release libp11 as an independent lib?

classic Classic list List threaded Threaded
27 messages Options
12
Reply | Threaded
Open this post in threaded view
|

release libp11 as an independent lib?

Ludovic Rousseau
Hello,

I am working on a possible release of libp11 alone (without opensc).

What I made:
- create empty AUTHORS, NEWS, INSTALL and README files. These files
should be filled.
- create a COPYING file with the licence text from p11_slot.c (OpenSSL
licence). More on this later, particularly for Olaf
- copy rsaref/ directory from src/pkcs11/rsaref/ (use symbolic links
like in src/include/opensc/rsaref/)
- linked files from src/scdl into a local scdl/ directory
- copy libpkcs11.c from src/pkcs11/ this file need to be reworked a
bit regarding includes
- copy bootstrap from OpenSC main directory
- thanks to subversion it is possible to use symbolic links and not
duplicate source code.

Whay I changed:
- Makefile.am
 . add SUBDIRS = rsaref scdl
 . add libpkcs11.c in libp11_la_SOURCES
 . rename OPENSC_LT_CURRENT, etc. by LIBP11_LT_CURRENT, etc. the
library version is not linked to OpenSC


The open questions:
- the libp11 is only used by src/sslengines/engine_pkcs11.c. Maybe you
should distribute the libp11 alone and build the ssl engines only if
the libp11 is available?
I would not like to have two sources of distribution for libp11 (alone
and included in OpenSC). That would be the source of major problems.
- may I commit my changes or do you want to discuss a bit more first?

The licence problem:
- The licence included in nearly all the .c file is a verbatim copy of
the OpenSSL licence
- The licence text contains things like "Copyright (c) 1999 The
OpenSSL Project" or "THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT
``AS IS''". I do not know how much code comes from OpenSSL. Maybe not
a single line has been copied? Olaf can you tell us about this? I
don't kow if it is a good idea to reference the OpenSSL project as the
author/provider of libp11.
- can we use the LGPL licence also used by OpenSC?

Thanks,

--
 Dr. Ludovic Rousseau
 For private mail use [hidden email] and not "big brother" Google
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: release libp11 as an independent lib?

Olaf Kirch
Hi Ludovic,

On Thu, Aug 18, 2005 at 10:38:38AM +0200, Ludovic Rousseau wrote:

> The licence problem:
> - The licence included in nearly all the .c file is a verbatim copy of
> the OpenSSL licence
> - The licence text contains things like "Copyright (c) 1999 The
> OpenSSL Project" or "THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT
> ``AS IS''". I do not know how much code comes from OpenSSL. Maybe not
> a single line has been copied? Olaf can you tell us about this? I
> don't kow if it is a good idea to reference the OpenSSL project as the
> author/provider of libp11.
> - can we use the LGPL licence also used by OpenSC?

I think I originally included the license because I planned to contribute
this to the OpenSSL project. I probably should have known better than
to copy the Copyright line itself :-(

I'm fine with changing the license to something else, such as the LGPL,
but I'm not sure what this means legally. At least we need a nod from
everyone who contributed.

Olaf
--
Olaf Kirch   |  --- o --- Nous sommes du soleil we love when we play
[hidden email] |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: release libp11 as an independent lib?

Ludovic Rousseau
On 18/08/05, Olaf Kirch <[hidden email]> wrote:

> On Thu, Aug 18, 2005 at 10:38:38AM +0200, Ludovic Rousseau wrote:
> > The licence problem:
> > - The licence included in nearly all the .c file is a verbatim copy of
> > the OpenSSL licence
> > - The licence text contains things like "Copyright (c) 1999 The
> > OpenSSL Project" or "THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT
> > ``AS IS''". I do not know how much code comes from OpenSSL. Maybe not
> > a single line has been copied? Olaf can you tell us about this? I
> > don't kow if it is a good idea to reference the OpenSSL project as the
> > author/provider of libp11.
> > - can we use the LGPL licence also used by OpenSC?
>
> I think I originally included the license because I planned to contribute
> this to the OpenSSL project. I probably should have known better than
> to copy the Copyright line itself :-(
>
> I'm fine with changing the license to something else, such as the LGPL,
> but I'm not sure what this means legally. At least we need a nod from
> everyone who contributed.

>From the source code I find your name Olaf Kirch <[hidden email]> and
also Kevin Stefanik <[hidden email]> in p11_ops.c

>From the subversion logs I find nils (Nils Larsch), ludovic.rousseau
(myself), sth (Stef Hoeben?), aj (Andreas Jellinghaus).

