Description of problem: Although the softhsm PKCS#11 module is added to the system's default NSS database /etc/pki/nssdb it cannot be accessed by NSS utilities because it is not in the standard library search path. Version-Release number of selected component (if applicable): softhsm-2.0.0b1-3.fc22 How reproducible: Steps to Reproduce: 1. modutil lists the softhsm module but reports no token # softhsm2-util --init-token --slot 0 --label 'Test Token' --so-pin 12345678 --pin 123456 The token has been initialized. # modutil -dbdir /etc/pki/nssdb -list Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal PKCS #11 Module slots: 2 slots attached status: loaded slot: NSS Internal Cryptographic Services token: NSS Generic Crypto Services slot: NSS User Private Key and Certificate Services token: NSS Certificate DB 2. SoftHSM PKCS #11 Module library name: libsofthsm2.so slots: There are no slots attached to this module status: Not loaded ----------------------------------------------------------- 2. strace shows that libsofthsm2.so is not found # strace -f -eopen modutil -dbdir /etc/pki/nssdb -list 2>&1 | grep softhsm open("/lib64/tls/x86_64/libsofthsm2.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) open("/lib64/tls/libsofthsm2.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) open("/lib64/x86_64/libsofthsm2.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) open("/lib64/libsofthsm2.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) open("/usr/lib64/tls/x86_64/libsofthsm2.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) open("/usr/lib64/tls/libsofthsm2.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) open("/usr/lib64/x86_64/libsofthsm2.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) open("/usr/lib64/libsofthsm2.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) library name: libsofthsm2.so 3. After linking softhsm2.so to /usr/lib64 modutil works as expected: # ln -s /usr/lib64/pkcs11/libsofthsm2.so /usr/lib64 # modutil -dbdir /etc/pki/nssdb -list Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal PKCS #11 Module slots: 2 slots attached status: loaded slot: NSS Internal Cryptographic Services token: NSS Generic Crypto Services slot: NSS User Private Key and Certificate Services token: NSS Certificate DB 2. SoftHSM PKCS #11 Module library name: libsofthsm2.so slots: 2 slots attached status: loaded slot: SoftHSM slot 0 token: Test Token slot: SoftHSM slot 1 token: ----------------------------------------------------------- Additional info: It looks like most other packages with PKCS#11 modules like coolkey or opensc make the modules available in /usr/lib64/pkcs11 and /usr/lib64 by linking one to the other. opencryptoki creates a file with the library path in /etc/ld.so.conf.d and calls ldconfig during installation. But adding /usr/lib64/pkcs11 here might not be a good idea since the directory is used by other packages as well.
I do not need the softlink when using softhsm-2.0.0rc1-3.fc23.x86_64 Can you check if this is now also resolved for you?
oops. test error. configured the fix.
softhsm-2.1.0-1.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-40cd1f94ba
softhsm-2.1.0-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-c43dd0091f
softhsm-2.1.0-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-376bda6d1d
softhsm-2.1.0-1.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-40cd1f94ba
softhsm-2.1.0-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-c43dd0091f
softhsm-2.1.0-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-376bda6d1d
softhsm-2.1.0-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
softhsm-2.1.0-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
softhsm-2.1.0-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
Grrr. Sumit, this bug is bogus. NSS is broken and should be using the system-configured tokens. This was really just another symptom of bug 1173577 Please don't propagate the broken workarounds for NSS.
David, I agree with you. But my point was since the softhsm package calls 'softhsm2-pk11install -p %{nssdb} 'name=%{softhsm_module} library=libsofthsm2.so' in %post it should end up in a working state. Maybe it would make sense to open tickets to remove the explicit addition of PKCS#11 modules to /etc/pki/nssdb in the softhsm and other packages for PKCS#11 modules?