control: severity -1 grave This bug, along with various rounds of passive-aggressive finger-pointing among the involved projects, has been around for a few years now and it's getting more frustrating every time I look at it.
As I found out this week, it has only gotten worse from stretch to buster: For stretch (OpenVPN 2.4.0/pkcs11-helper 1.21-1), I was able to work around any issues (#772812) by rebuilding OpenVPN without systemd support so that no external program was spawned via a callback function for reading a passphrase for the YubiKey I use. At some point, opensc itself in stretch got broken by a botched "security" update (#910786), but that's an unrelated issue and not relevant for buster. For buster (OpenVPN 2.4.6/pkcs11-helper 1.25.1), this is not enough: OpenVPN hangs when trying to call an external program (in our case: "/sbin/ip link set dev $DEV up mtu $MTU"). On a more positive note, I'd really like to get this fixed for buster: The only other relevant libpkcs11-helper1 reverse dependency seems to be gnupg-pkcs11-scd. Would we break that if we built pkcs11-helper with "--disable-threading" and "--disable-slotevent"? Cheers, -Hilko