Every participant I know is a destination of this mail (sorry for the
duplicate with opensc-devel). If I forgot someone please tell me.

The question guys is: do you accept to change the licence of libp11
from OpenSSL licence to GNU LGPL v2.1 or later?

Thanks,

--
 Dr. Ludovic Rousseau
 For private mail use [hidden email] and not "big brother" Google
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: release libp11 as an independent lib?

Kevin Stefanik
On Thursday 18 August 2005 05:19, Ludovic Rousseau wrote:

> On 18/08/05, Olaf Kirch <[hidden email]> wrote:
> > On Thu, Aug 18, 2005 at 10:38:38AM +0200, Ludovic Rousseau wrote:
> > > The licence problem:
> > > - The licence included in nearly all the .c file is a verbatim copy of
> > > the OpenSSL licence
> > > - The licence text contains things like "Copyright (c) 1999 The
> > > OpenSSL Project" or "THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT
> > > ``AS IS''". I do not know how much code comes from OpenSSL. Maybe not
> > > a single line has been copied? Olaf can you tell us about this? I
> > > don't kow if it is a good idea to reference the OpenSSL project as the
> > > author/provider of libp11.
> > > - can we use the LGPL licence also used by OpenSC?
> >
> > I think I originally included the license because I planned to contribute
> > this to the OpenSSL project. I probably should have known better than
> > to copy the Copyright line itself :-(
> >
> > I'm fine with changing the license to something else, such as the LGPL,
> > but I'm not sure what this means legally. At least we need a nod from
> > everyone who contributed.
>
> From the source code I find your name Olaf Kirch <[hidden email]> and
> also Kevin Stefanik <[hidden email]> in p11_ops.c
>
> From the subversion logs I find nils (Nils Larsch), ludovic.rousseau
> (myself), sth (Stef Hoeben?), aj (Andreas Jellinghaus).
>
> Every participant I know is a destination of this mail (sorry for the
> duplicate with opensc-devel). If I forgot someone please tell me.
>
> The question guys is: do you accept to change the licence of libp11
> from OpenSSL licence to GNU LGPL v2.1 or later?
>
> Thanks,

Almost all of that work (up until a few months back at least), was Olaf's.  
Whatever bits I contributed can be be licensed in any way he agrees to.

Kevin
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: release libp11 as an independent lib? [u]

Andreas Jellinghaus-2
In reply to this post by Ludovic Rousseau
Fine with me.

> From the source code I find your name Olaf Kirch <[hidden email]> and
> also Kevin Stefanik <[hidden email]> in p11_ops.c
>
> From the subversion logs I find nils (Nils Larsch), ludovic.rousseau
> (myself), sth (Stef Hoeben?), aj (Andreas Jellinghaus).
>
> Every participant I know is a destination of this mail (sorry for the
> duplicate with opensc-devel). If I forgot someone please tell me.
>
> The question guys is: do you accept to change the licence of libp11
> from OpenSSL licence to GNU LGPL v2.1 or later?

fine with me.

thanks for pushing these changes.

Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: release libp11 as an independent lib? [u]

Andreas Jellinghaus-2
In reply to this post by Ludovic Rousseau
Hi Ludovic,

is did similar changes, but haven't merged them so far.
and not released the stand alone package.

What does everyone think about this:
 - duplicate src/pkcs11/libpkcs11.c, it is used by libp11 and pcks11-tool.
   it has 78 lines including comments: C_UnloadModule and C_LoadModule.

 - I'd don't want every project to copy libscdl. I don't think that part
   of the code is maintained, and there is a cross plattform library that
   does the same: libltdl3 - comes with libtool.
   the only problem: libltdl3 might not be available on windows.

   So what about a simple #ifdef construct to use our native code on
   windows and libltdl3 everywhere else?

 - pkcs11 header. for some reason we don't have the latest headers files
   from rsa labs, but our own. the only modification is - as far as I know -
   we have unix.h and windows.h, they have similar defines in cryptoki.h.
   it might be nice to move to the standard headers?
   I don't see a problem with libp11 having it's own copy of those headers
   if necessary. it should not install those headers. maybe neither should
   opensc?

> - create empty AUTHORS, NEWS, INSTALL and README files. These files
> should be filled.

not sure. maybe create a wiki and ship libp11 with a html copy of it?
works fine for openct in my opinion.

how exactly do you want to store the "framework"?
maybe keep it somewhere, so all we need is to copy in src/libp11/ from
opensc repository? we could put it in svn branches/libp11-frame or
something like that.

> - thanks to subversion it is possible to use symbolic links and not
> duplicate source code.

so you need to checkout full opensc and those files?

> The open questions:
> - the libp11 is only used by src/sslengines/engine_pkcs11.c. Maybe you
> should distribute the libp11 alone and build the ssl engines only if
> the libp11 is available?

the reason I don't want this is regression tests. currently none use
openssl, but I hope we manage to write some. if we remove the engines,
then we can't test it or need to duplicate the testing infrastructure.

> I would not like to have two sources of distribution for libp11 (alone
> and included in OpenSC). That would be the source of major problems.

hmm, my basic plan was to do exactly that. but maybe you are right.
what does everyone else thing about it? I think martin also suggested
splitting libp11 and the engines off opensc.

also two packages are three times harder for most users than only
one package :(

> - may I commit my changes or do you want to discuss a bit more first?

can you post a diff or tar.gz first, so we can see the exact changes?

also, if we make libp11 a standalone library, we could do so with
a svn and trac on it's own. do we want that?

what about the p11 pam modules? include them in such a library?
or keep them standalone, too? or merge with pam_pkcs11?

Guess I don't want the configure script in lib_p11 to have pam
dependencies. if we have several packages anyway, we should
try to keep each package as simple as possible?

Regards, Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: release libp11 as an independent lib? [u]

Nils Larsch
Andreas Jellinghaus [c] wrote:
...
>  - I'd don't want every project to copy libscdl. I don't think that part
>    of the code is maintained, and there is a cross plattform library that
>    does the same: libltdl3 - comes with libtool.
>    the only problem: libltdl3 might not be available on windows.

according to [1] the standard way seems to be to include the c file
in the project and use this version if there's no libltdl

Nils

[1] http://www.gnu.org/software/libtool/manual.html#Distributing-libltdl
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: release libp11 as an independent lib? [u]

Ludovic Rousseau
In reply to this post by Andreas Jellinghaus-2
On 18/08/05, Andreas Jellinghaus [c] <[hidden email]> wrote:
> Hi Ludovic,

Hello,

> is did similar changes, but haven't merged them so far.
> and not released the stand alone package.
>
> What does everyone think about this:
>  - duplicate src/pkcs11/libpkcs11.c, it is used by libp11 and pcks11-tool.
>    it has 78 lines including comments: C_UnloadModule and C_LoadModule.

I do not like code duplication but why not.

>  - I'd don't want every project to copy libscdl. I don't think that part
>    of the code is maintained, and there is a cross plattform library that
>    does the same: libltdl3 - comes with libtool.
>    the only problem: libltdl3 might not be available on windows.
>
>    So what about a simple #ifdef construct to use our native code on
>    windows and libltdl3 everywhere else?

I did not know libltdl. According to my
/usr/share/libtool/libltdl/ltdl.c Windows is supported. OK to use
libltdl.


> > - create empty AUTHORS, NEWS, INSTALL and README files. These files
> > should be filled.
>
> not sure. maybe create a wiki and ship libp11 with a html copy of it?
> works fine for openct in my opinion.

I don't care _how_ we put data in those files. A copy from a wiki page is fine.

> how exactly do you want to store the "framework"?

What framework?

> > The open questions:
> > - the libp11 is only used by src/sslengines/engine_pkcs11.c. Maybe you
> > should distribute the libp11 alone and build the ssl engines only if
> > the libp11 is available?
>
> the reason I don't want this is regression tests. currently none use
> openssl, but I hope we manage to write some. if we remove the engines,
> then we can't test it or need to duplicate the testing infrastructure.

I don't want to remove the engines. Just to have a conditional
compilation so users will not have to install libp11 if they do not
use the engines.

> > - may I commit my changes or do you want to discuss a bit more first?
>
> can you post a diff or tar.gz first, so we can see the exact changes?

OK. I will build one and put it somewhere.

> also, if we make libp11 a standalone library, we could do so with
> a svn and trac on it's own. do we want that?

Something similar you did for pam_pkcs11? OK for me.

> what about the p11 pam modules? include them in such a library?
> or keep them standalone, too? or merge with pam_pkcs11?

No. The idea is to split libp11 from OpenSC, not to merge it into
something else.

> if we have several packages anyway, we should
> try to keep each package as simple as possible?

Exact. And each package should have its own release cycle.

