[Opendnssec-develop] packaging questions about softhsm

Rickard Bellgrim rickard.bellgrim at iis.se
Mon Mar 7 08:57:56 UTC 2011

On 4 mar 2011, at 17.48, Paul Wouters wrote:

>>> - The libsofthsm.so is not versioned. This creates an error for packaging. Is
>>>  there is reason behind this? Can numbered sonames be used?
>> The version number in the library file name was dropped because SoftHSM was change from a shared library to a loadable module.
> If it is a module and not a shared library, then it should not be installed in /usr/lib* ?
> Perhaps a better place would be /usr/lib/softhsm/ ?

Yes, perhaps. What do you think Jakob?

> Is this module only loadable by opendnssec? If so, then it should probably be a sub package,
> like opendnssec-softhsm.

It can be loaded by any application that supports PKCS#11.

>>> - If a thirdparty would want to use libsofthsm, would they not need some
>>>  include files? Currently none are installed. I assume they would need
>>>  src/lib/Soft*.h ? I would like to install these in /usr/include/softhsm/
>> That is the pkcs11.h from RSA Labs (or the Scute project). What do we think, should we install it?
> That could cause issues with other packages, like cryptoki or bind-pkcs11.

If you would like to develop something with SoftHSM, then you download the header from RSA or Scute. The header is not SoftHSM specific, but is more generic for any type of PKCS#11 provider.

// Rickard

More information about the Opendnssec-develop mailing list