[Opendnssec-develop] packaging questions about softhsm

Paul Wouters paul at xelerance.com
Fri Mar 4 16:48:56 UTC 2011

On Fri, 4 Mar 2011, Rickard Bellgrim wrote:

>> I'm packaging opendnssec for Fedora/RHEL/Centos and have a few questions.
> Rachid Zarouali, Ville Mattila, and Tim Verhoeven, on the user's list, were working on packaging opendnssec 6 months ago. Do not know the current status of that.

I did not know about that effort. I did not see anything in the RH bugzilla, so nothing has been
submitted yet.

>> - The libsofthsm.so is not versioned. This creates an error for packaging. Is
>>   there is reason behind this? Can numbered sonames be used?
> The version number in the library file name was dropped because SoftHSM was change from a shared library to a loadable module.

If it is a module and not a shared library, then it should not be installed in /usr/lib* ?
Perhaps a better place would be /usr/lib/softhsm/ ?

Is this module only loadable by opendnssec? If so, then it should probably be a sub package,
like opendnssec-softhsm.

>> - If a thirdparty would want to use libsofthsm, would they not need some
>>   include files? Currently none are installed. I assume they would need
>>   src/lib/Soft*.h ? I would like to install these in /usr/include/softhsm/
> That is the pkcs11.h from RSA Labs (or the Scute project). What do we think, should we install it?

That could cause issues with other packages, like cryptoki or bind-pkcs11.

I'll try to get some more enduser experience with the software so I understand the components
better, and then adjust the packaging.


More information about the Opendnssec-develop mailing list