Bye,

--
 Dr. Ludovic Rousseau
 For private mail use [hidden email] and not "big brother" Google
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: release libp11 as an independent lib? [u]

Ludovic Rousseau
In reply to this post by Andreas Jellinghaus-2
On 18/08/05, Andreas Jellinghaus [c] <[hidden email]> wrote:

> > - may I commit my changes or do you want to discuss a bit more first?
>
> can you post a diff or tar.gz first, so we can see the exact changes?

You can get it from
http://ludovic.rousseau.free.fr/softwares/libp11-0.1.0.tar.gz

Bye,

--
 Dr. Ludovic Rousseau
 For private mail use [hidden email] and not "big brother" Google
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: release libp11 as an independent lib? [u]

Andreas Jellinghaus-2
In reply to this post by Ludovic Rousseau
Hi Ludovic,

On Monday 22 August 2005 10:01, Ludovic Rousseau wrote:

> >  - I'd don't want every project to copy libscdl. I don't think that part
> >    of the code is maintained, and there is a cross plattform library that
> >    does the same: libltdl3 - comes with libtool.
> >    the only problem: libltdl3 might not be available on windows.
> >
> >    So what about a simple #ifdef construct to use our native code on
> >    windows and libltdl3 everywhere else?
>
> I did not know libltdl. According to my
> /usr/share/libtool/libltdl/ltdl.c Windows is supported. OK to use
> libltdl.

yes, since I posted, I had a look at the source and they do exactly what we
do, except more (for older windows versions, cygwin, etc.). So we gain
more compatibility by switiching to ltdl.

> > > - create empty AUTHORS, NEWS, INSTALL and README files. These files
> > > should be filled.
> >
> > not sure. maybe create a wiki and ship libp11 with a html copy of it?
> > works fine for openct in my opinion.
>
> I don't care _how_ we put data in those files.
> A copy from a wiki page is fine.

do we need those names? or simply include a doc/ directory?
(automake foreign option and we don't need them. without it automake is strict
 and wants them.)

> > how exactly do you want to store the "framework"?
>
> What framework?

in the case we keep libp11 in opensc as it is now, and only
have an extra tar file for standalone distribution, where would
we keep the extra files for that standalone tar file only?

that long questions indicates: it might be not the best idea.

> > > The open questions:
> > > - the libp11 is only used by src/sslengines/engine_pkcs11.c. Maybe you
> > > should distribute the libp11 alone and build the ssl engines only if
> > > the libp11 is available?
> >
> > the reason I don't want this is regression tests. currently none use
> > openssl, but I hope we manage to write some. if we remove the engines,
> > then we can't test it or need to duplicate the testing infrastructure.
>
> I don't want to remove the engines. Just to have a conditional
> compilation so users will not have to install libp11 if they do not
> use the engines.

hmm, I always thought of libp11 like something on top of opensc.
but if we make it standalone, it can be compiled before opensc,
and thus the engine could use libp11 code.

but I don't care much about engine_opensc, as it has limits, only
about engine_pkcs11. it doesn't use anything else in opensc except
libp11, so it would be strange to keep it in opensc.

except for the regression test option.

so we can either keep libp11 and the engine in opensc, or splitt
of both into one package, or split them off in seperate packages.


> > can you post a diff or tar.gz first, so we can see the exact changes?
> OK. I will build one and put it somewhere.

thanks.

> > also, if we make libp11 a standalone library, we could do so with
> > a svn and trac on it's own. do we want that?
>
> Something similar you did for pam_pkcs11? OK for me.
>
> > what about the p11 pam modules? include them in such a library?
> > or keep them standalone, too? or merge with pam_pkcs11?
>
> No. The idea is to split libp11 from OpenSC, not to merge it into
> something else.

sure. but I'm also trying to get the big picture. with 0.9.*
people needed to compile only two packages: openct and opensc.

what will they need to do with 0.10.*?
openct + opensc + libp11 + pam_p11 + engine_p11?

sure, modular, each package simple (compared to the big
and complex opensc 0.9.*). but still a lot of work for
those who compile themself.

> Exact. And each package should have its own release cycle.

hmm. starting a new thread on the split topic, so we get more
feedback.

Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: release libp11 as an independent lib? [u]

Andreas Jellinghaus-2
In reply to this post by Ludovic Rousseau
On Monday 22 August 2005 15:25, Ludovic Rousseau wrote:
> You can get it from
> http://ludovic.rousseau.free.fr/softwares/libp11-0.1.0.tar.gz

Hi Ludovic,

I checked in libp11 as new stanalone package, but used my own
code / opensc and openct code for most parts. Did you change
anything in your version except the license and adding some stubs?

