[Opendnssec-user] softhsmv2 bugs

Paul Wouters paul at nohats.ca
Tue Aug 5 19:59:05 UTC 2014


I did a softhsm v1 to v2 migration for opendnssec, which seemed to have
worked:

softhsm2-util --init-token --slot 0 --label "OpenDNSSEC" --pin 1234 --so-pin 1234
softhsm2-migrate --db /var/softhsm/slot0.db --pin 1234 --slot 0

this worked after chowning the files to the user ods.

Then I ran (for testing):

softhsm2-util --init-token --slot 6 --label "delme" --pin 1234 --so-pin 1234
softhsm2-util --init-token --slot 1 --label "delme" --pin 1234 --so-pin 1234

The first gave an error about the slot number. The second one worked. I
guess it always has slotsused+1 slots.

However, softhsm2-util --show-slots shows that both slot 0 and slot 1
now have the "delme" label. So my slot 0 with OpenDNSSEC became
unusable.

Another softhsmv2 problem occurs in "make check":

make  check-TESTS
make[5]: Entering directory
`/root/rpmbuild/BUILD/softhsm-2.0.0a2/src/lib/object_store/test'
mkdir: cannot create directory `testdir': File exists
mkdir: cannot create directory `testdir': File exists
mkdir: cannot create directory `testdir': File exists
mkdir: cannot create directory `testdir': File exists
mkdir: cannot create directory `testdir': File exists
mkdir: cannot create directory `testdir': File exists
mkdir: cannot create directory `testdir': File exists
mkdir: cannot create directory `testdir': File exists
mkdir: cannot create directory `testdir': File exists
mkdir: cannot create directory `testdir': File exists
mkdir: cannot create directory `testdir': File exists
mkdir: cannot create directory `testdir': File exists
mkdir: cannot create directory `testdir': File exists
mkdir: cannot create directory `testdir': File exists
mkdir: cannot create directory `testdir': File exists
/bin/sh: line 5:  1631 Segmentation fault      ${dir}$tst
FAIL: objstoretest
==================
1 of 1 test failed

gdb shows:

Program received signal SIGSEGV, Segmentation fault.
ObjectStore::getToken (this=0x0, whichToken=0) at ObjectStore.cpp:123
123		MutexLocker lock(storeMutex);
Missing separate debuginfos, use: debuginfo-install
cppunit-1.12.1-3.1.el6.x86_64 glibc-2.12-1.132.el6_5.2.x86_64
libgcc-4.4.7-4.el6.x86_64 libstdc++-4.4.7-4.el6.x86_64
openssl-1.0.1e-16.el6.7.x86_64 sqlite-3.6.20-1.el6.x86_64
zlib-1.2.3-29.el6.x86_64
(gdb) bt
#0  ObjectStore::getToken (this=0x0, whichToken=0) at
ObjectStore.cpp:123
#1  0x00000000004c5b57 in test_a_newly_created_object_store_containing_two_tokens::tearDown (this=0x73f130) at DBObjectStoreTests.cpp:105
#2  0x00007ffff7dd5d3a in CppUnit::TestCaseMethodFunctor::operator()() const () from /usr/lib64/libcppunit-1.12.so.1
#3  0x00007ffff7dcb064 in CppUnit::DefaultProtector::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) ()
    from /usr/lib64/libcppunit-1.12.so.1
#4  0x00007ffff7dd2647 in CppUnit::ProtectorChain::protect(CppUnit::Functor const&, CppUnit::ProtectorContext const&) ()
    from /usr/lib64/libcppunit-1.12.so.1
#5  0x00007ffff7ddb854 in CppUnit::TestResult::protect(CppUnit::Functor const&, CppUnit::Test*, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) () from /usr/lib64/libcppunit-1.12.so.1
#6  0x00007ffff7dd5a92 in CppUnit::TestCase::run(CppUnit::TestResult*)
() from /usr/lib64/libcppunit-1.12.so.1
#7  0x00007ffff7dd60c3 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) () from /usr/lib64/libcppunit-1.12.so.1
#8  0x00007ffff7dd5fe6 in CppUnit::TestComposite::run(CppUnit::TestResult*) () from /usr/lib64/libcppunit-1.12.so.1
#9  0x00007ffff7dd60c3 in CppUnit::TestComposite::doRunChildTests(CppUnit::TestResult*) () from /usr/lib64/libcppunit-1.12.so.1
#10 0x00007ffff7dd5fe6 in CppUnit::TestComposite::run(CppUnit::TestResult*) () from /usr/lib64/libcppunit-1.12.so.1
#11 0x00007ffff7ddb5fa in CppUnit::TestResult::runTest(CppUnit::Test*) () from /usr/lib64/libcppunit-1.12.so.1
#12 0x00007ffff7ddd573 in CppUnit::TestRunner::run(CppUnit::TestResult&, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) () from /usr/lib64/libcppunit-1.12.so.1
#13 0x00007ffff7ddfa4b in CppUnit::TextTestRunner::run(std::basic_string<char, std::char_traits<char>, std::allocator<char> >, bool, bool, bool)
     () from /usr/lib64/libcppunit-1.12.so.1
#14 0x0000000000407cab in main () at objstoretest.cpp:45


Oh, and the build originally failed with an undefined
SQLITE_DBCONFIG_ENABLE_FKEY. I grepped through the sqlite3
include files but it was not there. A search found:
https://www.sqlite.org/c3ref/c_dbconfig_enable_fkey.html
So I just changed it to the value 1002 for now as workaround.

As a feature request, it would be nice to get a free slot similar with
losetup -d, or allow the init operation to tell you which new slot
number it used. And to be able to get the slot number for a label.

Right now, I have to assume opendnssec is the first (only?) slot user
for softhsm at slot 0.

Paul



More information about the Opendnssec-user mailing list