[Kernel-packages] [Bug 2042677] Re: [UBUNTU 23.04] PKCS#11 Applications fail to find libopencryptoki.so library due to missing /etc/ld.so.conf.d entry.

[Frank Heimes]

Well, if I'm not mistaken this was discussed in LP#2022088, comment #4:
https://bugs.launchpad.net/ubuntu/+source/opencryptoki/+bug/2022088/comments/4

And based on this, the quilt patch debian/patches/03-dlopen-soname.patch
got expanded.

How does your 'ec_tests -slot 0' output look like?

My attempt:

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 23.04
Release:        23.04
Codename:       lunar
$ apt-cache policy opencryptoki libopencryptoki0 libopencryptoki-dev
opencryptoki:
  Installed: 3.20.0+dfsg-0ubuntu1.1
  Candidate: 3.20.0+dfsg-0ubuntu1.1
  Version table:
 *** 3.20.0+dfsg-0ubuntu1.1 500
        500 http://ports.ubuntu.com/ubuntu-ports lunar-updates/universe s390x 
Packages
        100 /var/lib/dpkg/status
     3.20.0+dfsg-0ubuntu1 500
        500 http://ports.ubuntu.com/ubuntu-ports lunar/universe s390x Packages
libopencryptoki0:
  Installed: 3.20.0+dfsg-0ubuntu1.1
  Candidate: 3.20.0+dfsg-0ubuntu1.1
  Version table:
 *** 3.20.0+dfsg-0ubuntu1.1 500
        500 http://ports.ubuntu.com/ubuntu-ports lunar-updates/universe s390x 
Packages
        100 /var/lib/dpkg/status
     3.20.0+dfsg-0ubuntu1 500
        500 http://ports.ubuntu.com/ubuntu-ports lunar/universe s390x Packages
libopencryptoki-dev:
  Installed: 3.20.0+dfsg-0ubuntu1.1
  Candidate: 3.20.0+dfsg-0ubuntu1.1
  Version table:
 *** 3.20.0+dfsg-0ubuntu1.1 500
        500 http://ports.ubuntu.com/ubuntu-ports lunar-updates/universe s390x 
Packages
        100 /var/lib/dpkg/status
     3.20.0+dfsg-0ubuntu1 500
        500 http://ports.ubuntu.com/ubuntu-ports lunar/universe s390x Packages
# sudo vi /etc/apt/sources.list   # enable deb-src for universe and 
universe-updates
$ sudo apt update && sudo apt full-upgrade
$ sudo apt-get --yes build-dep opencryptoki
$ sudo apt --yes install automake libtool m4 autoconf flex bison libcap-dev 
expect # libudev-dev
$ git clone https://github.com/opencryptoki/opencryptoki
$ cd opencryptoki
$ sudo -i
$ ./bootstrap.sh
$ ./configure --enable-testcases
$ make
$ sudo ./testcases/crypto/ec_tests -slot 0
Using slot #0...

With option: no_init: 0
------
* TESTCASE run_GenerateECCKeyPairSignVerify BEGIN Starting ECC generate key 
pair with pkey=0 ...
* TESTCASE run_GenerateECCKeyPairSignVerify ERROR 
(testcases/crypto/ec_func.c:1538)) C_OpenSession() rc = CKR_TOKEN_NOT_PRESENT
------
* TESTCASE run_ImportECCKeyPairSignVerify BEGIN Starting ECC import key pair 
with pkey=0 ...
* TESTCASE run_ImportECCKeyPairSignVerify ERROR 
(testcases/crypto/ec_func.c:1684)) C_OpenSession() rc = CKR_TOKEN_NOT_PRESENT
------
* TESTCASE run_TransferECCKeyPairSignVerify BEGIN Starting ECC transfer key 
pair with pkey=0 ...
* TESTCASE run_TransferECCKeyPairSignVerify ERROR 
(testcases/crypto/ec_func.c:1854)) C_OpenSession() rc = CKR_TOKEN_NOT_PRESENT
------
* TESTCASE run_DeriveECDHKey BEGIN starting run_DeriveECDHKey with pkey=0 ...
* TESTCASE run_DeriveECDHKey ERROR (testcases/crypto/ec_func.c:391)) 
C_OpenSession() rc = CKR_TOKEN_NOT_PRESENT
------
* TESTCASE run_DeriveECDHKeyKAT BEGIN starting run_DeriveECDHKeyKAT with pkey=0 
...
* TESTCASE run_DeriveECDHKeyKAT ERROR (testcases/crypto/ec_func.c:925)) 
C_OpenSession() rc = CKR_TOKEN_NOT_PRESENT
------
* TESTSUITE run_DeriveBTC BEGIN starting run_DeriveBTC with pkey=0 ...
* TESTCASE run_DeriveBTC ERROR (testcases/crypto/ec_func.c:2492)) 
C_OpenSession() rc = CKR_TOKEN_NOT_PRESENT
Total=0, Ran=0, Passed=0, Failed=0, Skipped=0, Errors=6 (total elapsed time 0s 
196us)

