softhsm: init -> 2.1.0 #12071
softhsm: init -> 2.1.0 #12071
Conversation
| meta = { | ||
| homepage = https://www.opendnssec.org/softhsm/; | ||
| description = "cryptographic store accessible through a PKCS #11 interface"; | ||
| license = stdenv.lib.licenses.bsd; |
There was a problem hiding this comment.
There is no stdenv.lib.licenses.bsd license
|
@leenaars Why close the pull request? More packages are always welcome. If my tone was too strict, i sincerely apologize. |
|
Hi there, Github automatically closed it when I send a forced updated of my branch on the server. I was trying to fix the commit while looking at the output of the continuous build, so I somehow missed your comments. I will resubmit, because it is really useful software. |
|
@leenaars strange, i always force-push my branches and github never closes it. |
|
I don't know what triggered it. I guess the fact that I removed the commits referenced in the pull request caused it. The whole juggling of branches has quite a learning curve anyway... I've fixed the space before the ], I'll research your comment on the /etc. Any suggestion? |
|
Searching through the repo it seems there are many packages that similarly use $out/etc. Any suggestions very welcome. |
|
It usually requires runtime configuration by systemd services. |
|
Softhsm is intended to be used mainly as a library [1], I'm told it in the typical usage scenario it is not actually necessary to configure it with systemd or the likes - if any configuration is needed at all, system variables will do. I've moved softhsm to development/libraries. I've also removed the unnecessary dependency on unzip, and checked that it still builds. [1] https://wiki.opendnssec.org/display/SoftHSMDOCS/SoftHSM+Documentation+v2.0 |
| @@ -3090,7 +3090,7 @@ let | |||
| }; | |||
|
|
|||
| snort = callPackage ../applications/networking/ids/snort { }; | |||
|
|
|||
There was a problem hiding this comment.
Please remove that trailing whitespace. :)
|
I have rebased the patch, and removed the extra spaces. |
| "--with-crypto-backend=botan" | ||
| "--with-botan=${botan}" | ||
| "--sysconfdir=$out/etc" | ||
| "--localstatedir=$out/var" |
There was a problem hiding this comment.
Does it expect to write things to $out/var ... because that would fail since it's not possible to write to the store. I'm not sure what the correct path would be, is there a suitable default?
There was a problem hiding this comment.
Usually we just use /var in the other recipes
|
@leenaars almost there ! Can you rebase and squash your commits ? |
leenaars
force-pushed
the
shsm
branch
2 times, most recently
from
e7fb109
to
4d19355
Compare
|
@zimbatm: I've rebased and squashed, and pointed localstatedir to /var. Anything else I should do? |
|
@leenaars /var/lib/softhsm/tokens is now part of the package but I suppose it needs to be writable right ? |
leenaars
force-pushed
the
shsm
branch
3 times, most recently
from
7840d24
to
dcc0bf1
Compare
|
@zimbatm: you are right, that is exactly where I got stuck. As you can see, I tried creating /var/lib/softhsm/tokens during preInstall, but even as root that action is not allowed. When localstatedir is set to /var, install-data-hook fails with "No such file or directory" ... |
|
It looks like you will have to patch the Makefile so it doesn't create these files/directories, or if they are needed let the Makefile install them into |
|
@leenaars either patch the Makefile or remove it after install: |
leenaars
force-pushed
the
shsm
branch
2 times, most recently
from
76096bf
to
e73d2e4
Compare
|
Meanwhile a new release has been made, v. 2.1.0. I've included that release with the suggestion from @zimbatm. Apologies for the long delay. |
|
👍 it looks like some of the earlier fixes has been lost so I fixed them and pushed 38c5319 to master. Thanks ! |
SoftHSM is an implementation of a cryptographic store accessible through a PKCS #11 interface. You can use it to explore PKCS #11 without having a Hardware Security Module. It is being developed as a part of the OpenDNSSEC project. SoftHSM uses Botan for its cryptographic operations.