I too moved libp11 to use ltdl. Also it is now using cryptoki
header files, but I had to add a small change to make it compile
on linux (see README). there is also a trac installation with minimal
documentation, and that documentation was exported to doc/ directory
within the source.

I guess todo is:
 - move structures and defines from libp11.h to libp11-int.h
 - add get functions for all structure members.
to make the library more likely to stay compatible while developing.
also we should have an api documentation (in doxygen?).

can you have a look and check if I missed anything?

thanks for your help.

Regards, Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: release libp11 as an independent lib? [u]

Ludovic Rousseau
On 25/08/05, Andreas Jellinghaus [c] <[hidden email]> wrote:
> On Monday 22 August 2005 15:25, Ludovic Rousseau wrote:
> > You can get it from
> > http://ludovic.rousseau.free.fr/softwares/libp11-0.1.0.tar.gz
>
> Hi Ludovic,

Hello,

> I checked in libp11 as new stanalone package, but used my own
> code / opensc and openct code for most parts. Did you change
> anything in your version except the license and adding some stubs?

- You lost the change I just commited [1]. I redid it.
- The files rsaref/*.h are in DOS mode, with ^M at the end of each
line. Is it mandatory? I guess you used a new version from RSA labs
since the files now contains a copyright.
- src/libpkcs11.c still uses scdl instead of ltdl.
- pkcs11_find_key() is removed from src/p11_key.c. This function was
not used but I would have enclosed the code in #if 0 [...] #endif
instead of removing it. Maybe we will need it in the future.
- doc/export-wiki.sh is not executable. Is there a SVN command to
change execution bits.
- You should not use "MAINTAINERCLEANFILES = Makefile.in". See [2].
The important part is "However maintainer-clean should not delete
anything that needs to exist in order to run ./configure && make."

> I guess todo is:
>  - move structures and defines from libp11.h to libp11-int.h

Do not move structures or defines that are used by libp11.h. I would
not like to have libp11-int.h in /usr/include/ just to be included by
libp11.h.

>  - add get functions for all structure members.
> to make the library more likely to stay compatible while developing.

Isn't it a bit overkill? If we need to change the fields of a
structure we can increment the library major number. I prefer to keep
the lib as simple as possible.

> also we should have an api documentation (in doxygen?).

Yes. I will start documenting what I understand :-)
I think it would be fine to have the html documentation pages avaible
on the web site, right?

> can you have a look and check if I missed anything?

Add an entry on the OpenSC main webpage?

Bye,

[1] http://opensc.org/pipermail/opensc-commits/2005-August/003605.html
[2] http://www.gnu.org/software/automake/manual/html_mono/automake.html.gz#Clean

--
 Dr. Ludovic Rousseau
 For private mail use [hidden email] and not "big brother" Google
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: release libp11 as an independent lib? [u]

Andreas Jellinghaus-2
On Thursday 25 August 2005 15:50, Ludovic Rousseau wrote:
> - You lost the change I just commited [1]. I redid it.
yes, thank you.

> - The files rsaref/*.h are in DOS mode, with ^M at the end of each
> line. Is it mandatory? I guess you used a new version from RSA labs
> since the files now contains a copyright.
hmm, that is the native file format. should I convert them to unix format?

> - src/libpkcs11.c still uses scdl instead of ltdl.
oops, yes. fixed.

> - pkcs11_find_key() is removed from src/p11_key.c. This function was
> not used but I would have enclosed the code in #if 0 [...] #endif
> instead of removing it. Maybe we will need it in the future.

oh, I didn't notice I hadn't commited that in opensc already.
But that functionality (string parsing) should not be part of
libp11 but done by applications, I think.

> - doc/export-wiki.sh is not executable. Is there a SVN command to
> change execution bits.

thanks, fixed. svn propset svn:executable ON export-wiki.sh

> - You should not use "MAINTAINERCLEANFILES = Makefile.in". See [2].
> The important part is "However maintainer-clean should not delete
> anything that needs to exist in order to run ./configure && make."

you qoute one possible policy. opensc policy is to not put the files
generated by the bootstrap script into svn, and have "make maintainerclean"
remove all such files. that is my personal preference, so I implemented
it that way. but I'd be happy to accept whatever policy the majority wants.

> > I guess todo is:
> >  - move structures and defines from libp11.h to libp11-int.h
>
> Do not move structures or defines that are used by libp11.h. I would
> not like to have libp11-int.h in /usr/include/ just to be included by
> libp11.h.

noone intents to install libp11-int.h. but the intention is to make
all user visivle structures anonymous, so the elements in those
structures can only be accessed within libp11 functions. all applications
using libp11 would need to call a get_whatever function.

that has two advantages:
a) API designed in this way is much more likely to remain stable even if
internal structures change.
b) we need to look at each value, and decide whether that value is internal,
is readable by the api user, or is read and writeable by the api user.
also we need to discuss whether we pass references or copies of a value
i.e. whether you need to free a string you got / whether some value could
become invalid.

I have not much clue how libp11 reacts to new readers / readers gone / new
cards / cards gone etc. but we need to look at that and document the result,
I think.

> >  - add get functions for all structure members.
> > to make the library more likely to stay compatible while developing.
>
> Isn't it a bit overkill? If we need to change the fields of a
> structure we can increment the library major number. I prefer to keep
> the lib as simple as possible.

I don't know. it is only a propsal yet, I guess trying to implement it
and changeing pam_p11 will tell me whether or not it is feasible.

writing get functions is simple, I guess. the hard part is to decide
if you are allowed to change any value, and how to deal with the dynamic
smart card world.

> > also we should have an api documentation (in doxygen?).
>
> Yes. I will start documenting what I understand :-)
great. if you know doxygen: a config file and a single function
documented would help me to see how it is done, so I can help
in. somehow I didn't find time to get realy started.

> I think it would be fine to have the html documentation pages avaible
> on the web site, right?

we have a (oops currently broken) cron job to generate man pages each
night and put them online. will fix that, and write a cron job to put
the documentation online as well.

or we could have a live checkout. or can you access files in svn directly?
I guess so. so if we put the documentation in svn, you can access it via
http://www.opensc.org/svn/libp11/trunk/doc/... I guess, but I need to
try.

oops, no, does not work, mod_svn does not set the content type to text/html.
maybe we can do that with a svn property? or have real checkout somewhere.

> Add an entry on the OpenSC main webpage?

shall I do that already? or wait till we have a 0.1 version ready?

Regards, Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: release libp11 as an independent lib? [u]

Ludovic Rousseau
On 25/08/05, Andreas Jellinghaus [c] <[hidden email]> wrote:
> On Thursday 25 August 2005 15:50, Ludovic Rousseau wrote:
> > - The files rsaref/*.h are in DOS mode, with ^M at the end of each
> > line. Is it mandatory? I guess you used a new version from RSA labs
> > since the files now contains a copyright.
> hmm, that is the native file format. should I convert them to unix format?

I do not like to see ^M in my vi. Since you already edited the files
to make them compile under Linux I think we can edit them a bit more ?
:-)

> > - You should not use "MAINTAINERCLEANFILES = Makefile.in". See [2].
> > The important part is "However maintainer-clean should not delete
> > anything that needs to exist in order to run ./configure && make."
>
> you qoute one possible policy. opensc policy is to not put the files
> generated by the bootstrap script into svn, and have "make maintainerclean"
> remove all such files. that is my personal preference, so I implemented
> it that way. but I'd be happy to accept whatever policy the majority wants.

I vote for the "GNU Makefile Standards". Do we have a majority now? :-)

> > Do not move structures or defines that are used by libp11.h. I would
> > not like to have libp11-int.h in /usr/include/ just to be included by
> > libp11.h.
>
> noone intents to install libp11-int.h. but the intention is to make
> all user visivle structures anonymous, so the elements in those
> structures can only be accessed within libp11 functions. all applications
> using libp11 would need to call a get_whatever function.
>
> that has two advantages:
> a) API designed in this way is much more likely to remain stable even if
> internal structures change.
> b) we need to look at each value, and decide whether that value is internal,
> is readable by the api user, or is read and writeable by the api user.
> also we need to discuss whether we pass references or copies of a value
> i.e. whether you need to free a string you got / whether some value could
> become invalid.

I suggest to declare strings as "const char *" to mark them read-only.
But not implement accessors.

> I have not much clue how libp11 reacts to new readers / readers gone / new
> cards / cards gone etc.

During my use of libp11 I noticed that you need to call
PKCS11_enumerate_slots() if you want to find new PKCS#11 tokens (card
or reader inserted). If I remember correctly you have to call
pkcs11_destroy_all_slots() first to force a slot enumeration (I don't
have the code at hand).
A function is then missing since pkcs11_destroy_all_slots() is
supposed to be internal only.

> but we need to look at that and document the result, I think.

Sure.

> > >  - add get functions for all structure members.
> > > to make the library more likely to stay compatible while developing.
> >
> > Isn't it a bit overkill? If we need to change the fields of a
> > structure we can increment the library major number. I prefer to keep
> > the lib as simple as possible.
>
> I don't know. it is only a propsal yet, I guess trying to implement it
> and changeing pam_p11 will tell me whether or not it is feasible.

The question is not if it is feasible but if is is useful. I think it
is a lot of complexity and performance loss for a (very) little gain.

> writing get functions is simple, I guess. the hard part is to decide
> if you are allowed to change any value, and how to deal with the dynamic
> smart card world.

I had a look at p11_slot.c and the strings are allocated by libp11. So
they will not dispear if/when the PKCS#11 token disapears. They will
just not be up to date. With accessors we will have to deal with a new
layer of memory allocation and free.

> > I think it would be fine to have the html documentation pages avaible
> > on the web site, right?
>
> we have a (oops currently broken) cron job to generate man pages each
> night and put them online. will fix that, and write a cron job to put
> the documentation online as well.

OK.

> > Add an entry on the OpenSC main webpage?
>
> shall I do that already? or wait till we have a 0.1 version ready?

No problem. I will need to have an "offical" version of libp11 so I
hope we can make a 0.1.0 release soon (by mid-september 2005?)

I noticed that the doc/*.html files are archived in subversion. Is
this a good idea since these files are generated from the wiki pages?
How/when are we supposed to commit the changes in svn?

Bye,

--
 Dr. Ludovic Rousseau
 For private mail use [hidden email] and not "big brother" Google
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: release libp11 as an independent lib? [u]

Andreas Jellinghaus-2
On Thursday 25 August 2005 23:15, Ludovic Rousseau wrote:
> I do not like to see ^M in my vi. Since you already edited the files
> to make them compile under Linux I think we can edit them a bit more ?
> :-)

done.

> I vote for the "GNU Makefile Standards". Do we have a majority now? :-)

and I for keeping it like it is. tied so far 1:1 :)
what does everyone else prefer?
(yes, any annonymous lurker can swing the vote by submitting a patch and
voting! your big chance! don't miss it! :-) )
 
> > > Add an entry on the OpenSC main webpage?
> >
> > shall I do that already? or wait till we have a 0.1 version ready?
>
> No problem. I will need to have an "offical" version of libp11 so I
> hope we can make a 0.1.0 release soon (by mid-september 2005?)

lets say: first release once engine_pkcs11 is split, too,
and we disabled the code in opensc? maybe this weekend.

> I noticed that the doc/*.html files are archived in subversion. Is
> this a good idea since these files are generated from the wiki pages?
> How/when are we supposed to commit the changes in svn?

yes, as I wrote to laurent: I'm inconsistend. But I feel it is better
this way, as a normal developer can simply checkout, change, commit,
and for the documentation: directly edit the wiki. He doesn't need
to have the tools for the doc/ update, he can simply drop me a mail,
wait for my next refresh, or of course do that himself.

In the past documentation tools were always a pain - like people
had no xslt processor, or a different one with different options,
or not the right style sheet, etc. So currently my aim is:
unless you want to fiddle with the documentation, simply consider
those static files and leave them alone, so you won't have any
trouble at all.

btw: to update the wiki, simply run "export-wiki.sh".
if there are new or removed wiki pages, you need to edit
Makefile.am to reflect that. should work fine. and no configure
code needed for that :) (ok, it fails if you don't have bash,
xsltproc, sed and wget.)

Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: release libp11 as an independent lib? [u]

Martin Preuss-2
In reply to this post by Ludovic Rousseau
Hi,

On Thursday 25 August 2005 23:15, Ludovic Rousseau wrote:
[...]
> > > >  - add get functions for all structure members.
> > > > to make the library more likely to stay compatible while developing.
> > >
> > > Isn't it a bit overkill? If we need to change the fields of a
> > > structure we can increment the library major number. I prefer to keep
> > > the lib as simple as possible.
[...]
Yes, you could just increase the library number, but that would automatically
make it necessary for depending programs to be recompiled to take advantage
of the new version.
That delayes the entrance of such new library versions into the distributions
(because nobody likes to make himself more work than necessary. And having to
re-compile all depending programs qualifies as "much work" :-)


