Fixing NSS and p11-kit in Fedora (and beyond)
Stef Walter
stefw at redhat.com
Fri Dec 12 05:44:36 PST 2014
On 12.12.2014 14:22, David Woodhouse wrote:
> On Fri, 2014-12-12 at 12:02 +0100, Stef Walter wrote:
>>> Yeah. I'm severely tempted at least to file an overall tracker bug for
>>> the "feature", and file individual bugs against all the packages that
>>> need to be "fixed" to comply with the vision. It'll make it much easier
>>> to track. Any objections?
>>
>> There's nothing to object to. That makes sense.
>
> https://bugzilla.redhat.com/showdependencytree.cgi?id=1173546
>
>> $ sudo certutil -d sql:/etc/pki/nssdb -L
>> certutil: function failed: SEC_ERROR_PKCS11_GENERAL_ERROR: A PKCS #11
>> module returned CKR_GENERAL_ERROR, indicating that an unrecoverable
>> error has occurred.
>
> Joy. Remind me again why you're happy for NSS softokn to be one of the
> default writable tokens on the system and ditch that functionality from
> gnome-keyring-pkcs11? :)
Because I don't have time to maintain it, or finish it, and the
implementation is woefully incomplete. It was short sighted of me to
think I could implement something complete.
But p11-kit has the functionality to remote PKCS#11 now ... with more
work on it's way (thanks Nikos). It could (with a bit more work) run
PKCS#11 modules in a daemon ... coordinate their writability etc.
Stef
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/p11-glue/attachments/20141212/56c6bb36/attachment.sig>
More information about the p11-glue
mailing list