Re: gnome-keyring Question about gck & modules

[Stef Walter <stefw collabora co uk>]

Hey Vincent! I hope it's okay that I CC this to the list, since perhaps
other packagers may have the same question.

On 2010-12-19 09:53, Vincent Untz wrote:
> One thing that is a bit weird is that gck looks for modules in
> /usr/lib/pkcs11 (that's PKCS11_REGISTRY_DIR). But the various stores
> from pkcs11/ are still installed in
> /usr/lib/gnome-keyring/{devel,standalone}. I didn't try yet, but that
> sounds wrong. Am I missing something?

The standalone modules in /usr/lib/gnome-keyring/devel are for testing
and debugging. As you noted they're not installed to a consistent
location. I've fixed it so they all go to /usr/lib/gnome-keyring/devel
rather than 'standalone'.

These same modules are also compiled into gnome-keyring-daemon, which is
where they are primarily used. The PKCS#11 modules compiled into
gnome-keyring-daemon are exposed via the gnome-keyring-pkcs11.so module
which is installed in /usr/lib/pkcs11.

Currently nearly all PKCS#11 calls go through gnome-keyring-pkcs11.so
which uses a simple RPC to access gnome-keyring-daemon (and the real
modules).

In the future I hope that certain PKCS#11 modules (especially those for
read-only access to stuff) will not need to be accessed via
gnome-keyring-daemon but can be used directly.

The modules in /usr/lib/pkcs11 are the ones used on the desktop.
Currently this is only gnome-keyring-pkcs11.so

You can choose not to package the standalone modules, or perhaps make
them part of the dev package as that's the sort of thing they're used
for. For example, empathy loads one of the standalone modules in its tests.

Cheers,

Stef