: New → Confirmed
Revision history for this message
Ondřej Surý (ondrej) wrote :

Just put back:

/usr/lib/opencryptoki/stdll/*.so.*

to libopencryptoki0.install

and

/usr/lib/opencryptoki/stdll/*.la
/usr/lib/opencryptoki/stdll/*.so

to libopencryptoki-dev.install

Comment in 2.2.5+dfsg-1ubuntu1 says:

  * debian/libopencryptoki0.install, debian/libopencryptoki-dev.install:
    - removed /usr/lib/opencryptoki/stdll/*, it's empty now

But it's not empty (at least on amd64 platform, where I just did recompilation).

Revision history for this message
Emilio Pozuelo Monfort (pochu) wrote :

Fix uploaded.

Changed in opencryptoki:
assignee: nobody → pochu
importance: Undecided → Medium
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package opencryptoki - 2.2.5+dfsg-1ubuntu4

---------------
opencryptoki (2.2.5+dfsg-1ubuntu4) intrepid; urgency=low

  * Revert changes from 2.2.5+dfsg-1ubuntu1 (install stdll files again).
    LP: #198618.
  * Also fail the build if there's files not installed (reverts previous
    upload).

  * The package can be synced with the next Debian upload.

 -- Emilio Pozuelo Monfort <email address hidden> Thu, 29 May 2008 18:44:43 +0200

Changed in opencryptoki:
status: Fix Committed → Fix Released
Revision history for this message
Emilio Pozuelo Monfort (pochu) wrote :

MOTU SRU:

Attached debdiff for hardy-proposed, please let me know if it's ok to upload it.

Revision history for this message
Luca Falavigna (dktrkranz) wrote :

ACK from motu-sru, but please replace version with 2.2.5+dfsg-1ubuntu1.1, thanks.

Revision history for this message
Emilio Pozuelo Monfort (pochu) wrote : Re: [Bug 198618] Re: Critical parts of library missing from the package

Luca Falavigna wrote:
> ACK from motu-sru, but please replace version with 2.2.5+dfsg-
> 1ubuntu1.1, thanks.
>

Thanks, uploading to hardy-proposed as 2.2.5+dfsg-1ubuntu1.1

Revision history for this message
Martin Pitt (pitti) wrote :

Accepted into -proposed, please test and give feedback here

Changed in opencryptoki:
status: Confirmed → Fix Committed
Revision history for this message
David Smith (dds) wrote :

Please rebuild 2.2.5+dfsg-1ubuntu1.1 against the version of openssl available in hardy-updates. Currently, it depends on libssl0.9.8 (>= 0.9.8f-1) which is not available in hardy-proposed.

Changed in opencryptoki:
status: Fix Committed → Incomplete
Revision history for this message
David Smith (dds) wrote :

Another remaining issue before this is usable: symlinks of the form /usr/lib/opencryptoki/stdll/libpkcs11_sw.so -> libpkcs11_sw.so.0.0.0 are required, unless you patch opencryptoki to look for libpkcs11_sw.so.0 instead. See debian bug #481453

Revision history for this message
Emilio Pozuelo Monfort (pochu) wrote :

David Smith wrote:
> Please rebuild 2.2.5+dfsg-1ubuntu1.1 against the version of openssl
> available in hardy-updates. Currently, it depends on libssl0.9.8 (>=
> 0.9.8f-1) which is not available in hardy-proposed.
>
> ** Changed in: opencryptoki (Ubuntu Hardy)
> Status: Fix Committed => Incomplete
>

There is 0.9.8g-4ubuntu3 in hardy and 0.9.8g-4ubuntu3.1 in hardy-updates. Both
are higher than 0.9.8f, so a Depends on something >= 0.9.8f-1 is satisfied.

i can't see the problem there

Revision history for this message
Emilio Pozuelo Monfort (pochu) wrote :

David Smith wrote:
> Another remaining issue before this is usable: symlinks of the form
> /usr/lib/opencryptoki/stdll/libpkcs11_sw.so -> libpkcs11_sw.so.0.0.0 are
> required, unless you patch opencryptoki to look for libpkcs11_sw.so.0
> instead. See debian bug #481453
>

Ok, I didn't do that change because I wasn't aware of it :)

would you mind opening a bug report about it in Launchpad, so I can close it
with the next upload? The SRU policy enforces me to close a Launchpad bug with
every upload (at least for main, not sure about universe)

Revision history for this message
David Smith (dds) wrote :

Emilio Pozuelo Monfort <email address hidden> writes:

> David Smith wrote:
>> Please rebuild 2.2.5+dfsg-1ubuntu1.1 against the version of openssl
>> available in hardy-updates. Currently, it depends on libssl0.9.8 (>=
>> 0.9.8f-1) which is not available in hardy-proposed.
>>
>> ** Changed in: opencryptoki (Ubuntu Hardy)
>> Status: Fix Committed => Incomplete
>>
>
> There is 0.9.8g-4ubuntu3 in hardy and 0.9.8g-4ubuntu3.1 in hardy-updates. Both
> are higher than 0.9.8f, so a Depends on something >= 0.9.8f-1 is satisfied.
>
> i can't see the problem there

You're right and there isn't. Sorry, I'm going to go and review the
alphabet :(

- dds

Revision history for this message
David Smith (dds) wrote :

Emilio Pozuelo Monfort <email address hidden> writes:

> David Smith wrote:
>> Another remaining issue before this is usable: symlinks of the form
>> /usr/lib/opencryptoki/stdll/libpkcs11_sw.so -> libpkcs11_sw.so.0.0.0 are
>> required, unless you patch opencryptoki to look for libpkcs11_sw.so.0
>> instead. See debian bug #481453
>>
>
> Ok, I didn't do that change because I wasn't aware of it :)
>
> would you mind opening a bug report about it in Launchpad, so I can close it
> with the next upload? The SRU policy enforces me to close a Launchpad bug with
> every upload (at least for main, not sure about universe)

ok, sorry about that. Opened bug #237392 . Changing this bug's status to
fixed.

Cheers,
- dds

Changed in opencryptoki:
status: Incomplete → Fix Committed
Revision history for this message
Emilio Pozuelo Monfort (pochu) wrote :

Thanks! Fixed in Intrepid, waiting for confirmation for Hardy.

Revision history for this message
Martin Pitt (pitti) wrote :

Accepted into -proposed, please test and give feedback here

Revision history for this message
Emilio Pozuelo Monfort (pochu) wrote :

This is alright, but it needs to go together with the fix in bug 237392 which still needs verification.

Revision history for this message
Emilio Pozuelo Monfort (pochu) wrote :

This was already copied to hardy-updates.

Changed in opencryptoki:
importance: Undecided → Medium
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.