Your message dated Sun, 13 Apr 2025 17:05:50 +0000 with message-id <e1u40me-00guyk...@fasolo.debian.org> and subject line Bug#1090077: fixed in secrets 11.0-2 has caused the Debian Bug report #1090077, regarding Secrets hard-codes OpenSC's PKCS11 module wrongly (cross-arch) and crashes trying to use it to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1090077: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090077 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: secrets Version: 9.6-2 Severity: normal X-Debbugs-CC: pykc...@packages.debian.org Control: found -1 10.1-1 Hi, While fooling around with Secrets and trying to open a password-protected database, I thought I'd push the refresh arrow on the smartcard list just to be silly. To my surprise, Secrets crashed: src/dyn_unix.c:34:SYS_dyn_LoadLibrary() /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so: cannot open shared object file: No such file or directory 16-12-24 02:30:09 | WARNING | Could not load pkcs11 library: Load (/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so) Traceback (most recent call last): File "/usr/lib/python3/dist-packages/gsecrets/provider/pkcs11_provider.py", line 158, in pkcs11_refresh self._pkcs11.load(const.PKCS11_LIB) File "/usr/lib/python3/dist-packages/PyKCS11/__init__.py", line 481, in load raise PyKCS11Error(rv, pkcs11dll_filename) PyKCS11.PyKCS11Error: Load (/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/lib/python3/dist-packages/gsecrets/provider/pkcs11_provider.py", line 161, in pkcs11_refresh task.return_error(err) There's a few things going on it seems. For some reason it tries to find OpenSC's PKCS #11 module, but I don't have it installed and I wonder why it's trying to look for it in the first place? The appeal of PKCS #11 is you can use any module you want according to your needs. I use Scute to do PKCS #11 operations using GnuPG's tools, and GNOME Keyring also (at least at one time?) also had a PKCS #11 module. OpenSC is definitely one of the more popular ones and it supports a wide variety of security modules, but I wonder where it's hard-coded that it should be tried in the first place? There's been a few initiatives within the GnuTLS, GNOME, and FreeDesktop.org ecosystems to make shims and things to make finding modules easier, so it seems especially strange it's not smart here. I'm sure if I install opensc-pkcs11 then the crash may not happen, but this should probably not be made a Depends or Recommends. Installing extraneous PKCS #11 modules increases the odds an application will try the wrong ones or keep exclusive access to cards. The whole point of PKCS #11 is that modules are swappable to accommodate different kinds of key stores and Secrets really shouldn't have any reason to want OpenSC in particular. This could be an issue in pykcs11; I don't know Python very well so maybe they can lay eyes on this. Thanks
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---Source: secrets Source-Version: 11.0-2 Done: Matthias Geiger <werdah...@debian.org> We believe that the bug you reported is fixed in the latest version of secrets, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1090...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Matthias Geiger <werdah...@debian.org> (supplier of updated secrets package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 13 Apr 2025 18:31:06 +0200 Source: secrets Architecture: source Version: 11.0-2 Distribution: unstable Urgency: medium Maintainer: Debian GNOME Maintainers <pkg-gnome-maintain...@lists.alioth.debian.org> Changed-By: Matthias Geiger <werdah...@debian.org> Closes: 1090077 Changes: secrets (11.0-2) unstable; urgency=medium . [ Jeremy BĂcha ] * Revert more commits that require asyncio from pygobject 3.52 including the fingerprint QuickUnlock feature . [ Matthias Geiger ] * d/control: Convert package to arch:any again (Closes: #1090077) Checksums-Sha1: 43933090ac59a6ef8946b5b7d2cebd548ee42ceb 1783 secrets_11.0-2.dsc 8dc6818246952fcfb4b55f0245ba1aa53a5a9ad3 13116 secrets_11.0-2.debian.tar.xz 143c24306dc6e29d979b4eddf717d66a474b3eb7 15264 secrets_11.0-2_amd64.buildinfo Checksums-Sha256: d7b5691fbab6846d2850b4d4eaa2163b7fe15f4a679265086e156da8c40fb391 1783 secrets_11.0-2.dsc ae51647eee5ec300c721ec20fc3a3a48cd5a6bbcec62bce3cf1a54676850960b 13116 secrets_11.0-2.debian.tar.xz a9e6ab562ebf77a68ea5d860c2faf4ea6939878d96eb5d7499e42bc2c24d587a 15264 secrets_11.0-2_amd64.buildinfo Files: 99d6989d91d0747e9b9c9e213b511619 1783 gnome optional secrets_11.0-2.dsc e6dac5324ca66e93fe7eb254d02b21a8 13116 gnome optional secrets_11.0-2.debian.tar.xz 8a44ab64c801c2d90eeb803b045900ae 15264 gnome optional secrets_11.0-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQQUWTv/Sl6/b+DpcW7svtu2B7myvgUCZ/vrHQAKCRDsvtu2B7my vqGvAQD52QQwEGywCgy/OOPhUDCRXW59B5sZhNTZsHYzT2FV4QD/dSfQWefKvxnB mM5L8YBhV4E+MtmB/HcyfSkAD2bd9gg= =rpvD -----END PGP SIGNATURE-----
Description: PGP signature
--- End Message ---
