Add in the ability to dynamically adjust module path at run-time via system environmental exports #103
+102
−3
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…system environmental exports Background: While trying to integrate PKCS11+HSM into a build system (Yocto Project), we wanted the build system to be able to use the HSM directly. However, The Yocto Project creates a sandboxed environment for each package which uses CCID during compilation. This means that the CCID modules cannot be found from within these sandboxed directories, as their paths are non-determinable at compile time. OpenSSL appears to use OPENSSL_CONF for this sort of dynamic configuration, so I've followed their lead and incorporated a similar ccid_getenv() method.
LudovicRousseau
requested changes
Nov 7, 2022
There was a problem hiding this comment.
The CCID could also call the HPGetenv() function directly from the pcscd binary.
So no need to define a similar function for the CCID driver.
And the ./configure argument --enable-usbdropdir= could be removed.
macOS is a special case that can be handled easily.
| @@ -0,0 +1,59 @@ | |||
| /* | |||
There was a problem hiding this comment.
The CCID driver already include code from PCSC (in PCSC/ subdiretory).
I propose to have the ccid_getenv() function only in PCSC source code and reuse it for CCID.
The name ccid_getenv() could be changed to something more generic.
LudovicRousseau
pushed a commit
to LudovicRousseau/CCID-debug
that referenced
this pull request
Nov 8, 2022
Add in the ability to dynamically adjust module path at run-time via system environmental exports Background: While trying to integrate PKCS11+HSM into a build system (Yocto Project), we wanted the build system to be able to use the HSM directly. However, The Yocto Project creates a sandboxed environment for each package which uses CCID during compilation. This means that the CCID modules cannot be found from within these sandboxed directories, as their paths are non-determinable at compile time. OpenSSL appears to use OPENSSL_CONF for this sort of dynamic configuration, so I've followed their lead and incorporated a similar SYS_GetEnv() method. LudovicRousseau/CCID#103
LudovicRousseau
pushed a commit
to LudovicRousseau/CCID-debug
that referenced
this pull request
Nov 8, 2022
Add in the ability to dynamically adjust module path at run-time via system environmental exports Background: While trying to integrate PKCS11+HSM into a build system (Yocto Project), we wanted the build system to be able to use the HSM directly. However, The Yocto Project creates a sandboxed environment for each package which uses CCID during compilation. This means that the CCID modules cannot be found from within these sandboxed directories, as their paths are non-determinable at compile time. OpenSSL appears to use OPENSSL_CONF for this sort of dynamic configuration, so I've followed their lead and incorporated a similar SYS_GetEnv() method. LudovicRousseau/CCID#103
LudovicRousseau
pushed a commit
to LudovicRousseau/CCID-debug
that referenced
this pull request
Nov 8, 2022
Add in the ability to dynamically adjust module path at run-time via system environmental exports Background: While trying to integrate PKCS11+HSM into a build system (Yocto Project), we wanted the build system to be able to use the HSM directly. However, The Yocto Project creates a sandboxed environment for each package which uses CCID during compilation. This means that the CCID modules cannot be found from within these sandboxed directories, as their paths are non-determinable at compile time. OpenSSL appears to use OPENSSL_CONF for this sort of dynamic configuration, so I've followed their lead and incorporated a similar SYS_GetEnv() method. LudovicRousseau/CCID#103
|
Fixed in 209f459 Thanks |
I was just making your suggested changes and you beat me to it. Looks good! Thanks |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add in the ability to dynamically adjust module path at run-time via system environmental exports
Background: While trying to integrate PKCS11+HSM into a build system (Yocto Project), we wanted the build system to be able to use the HSM directly. However, The Yocto Project creates a sandboxed environment for each package which uses CCID during compilation. This means that the CCID modules cannot be found from within these sandboxed directories, as their paths are non-determinable at compile time. OpenSSL appears to use OPENSSL_CONF for this sort of dynamic configuration, so I've followed their lead and incorporated a similar ccid_getenv() method.