search

Homebrew / homebrew-core

🍻 Default formulae for the missing package manager for macOS (or Linux)
https://brew.sh
BSD 2-Clause "Simplified" License
13.77k stars 12.45k forks source link

pkcs11-tool can't use libsofthsm2.so (softhsm pkcs11-tools) #107581

Closed oej closed 2 years ago

oej commented 2 years ago

brew gist-logs <formula> link OR brew config AND brew doctor output

% brew gist-logs softhsm
Error: No logs.
 % brew gist-logs pkcs11-tools
Error: No logs.

Brew doctor has no output related to these formula.

Verification

What were you trying to do (and why)?

I am trying to use pkcs11-tool to access keys in softhsm2.

What happened (include all command output)?

% pkcs11-tool --module /usr/local/lib/softhsm/libsofthsm2.so -T -O -I
sc_dlopen failed: dlopen(/usr/local/lib/softhsm/libsofthsm2.so, 0x0001): tried: '/usr/local/lib/softhsm/libsofthsm2.so' (code signature in <AAF19B8D-6DE8-387B-B1FF-748FD067CC4B> '/usr/local/Cellar/softhsm/2.6.1/lib/softhsm/libsofthsm2.so' not valid for use in process: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.), '/usr/local/Cellar/softhsm/2.6.1/lib/softhsm/libsofthsm2.so' (code signature in <AAF19B8D-6DE8-387B-B1FF-748FD067CC4B> '/usr/local/Cellar/softhsm/2.6.1/lib/softhsm/libsofthsm2.so' not valid for use in process: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.)
error: Failed to load pkcs11 module
Aborting.

What did you expect to happen?

Access to my softhsm2 keys, not the error message.

I guess it has something to do with library validation, since pkcs11-tool is using a library from another formula.

https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_disable-library-validation?language=objc

This on MacOS monterey, Intel CPU, MacBook pro 2018

Step-by-step reproduction instructions (by running brew commands)

see example above. You will need softhsm2 tokens initialised with keys.
SMillerDev commented 2 years ago

Brew doctor has no output related to these formula.

I think it's better to let the people who's help you're requesting determine this. Can you also post brew config?

see example above. You will need softhsm2 tokens initialised with keys.

Please provide a minimal example how to do this, there are far too many tools in Homebrew for the maintainers to know how to use all of them.

This can be re-opened once all required information is provided.

oej commented 2 years ago

brew config:

HOMEBREW_VERSION: 3.5.8
ORIGIN: https://github.com/Homebrew/brew
HEAD: ff9c2500195cc357d4a06f99d462f8d8a5d37892
Last commit: 3 days ago
Core tap ORIGIN: https://github.com/Homebrew/homebrew-core
Core tap HEAD: 59aa4f6640ea784e8ef883721d0f23ccd5875b59
Core tap last commit: 3 hours ago
Core tap branch: master
HOMEBREW_PREFIX: /usr/local
HOMEBREW_CASK_OPTS: []
HOMEBREW_DISPLAY: /private/tmp/com.apple.launchd.3r6sli0BCW/org.macosforge.xquartz:0
HOMEBREW_EDITOR: vi
HOMEBREW_MAKE_JOBS: 12
Homebrew Ruby: 2.6.8 => /System/Library/Frameworks/Ruby.framework/Versions/2.6/usr/bin/ruby
CPU: dodeca-core 64-bit kabylake
Clang: 13.1.6 build 1316
Git: 2.37.1 => /usr/local/bin/git
Curl: 7.79.1 => /usr/bin/curl
macOS: 12.3.1-x86_64
CLT: 13.4.0.0.1.1651278267
Xcode: 13.4.1
oej commented 2 years ago

Example on how to generate tokens in softhsm and using pkcs11-tool to access them: