Package: libtpm2-pkcs11-1 Version: 1.5.0-4 Severity: wishlist X-Debbugs-Cc: nicolas.iooss_debb...@m4x.org
Dear Maintainer, When trying to use p11-kit with tpm2-pkcs11, p11-kit does not find any PKCS#11 token. This is because there is not file for tpm2-pkcs11 in /usr/share/p11-kit/modules/. tpm2-pkcs11's upstream provides such a configuration file in https://salsa.debian.org/debian/tpm2-pkcs11/-/blob/01411a3855e39173c6d886455a3d5148f94188d1/misc/p11-kit/tpm2_pkcs11.module and it gets automatically installed if ./configure detects that p11-kit is installed. So a possible fix consists in adding p11-kit in the build dependencies and add /usr/share/p11-kit/modules/tpm2_pkcs11.module to one of the debian/....install files of tpm2-pkcs11 package. Another way of fixing this could consists in installing "by hand" the module without relying on ./configure auto-detection feature. Then, even when /usr/share/p11-kit/modules/tpm2_pkcs11.module is present, p11-kit still does not work: $ p11-kit list-modules -v p11-kit: couldn't load module: /usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.so: /usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.so: cannot open shared object file: No such file or directory By adding a symlink like what opensc-pkcs11 does, this finally make p11-kit find the PKCS#11 token provided by tpm2-pkcs11: $ sudo ln -s ../libtpm2_pkcs11.so.1 /usr/lib/x86_64-linux-gnu/pkcs11/libtpm2_pkcs11.so $ p11-kit list-modules -v tpm2_pkcs11: libtpm2_pkcs11.so library-description: TPM2.0 Cryptoki library-manufacturer: tpm2-software.github.io library-version: 0.0 token: manufacturer: Nuvoton ... In short, in order to use p11-kit with tpm2-pkcs11, two things are currently missing: a configuration file in /usr/share/p11-kit/modules and a symlink in /usr/lib/x86_64-linux-gnu/pkcs11. Could you please consider adding these files to a package? Regards, Nicolas Iooss -- System Information: Debian Release: 11.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.11.0-25-generic (SMP w/8 CPU threads) Kernel taint flags: TAINT_OOT_MODULE Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: unable to detect Versions of packages libtpm2-pkcs11-1 depends on: ii libc6 2.31-12 ii libsqlite3-0 3.34.1-3 ii libssl1.1 1.1.1k-1 ii libtss2-esys-3.0.2-0 3.0.3-2 ii libtss2-mu0 3.0.3-2 ii libtss2-rc0 3.0.3-2 ii libtss2-tctildr0 3.0.3-2 ii libyaml-0-2 0.2.2-1 libtpm2-pkcs11-1 recommends no packages. libtpm2-pkcs11-1 suggests no packages. -- no debconf information
