Re: rpmlint warnings/errors

> On Wed, 7 Jun 2006 07:58:33 -0500, Daniel H Jones wrote:
> > There is a versioned .so file, however, applications that use this 
> > often perform a dlopen(libopencryptoki.so, ...) at runtime. Removing 
> > link from the base package would cause problems for those applications
> > (or force the installer to create the symlinks themselves).
> No application should ever dlopen the non-versioned .so at run-time. If 
> does, it needs to be patched. An application is built for a specific
> API/ABI and must not expect an arbitrary .so to be the right one.

  You are absolutely correct under normal circumstances, but this is a bit 
of a special case.  libopencryptoki.so implements the PKCS#11 API, which 
is designed to be used in exactly this way. PKCS#11 apps routinely provide 
a way for you to specify which PKCS#11 API .so you'd like to use.  This is 
because different PKCS#11 implementations *should* be interchangeable, 
since they each provide the same API, but may support different hardware 
under the covers.  In fact, fedora already ships one such program with the 
opensc package, "pkcs11-tool".
> > DHJ> W: opencryptoki devel-file-in-non-devel-package
> > DHJ> /usr/lib/libopencryptoki.so
> Also note that ldconfig creates a symbolic link from *.so to the most
> recent versioned *.so.X, which would break such an application badly 
> multiple versions are installed.

  In this case it shouldn't, and if it does, we have a bug to fix. :-) The 
PKCS#11 API actually provides an API to get its own list of implemented 
functions and API version level.  PKCS#11 apps must be designed in such a 
way as to query these in order to keep from breaking.


