OpenConnect 7.08 release

David Woodhouse dwmw2 at
Wed Dec 14 00:36:56 PST 2016

On Tue, 2016-12-13 at 15:32 -0800, Mike Miller wrote:
> On Tue, Dec 13, 2016 at 22:50:55 +0000, David Woodhouse wrote:
> > 
> > On Tue, 2016-12-13 at 14:42 -0800, Mike Miller wrote:
> > > 
> > > Any thoughts about how to make the contents of softhsm2.module more
> > > distro-agnostic?
> > Build it (from the distro's own one) at configure time? We already
> > build softhsm2.conf from anyway.
> Sorry, I was jumping back to the .module file here, not the .conf file.
> The softhsm2.module file in the release has a hardcoded path to
> /usr/lib64. It's a one-liner and easy enough to overwrite here, but will
> probably trip up others too.

Right. I was saying that we already create the .conf file at configure
time, so we could create the .module file then too.

But then again... why? My proposal for discovering where SoftHSM2
resides was just to look for an existing p11-kit module file in the
system's configuration. And if we're going to require that the distro's
packaging of SoftHSM is correct and installs it with a p11-kit .module
file... then why do we need to bother messing with $HOME and providing
our own in the first place?

Let's just drop the whole nonsense and rely on the system packaging
SoftHSM2 correctly. Does that seem reasonable? I suppose we could also
add a --with-softhsm2= configure argument, but I'd prefer not to.

> --- a/tests/auth-pkcs11
> +++ b/tests/auth-pkcs11
> @@ -36,7 +36,8 @@ for TOKEN in ${pkcs11_tokens}; do
>      for KEY in ${pkcs11_keys}; do
>  	echo -n "Connecting to obtain cookie (token ${TOKEN} key ${KEY})... "
>  	CERTURI="pkcs11:token=${TOKEN};${KEY};pin-value=1234"
> -	( echo "test" | HOME=${srcdir} SOFTHSM2_CONF=softhsm2.conf \
> +	export SOFTHSM2_CONF=softhsm2.conf
> +	( echo "test" | HOME=${srcdir} \

Without a comment explaining why it's done, that *is* going to get
broken again in future. And I'm confused — what *is* the requirement?
It can't be that dash doesn't let you set more than one environment
variable at a time in the command line before the executable, because
it's still setting both $HOME and $LD_PRELOAD. So what's going on? I'd
quite like to see an explicit reference here to either the POSIX shell
specification, or a filed dash bug.

More information about the openconnect-devel mailing list