|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
Just to close the loop on this, due to lack of time I've been unable
to further debug my Coolkey issues on OpenSolaris/Solaris 11
I found an alternate solution for the newer PIV-compliant CACs DoD has begun issuing:
I've posted build instructions using the Sun Studio compiler 12 tools on Solaris 11 Express snv_151a on the opensolaris crypto-discuss mailing list. If anyone wants/needs to use a PIV-compliant DoD CAC on Solaris 11 Express, that message thread is readily findable on Google by searching the terms "OpenSolaris DoD CAC." I'd also be happy to pass along what I did if anyone wants to drop me a line.
It's a shame I couldn't get this working with Coolkey, but as the older CACs are phased out in favor of the newer PIV-compliant CACs, the need for older CAC support should become an unhappy memory.
Thank you to everyone for your help with this!
On 06/10/10 01:31 AM, John Magne wrote:
Perhaps you could try running pk11util in the debugger and set a break point right before trying your first pkcs11 operation? ----- Original Message ----- From: "Kevin Reinholz" <kreinholz@xxxxxxxxx> To: Coolkey-devel@xxxxxxxxxx Sent: Tuesday, June 8, 2010 11:17:02 PM GMT -08:00 US/Canada Pacific Subject: Re: Cool-Key on Solaris Still hitting a brick wall. On 04/28/10 10:19 AM, Kevin Reinholz wrote: According to this link ( https://rhn.redhat.com/errata/RHBA-2010-0068.html ), there were some recent bug fixes introduced into Coolkey. However, the source listed and linked to here ( http://www.directory.fedora.redhat.com/wiki/CoolKey ) is version 1.1.0 from 2007... Are there more up-to-date sources available for Coolkey? The Jan 2010 bug fix advisory mentioning version 1.1.0-14 for RHEL referenced two bugs that would probably cause similar symptoms to what I'm experiencing on OpenSolaris: https://bugzilla.redhat.com/show_bug.cgi?id=245529 https://bugzilla.redhat.com/show_bug.cgi?id=443127 Are there more up-to-date sources I should be attempting to build and install Coolkey from? Found bug fix patches for coolkey-1.1.0 here: ftp://gd.tuwien.ac.at/opsys/linux/fedora/linux/releases/13/Everything/source/SRPMS/ (Any Fedora mirror with source rpms should work). Downloaded the file: coolkey-1.1.0-14.fc13.src.rpm There are 5 patches included along with a tar.gz archive of the coolkey-1.1.0 source. I manually applied the patches and did the Solaris 10 workarounds (adding a few lines regarding MAP_FILE to src/coolkey/machdep.cpp and deleting the blank line 19 from src/coolkey/coolkeypk11.def Then I built coolkey the same way I've been doing on OpenSolaris: env LIBUSB_CLFAGS="-I/usr/include" LIBUSB_LIBS="-L/usr/lib -lusb" PCSC_CFLAGS=-I/usr/local/include/PCSC PCSC_LIBS="-L/usr/local/lib -lpcsclite" ./configure --sysconfdir=/etc --prefix=/usr/local make pfexec make install Unfortunately Firefox still complains that it is unable to add libcoolkeypk11.so as a security module. I tried to initialize libcoolkeypk11.so with pk11util: /usr/local/bin/pk11util pkcs11> C_Initialize /usr/local/lib/pkcs11/libcoolkeypk11.soError : CKR_CRYPTOKI_NOT_INITIALIZEDSegmentation Fault (core dumped) Doesn't look encouraging. On 04/20/10 10:22 AM, Kevin Reinholz wrote: On 04/20/10 10:03 AM, John Magne wrote: Yeah it sounds like maybe the module is not getting hit. Have you tried doing the ldd on the module file to see if there are any missing dependencies? reinholz@etrenank:~$ ldd /usr/local/lib/pkcs11/libcoolkeypk11.so libckyapplet.so.1 => /usr/local/lib/libckyapplet.so.1 libdl.so.1 => /lib/libdl.so.1 libz.so.1 => /lib/libz.so.1 libstdc++.so.6 => /usr/sfw/lib/libstdc++.so.6 libm.so.2 => /lib/libm.so.2 libgcc_s.so.1 => /usr/sfw/lib/libgcc_s.so.1 libc.so.1 => /lib/libc.so.1 The same exact libs show as linked to libcoolkeypk11.so after compiling the patched version. Nothing jumps out as missing.. thanks, jack ----- Original Message ----- From: "Kevin Reinholz" <kreinholz@xxxxxxxxx> To: Coolkey-devel@xxxxxxxxxx Sent: Monday, April 19, 2010 5:39:22 PM GMT -08:00 US/Canada Pacific Subject: Re: Cool-Key on Solaris On 04/20/10 01:30 AM, John Magne wrote: Here is something to try. Before starting firefix, set this variable: COOL_KEY_LOG_FILE=/tmp/cool.log Then start firefox in the same terminal. After the module load fails, you can see if there is something in the log file. I tried by doing the following: export COOL_KEY_LOG_FILE=/tmp/cool.log firefox& Then attempting to add /usr/local/lib/pkcs11/libcoolkeypk11.so as a Security Module in Firefox. Unfortunately, the log file was empty/not created, implying my error is very early in the loading process(?) Same as before, attempting to create a coolkey log file before launching Firefox resulted in no file being created... I've built pk11util so with some examples I can run some tests on libcoolkeypk11.so using pk11util. Thanks for your help! Kevin _______________________________________________ I'm out of ideas unless anyone has additional suggestions. It looks like the differences between Solaris 10 and OpenSolaris are preventing coolkey from giving me any love. Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel _______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel
_______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel
[Home] [Fedora Legacy List] [Fedora Maintainers] [Fedora Desktop] [Red Hat 9 Bible] [Fedora Bible] [Fedora SELinux] [Big List of Linux Books] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools]