Ubuntu
opencryptoki package

opencryptoki breaks p11-kit

Bug #1648634 reported by dwmw2
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
opencryptoki (Ubuntu)
Confirmed
Undecided
Unassigned
p11-kit (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

When opencryptoki is installed, it creates a symlink from /etc/pkcs11 to /var/lib/opencryptoki, which is readable only by root.

This means that anything using p11-kit to find the PKCS#11 modules which are configured to be available in the system (which is basically any well-behaved application) now breaks:

$ openconnect -c 'pkcs11:token=eToken;id=%01' server.example.com
POST https://server.example.com/
Attempting to connect to server [fec0::1]:443
p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Permission denied
Error loading certificate from PKCS#11: PKCS #11 initialization error.
Loading certificate failed. Aborting.

$ p11tool --list-tokens
p11-kit: couldn't open config file: /etc/pkcs11/pkcs11.conf: Permission denied
pkcs11_init: PKCS #11 initialization error.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in opencryptoki (Ubuntu):
status: New → Confirmed
Changed in p11-kit (Ubuntu):
status: New → Confirmed
Revision history for this message
Andreas Metzler (k-launchpad-downhill-at-eu-org) wrote :

This is Debian's https://bugs.debian.org/860903 which will hopefully be fixed by changing opencryptoki https://bugs.debian.org/864052

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.