Well, errors, but no obvious crash.
syslog shows:

2023-11-27T15:03:07.490186+00:00 hwe0002 ec_tests:
usr/lib/cca_stdll/cca_specific.c token_specific_init: Error loading
library: 'libcsulcca.so' [libcsulcca.so: cannot open shared object file:
No such file or directory]

2023-11-27T15:03:08.046466+00:00 hwe0002 ec_tests:
usr/lib/ep11_stdll/ep11_specific.c ep11_load_host_lib: Error loading
shared library 'libep11.so[.4][.3|.2|.1]' [libep11.so: cannot open
shared object file: No such file or directory]

But that is because I have no libcsulcca.so, nor libep11 installed ...

Installing csulcca gets me along the first msg.

But right now I don't have a new enough libep11 - the latest I have
still wants  libssl1.0.0 or libssl1.1.

What is the exact output that you get?
Where do you see the error - in the terminal where you call ec_tests or in the 
logs?

(Btw. same output for mantic and jammy).

** Package changed: linux (Ubuntu) => opencryptoki (Ubuntu)

** Also affects: ubuntu-z-systems
   Importance: Undecided
       Status: New

** Changed in: ubuntu-z-systems
     Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2042677

Title:
  [UBUNTU 23.04] PKCS#11 Applications fail to find libopencryptoki.so
  library due to missing /etc/ld.so.conf.d entry.

Status in Ubuntu on IBM z Systems:
  New
Status in opencryptoki package in Ubuntu:
  New

Bug description:
  --- Problem Description by Grgo M.@IBM ---
  PKCS#11 Applications fail to find libopencryptoki.so library due to missing 
/etc/ld.so.conf.d entry.
   
  ---uname output---
  Linux SYSTEM 6.2.0-34-generic #34-Ubuntu SMP Mon Sep  4 12:26:49 UTC 2023 
s390x s390x s390x GNU/Linux
   
  Machine Type = Manufacturer:         IBM Type:                 3931  Model:   
             704              A01 Sequence Code:        0000000000065DC8 
   

  ---Steps to Reproduce---
  Use any application which uses dlopen interface to load libopencryptoki.so 
library.
  e.g. build opencryptoki testcases manually from official opencryptoki sources.

  # git clone https://github.com/opencryptoki/opencryptoki
  # cd opencryptoki
  # ./bootstrap.sh
  # ./configure --enable-testcases
  # make
  # ./testcases/crypto/ec_tests -slot 0
   
  Userspace tool common name: opencryptoki 3.20.0+dfsg-0ubuntu1.1 
   
  The userspace tool has the following bit modes: 64bit 

  Userspace rpm: opencryptoki

  Userspace tool obtained from project website:  na

  == Comment: #2 <Ingo F.> - 2023-11-03 04:24:48 ==
  Opencryptoki generates an appropriate ld.so.conf.d entry 
/etc/ld.so.conf.d/opencryptoki-$(target_cpu).conf during 'make install'. 
  Ubuntu should include this into its package to allow applications to find the 
libopencryptoki.so library when using dlopen().

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/2042677/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp