Re: gnome-keyring PKCS#11 config file /etc/xdg/pkcs11.conf[.defaults]



On Thu, Jan 6, 2011 at 4:16 PM, Stef Walter <stef-list thewalter net> wrote:

> After trying to implement this, we figured out that it's not possible to
> lock down settings for just part of dconf/gsettings on an otherwise
> non-locked-down system. So we're back to a file for this.
> In line with Dan's suggestion about not using /etc/xdg (unless we commit
> to the whole standard) I've changed things around a bit:
> The configuration files are at: /etc/pkcs11/pkcs11-options and
> /etc/pkcs11/pkcs11-options.defaults. The latter is installed, and the
> former contains overrides (if present).
> The format still uses the 'Desktop entry' format [1]

What kind of information do you store there? For gnutls what
we need there is a list of libraries to load to access objects,
and optionally a library that (might) provide faster crypto
operations.

We need the former because loading all libraries from /usr/lib/pkcs11
from [2] is not practical. At least in my system there are some debugging
libraries that print funny messages to the stderr, and similar libraries
that provide the same objects (e.g. libopensc and libopensc-one or something
like that). Thus we need a config file that will specify the exact libraries
for applications to use in order to access objects.

> [2] http://wiki.cacert.org/Pkcs11TaskForce#PKCS11_in_FHS_Proposal

regards,
Nikos


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]