Hello again, The ebuild of openCryptoki-3 currently available in Portage, dev-libs/opencryptoki-3.3, contains several problems, some of them Gentoo-specific and some also present upstream: 1. [Gentoo] The init.d file it installs fails because unlike in openCryptoki-2, the binary pcks11_startup no longer exists; 2. [Gentoo] As a consequence of the above the directory /var/lib/opencryptoki and its contents do not get created at run time. The upstream installation procedure does create them but the ebuild immediately deletes them from the image. Without these directories, pkcsslotd quietly terminates immediately after launch; 3. [Upstream] The code contains some missing function declarations and linker symbols. None of them cause the build to fail (the linker does not complain because affected libraries are only loaded at run time using dlopen()) but some of them can affect functionality, in particular the TPM back-end is useless without a fix; 4. [Upstream] Certain man pages get installed even when installation of corresponding binaries has been disabled at configure time; 5. [both] The package does provide a systemd unit file for pkcsslotd but it is not installed by the ebuild. Moreover, there is no corresponding tmpfiles configuration for lock directories (without which the daemon fails to start). The files I shall post shortly attempt to address these issues, making it possible - at least on my system anyway - to launch openCryptoki and use its TPM back-end.
Created attachment 405670 [details] pkcsslotd.init.3 pkcsslotd init.d file updated for openCryptoki-3 by removing the call to pkcs11_startup.
Created attachment 405672 [details, diff] opencryptoki-3.3-conditional-manpages.patch A patch telling autoconf not to install man pages for binaries whose creation has been disable.
Created attachment 405674 [details, diff] opencryptoki-3.3-missing-sources-and-libraries.patch A patch adding some missing function declarations and sorting out linker symbols in back-end libraries. Based on a Fedora RPM patch for version 3.2. There are still some implicit-declaration warnings at build time but at least both the software and TPM-based tokens can now actually be used.
Created attachment 405676 [details] /usr/lib/tmpfiles.d/opencryptoki.conf systemd tmpfiles configuration files creating all the necessary lock directories
Created attachment 405678 [details] opencryptoki-3.3-r1.ebuild Updated ebuild file which pulls in the previous four files, activates installation of the upstream systemd unit file (patching it so that it uses /run directly instead of /var/run) and does not delete pre-generated /var/lib/opencryptoki from the image before installation.
We have both opencryptoki-3.4.1 and opencryptoki-3.6.1 in tree, please reopen if still relevant.
