[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: rpmlint warnings/errors




Michael Schwendt wrote:
> On Wed, 7 Jun 2006 09:04:36 -0600, Kent E Yoder wrote:
> 
>>> No application should ever dlopen the non-versioned .so at run-time. If 
>> it
>>> does, it needs to be patched. An application is built for a specific
>>> API/ABI and must not expect an arbitrary .so to be the right one.
>>   You are absolutely correct under normal circumstances, but this is a bit 
>> of a special case.  libopencryptoki.so implements the PKCS#11 API, which 
>> is designed to be used in exactly this way. PKCS#11 apps routinely provide 
>> a way for you to specify which PKCS#11 API .so you'd like to use.  This is 
>> because different PKCS#11 implementations *should* be interchangeable, 
>> since they each provide the same API, but may support different hardware 
>> under the covers.  In fact, fedora already ships one such program with the 
>> opensc package, "pkcs11-tool".
> 
> Well, then this is the kind of reply the reviewer should get, which
> explains why the .so is not in the -devel package.
> 
> However, it would be better if these plugin DSOs were located in a special
> directory and not in standard library search path.
> 

As is done with ctapi DSO's which work essentially the same, I feel like
I'm beating a dead horse here, please take a look at the ctapi-cyberjack
review:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188369

Which has this fixed exactly as you suggest by putting them in a special
dir while still providing a way for apps to find them.

Regards,

Hans


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]