Ubuntu
opencryptoki package

  1. Bug #2003668
  2. Comment #12

Comment 12 for bug 2003668

Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2023-11-09 06:37 EDT-------
Hi Steve,

I mostly agree with your objections. Let me add some details about a few items.

- pkg-config: an un-versioned build dependency should be sufficient

- libssl3: This dependency is a bit tricky. We depend on the major version 3 of openssl (aka libssl). This is already covered, because the package name includes the major version number. Unfortunately, the openssl project made some important changes to the provider API, which we also require. Therefore, the provider module will only work with openssl/libssl3-versions >= 3.0.8.

- libopencryptoki0: The openssl-pkcs11-sign-provider module .so does not have a hard dependency in the dynamic section, but it should be able to load at least one pkcs#11 module (via dlopen). So the dependency to a pkcs#11 library depends on the config. Maybe the package does not have/need a runtime dependency to opencryptoki at all.

- license: I also agree on that. The packaging files can be licensed under any opensource license. If the ubuntu guidelines require GPL here, I'm ok with that.