[Bug 1968175] Re: Allow runtime configuration of pkcs11 modules through config file
In other distributions opensc by default is configured to use: PKCS11 default provider: /usr/lib64/opensc-pkcs11.so PKCS11 onepin provider: /usr/lib64/onepin-opensc-pkcs11.so which we do on Ubuntu as well, but with multiarch paths. However, I see that other distributions ship .module files to allow using opensc-pkcs11 via p11-kit proxy. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968175 Title: Allow runtime configuration of pkcs11 modules through config file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libp11/+bug/1968175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968175] Re: Allow runtime configuration of pkcs11 modules through config file
I see that in Fedora opensc provides a p11kit module to allow using opensc-pkcs11.so via p11-kit's proxy module https://src.fedoraproject.org/rpms/opensc/blob/rawhide/f/opensc.module -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968175 Title: Allow runtime configuration of pkcs11 modules through config file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libp11/+bug/1968175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968175] Re: Allow runtime configuration of pkcs11 modules through config file
libp11 in Ubuntu uses p11-kit-proxy.so by default already, so I don't believe it needs changing does it? Focal: https://launchpad.net/ubuntu/+source/libp11/0.4.10-1 https://launchpad.net/ubuntu/+source/libp11/0.4.10-1/+build/17239024 https://launchpadlibrarian.net/432332202/buildlog_ubuntu-eoan-amd64.libp11_0.4.10-1_BUILDING.txt.gz Default PKCS11 module: /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so Jammy: https://launchpad.net/ubuntu/+source/libp11/0.4.11-1build3 https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/4813-deletedppa/+build/23497085 https://launchpadlibrarian.net/592757435/buildlog_ubuntu-jammy-amd64.libp11_0.4.11-1build3_BUILDING.txt.gz Default PKCS11 module: /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so ** Changed in: libp11 (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968175 Title: Allow runtime configuration of pkcs11 modules through config file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libp11/+bug/1968175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968175] Re: Allow runtime configuration of pkcs11 modules through config file
** Description changed: - To be able to switch modules at runtime via configuration file change the default module from opensc-pkcs11 to p11-proxy module, which by default loads opensc-pkcs11 module unless configured by administrator to use something else. - This also allows configuration where multiple modules can be used together through the p11-proxy module. + [Impact] - This aligns Ubuntu closer with other distributions, and allows using the - same builds of opensc in embedded configurations on Ubuntu Core with + * To be able to switch modules at runtime via configuration file change + the default module from opensc-pkcs11 to p11-proxy module, which by + default loads opensc-pkcs11 module unless configured by administrator to + use something else. + + * This also allows configuration where multiple modules can be used + together through the p11-proxy module. + + * This aligns Ubuntu closer with other distributions, and allows using + the same builds of opensc in embedded configurations on Ubuntu Core with specialized modules - ProblemType: Bug - DistroRelease: Ubuntu 20.04 - Package: opensc 0.20.0-3 - ProcVersionSignature: Ubuntu 5.4.0-107.121-generic 5.4.174 - Uname: Linux 5.4.0-107-generic aarch64 - NonfreeKernelModules: zfs zunicode zcommon znvpair zavl icp prl_fs_freeze prl_fs prl_tg - ApportVersion: 2.20.11-0ubuntu27.21 - Architecture: arm64 - Date: Thu Apr 7 14:50:08 2022 - InstallationDate: Installed on 2021-11-08 (150 days ago) - InstallationMedia: Ubuntu-Server 20.04.3 LTS "Focal Fossa" - Release arm64 (20210824) - SourcePackage: opensc - UpgradeStatus: No upgrade log present (probably fresh install) + [Test Plan] + + * detailed instructions how to reproduce the bug + + * these should allow someone who is not familiar with the affected +package to reproduce the bug and verify that the updated package fixes +the problem. + + * if other testing is appropriate to perform before landing this update, +this should also be described here. + + [Where problems could occur] + + * Think about what the upload changes in the software. Imagine the change is +wrong or breaks something else: how would this show up? + + * It is assumed that any SRU candidate patch is well-tested before +upload and has a low overall risk of regression, but it's important +to make the effort to think about what ''could'' happen in the +event of a regression. + + * This must '''never''' be "None" or "Low", or entirely an argument as to why +your upload is low risk. + + * This both shows the SRU team that the risks have been considered, +and provides guidance to testers in regression-testing the SRU. + + [Other Info] + + * Anything else you think is useful to include + * Anticipate questions from users, SRU, +1 maintenance, security teams and the Technical Board + * and address these questions in advance ** Changed in: opensc (Ubuntu) Status: Confirmed => Incomplete ** Changed in: libp11 (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968175 Title: Allow runtime configuration of pkcs11 modules through config file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libp11/+bug/1968175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968175] Re: Allow runtime configuration of pkcs11 modules through config file
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: opensc (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968175 Title: Allow runtime configuration of pkcs11 modules through config file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libp11/+bug/1968175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968175] Re: Allow runtime configuration of pkcs11 modules through config file
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: libp11 (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968175 Title: Allow runtime configuration of pkcs11 modules through config file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libp11/+bug/1968175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968175] Re: Allow runtime configuration of pkcs11 modules through config file
Attached examples with changes to address this bug: https://git.launchpad.net/~ondrak/ubuntu/+source/opensc/commit/?h=ubuntu/focal&id=5866e8c8397b896f002e784ecc3d03005943e00a https://git.launchpad.net/~ondrak/ubuntu/+source/libp11/commit/?h=ubuntu/focal&id=6df6a659416fcc1c3ffc46346e7edb38eb10b3d4 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968175 Title: Allow runtime configuration of pkcs11 modules through config file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libp11/+bug/1968175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1968175] Re: Allow runtime configuration of pkcs11 modules through config file
** Also affects: libp11 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1968175 Title: Allow runtime configuration of pkcs11 modules through config file To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libp11/+bug/1968175/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
