Comment 1 Jeroen Roovers (RETIRED) 2019-03-11 17:44:43 UTC

(In reply to Liam Dennehy from comment #0)
> `dev-libs/opensc` provides the shared library '/usr/lib/opensc-pkcs11.so',
> but cannot communicate with smartcards without a base PKCS#11 provider.
> `dev-libs/libp11` provides '/usr/lib/engines/pkcs11.so' for this purpose.
> 
> Propose a 'pkcs11' USE flag (default: on) that will include dev-libs/libp11
> to provide this functionality out-the-box.

So the only reason to add USE=pkcs11 would be to both emerge libp11 and *re-emerge* opensc itself for no particular reason other than that its USE flags changed?

Comment 2 Alon Bar-Lev (RETIRED) 2019-03-11 18:11:03 UTC

dev-libs/opensc is a PKCS#11 provider, as any PKCS#11 provider any program that supports the PKCS#11 spec can use it.

dev-libs/libp11 is one among many libraries that simplifies PKCS#11 provider consumption. This means that libp11 should be pulled by applications that actually use it in order to access PKCS#11 provider and not by a random provider.

(In reply to Alon Bar-Lev from comment #2)
> dev-libs/opensc is a PKCS#11 provider, as any PKCS#11 provider any program
> that supports the PKCS#11 spec can use it.
> 
> dev-libs/libp11 is one among many libraries that simplifies PKCS#11 provider
> consumption. This means that libp11 should be pulled by applications that
> actually use it in order to access PKCS#11 provider and not by a random
> provider.

OpenSC's own turorials assume this library is present, and they own both sources. See:
https://github.com/OpenSC/OpenSC/wiki/Quick-Start-with-OpenSC#testing-using-openssl

It's a given from their view that OpenSC is installed along with this library. As no solid tutorial exists that works with Gentoo this is a good first step to simplify installation.

(In reply to Jeroen Roovers from comment #1)
> (In reply to Liam Dennehy from comment #0)
> So the only reason to add USE=pkcs11 would be to both emerge libp11
OpenSC's own tutorials assume libp11 present:
https://github.com/OpenSC/OpenSC/wiki/Quick-Start-with-OpenSC#testing-using-openssl

> ... and
> *re-emerge* opensc itself for no particular reason other than that its USE
> flags changed?
The aim is not to force a *re-emerge* of opensc for the sake of it. It's to get a build that runs their own tutorial on how to get started out-the-box, which is not as easy as it could be.

Is your objection to the flag being turned on by default, being present at all, or having the wrong name and package dep(s)?
I also don't know why I would explicitly install a library, adding it to world, instead of having it USEd by a package that clearly expects it...

If my proposal to add a USE flag is incorrect, I look forward to a proposed solution that helps people Get Started with more ease than the current situation. Maybe with a slightly less condescending tone.

(In reply to Alon Bar-Lev from comment #2)
> dev-libs/opensc is a PKCS#11 provider, as any PKCS#11 provider any program
> that supports the PKCS#11 spec can use it.
It is also a set of command-line utilities that can be used to build solutions that interact with smartcards, but issuing CSRs, signing and encrypting data with other command-line applications e.g. OpenSSL don't work without this library or other that provide similar capabilities.

> dev-libs/libp11 is one among many libraries that simplifies PKCS#11 provider
> consumption. This means that libp11 should be pulled by applications that
> actually use it in order to access PKCS#11 provider and not by a random
> provider.
That's exactly what I'm proposing: OpenSC - an application that actually uses libp11 as demonstrated in their own tutorial - should pull this in. Rather that make it a RDEPEND, I've acknowledged it's a crowded market and suggested a USE for the library they also wrote, instead of the current situation requiring a manual emerge of libp11 - should I be adding libraries to my world file?