Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Paths for .so file are wrong on Ubuntu #6

Closed
markstos opened this issue Jan 28, 2020 · 6 comments
Closed

Paths for .so file are wrong on Ubuntu #6

markstos opened this issue Jan 28, 2020 · 6 comments

Comments

@markstos
Copy link
Contributor

The correct path for the .so file on Ubuntu varies depending on the architecture. A complete list of the file paths used is here:

https://packages.ubuntu.com/search?searchon=contents&keywords=opensc-pkcs11.so+&mode=exactfilename&suite=eoan&arch=any

The most common one used would be:

   /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so

I'm not sure how you want to handle this in the documentation. Maybe in one step instruct users to export a shell variable with the right path, and then refer to the variable in the remaining shell commands. That would keep most the commands as "copy/pasteable" for most users.
@markstos
Copy link
Contributor Author

Other than the issues I reported, I was able to successfully work through the Howto on Ubuntu 19.10!

Thanks a lot for posting this. The other Howto that involved GPG was so complex that I eventually gave up. Even if I got it to work, it wasn't something that I could recommend to co-workers and it seemed like to break over time.

This is simpler!

@jamesog
Copy link
Owner

jamesog commented Jan 28, 2020

That is an interesting issue. Is the ssh-agent on Ubuntu compiled to allow this path for PKCS whitelist? If not we'd also have to recommend using adding -P /usr/lib/x86_64-linux-gnu when ssh-agent is started.

For dpkg-based systems you can use dpkg-query to list which package and the full path a file comes from, so maybe we could create a shell function wrapping that to output the full path to the library, e.g.

opensc_lib_path() {
  dpkg-query -S '*/ssh-agent' | awk '{print $2}'
}

ssh-agent -P $(opensc_lib_path)

Glad you found the found the guide useful otherwise!

@markstos
Copy link
Contributor Author

The ssh-agent integration was the one piece I didn't test last night. I'll test that tonight.

@markstos
Copy link
Contributor Author

On Ubuntu 18.04, I can programmatically find the right path to the .so file like this:

    dpkg -S opensc-pkcs11.so | grep -v onepin | head -1 | cut -d ' ' -f 2

@markstos
Copy link
Contributor Author

I tested the agent integration on Ubuntu 18.04 and it worked. I used ssh -v to confirm I was using the key intended.

The "whitelisted paths" concern you raised will not be a problem. According to man ssh_config, the default whitelisted path includes /usr/lib/* and the *.so files on Ubunt are underneath that path in all cases.

@markstos
Copy link
Contributor Author

I don't use Ubuntu anymore and it looks the yubikey-agent project is recommended instead of this one anyway, so closing this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@markstos @jamesog