Regards
Martin

--
"Things are only impossible until they're not"

AqBanking - http://www.aquamaniac.de/aqbanking/
LibChipcard - http://www.libchipcard.de/
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: release libp11 as an independent lib? [u]

Ludovic Rousseau
On 26/08/05, Martin Preuss <[hidden email]> wrote:

> On Thursday 25 August 2005 23:15, Ludovic Rousseau wrote:
> [...]
> > > > >  - add get functions for all structure members.
> > > > > to make the library more likely to stay compatible while developing.
> > > >
> > > > Isn't it a bit overkill? If we need to change the fields of a
> > > > structure we can increment the library major number. I prefer to keep
> > > > the lib as simple as possible.
> [...]
> Yes, you could just increase the library number, but that would automatically
> make it necessary for depending programs to be recompiled to take advantage
> of the new version.

Two possibilities:
- the new version is ABI compatible so no need to recompile your application
- the new version is NOT ABI compatible so you need to recompile and
maybe even modify your application if the API changed.

Note that you can have different versions of the same lib installed at
the same time. It is not a perfect solution but you do not _force_ any
application to be recompiled. A working application will continue to
work with the old lib.

> That delayes the entrance of such new library versions into the distributions
> (because nobody likes to make himself more work than necessary. And having to
> re-compile all depending programs qualifies as "much work" :-)

That will not delay anything. A distribution can contain different
versions of libp11 if needed.

For example I have GTK+ 2.0 installed on my system even if many
applications are still using GTK+ 1.2. Both libs are installed.

I like to keep the code as simple as possible. If libp11 is a fast
moving target and we then have problems I may change my mind.

Bye,

--
 Dr. Ludovic Rousseau
 For private mail use [hidden email] and not "big brother" Google
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: release libp11 as an independent lib? [u]

Ludovic Rousseau
In reply to this post by Andreas Jellinghaus-2
On 25/08/05, Andreas Jellinghaus [c] <[hidden email]> wrote:

> On Thursday 25 August 2005 23:15, Ludovic Rousseau wrote:
> > I noticed that the doc/*.html files are archived in subversion. Is
> > this a good idea since these files are generated from the wiki pages?
> > How/when are we supposed to commit the changes in svn?
>
> yes, as I wrote to laurent: I'm inconsistend. But I feel it is better
> this way, as a normal developer can simply checkout, change, commit,
> and for the documentation: directly edit the wiki. He doesn't need
> to have the tools for the doc/ update, he can simply drop me a mail,
> wait for my next refresh, or of course do that himself.

The documentation should always be available online. The wiki pages
are natively online. The Doxygen pages should be online with your cron
job to build them automatically. So no need to also have them in
subversion.

> In the past documentation tools were always a pain - like people
> had no xslt processor, or a different one with different options,
> or not the right style sheet, etc. So currently my aim is:
> unless you want to fiddle with the documentation, simply consider
> those static files and leave them alone, so you won't have any
> trouble at all.

It is possible to generate the documentation only when the user calls
"make dist" but not when he simply calls "make" or "make install".
Not too many users should use "make dist". I use this for pcsc-lite
and libccid regarding the ChangeLog files generated from CVS (now SVN)
and have not received any complaints.

Regards,

--
 Dr. Ludovic Rousseau
 For private mail use [hidden email] and not "big brother" Google
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: release libp11 as an independent lib? [u]

Martin Preuss-2
In reply to this post by Ludovic Rousseau
Hi,

On Friday 26 August 2005 11:10, Ludovic Rousseau wrote:
> On 26/08/05, Martin Preuss <[hidden email]> wrote:
> > On Thursday 25 August 2005 23:15, Ludovic Rousseau wrote:
[...]
> > Yes, you could just increase the library number, but that would
> > automatically make it necessary for depending programs to be recompiled
> > to take advantage of the new version.
>
> Two possibilities:
> - the new version is ABI compatible so no need to recompile your
> application - the new version is NOT ABI compatible so you need to
> recompile and maybe even modify your application if the API changed.
[...]
But if you make the members of a structure public then you invite people to
allocate those structs themselves, like in

PublicStructure myStructure;

So the application (i.e. the binary) expects a special size of this structure.
If you modify the structure then the ABI is NO LONGER compatible, thus you
have to recompile the application.

On the other hand when not declaring the contents of the structures there is
no way an application can allocate such a structure, so access is only
possible via pointers, as in

PublicStructure *myStructurePointer;
myStructurePointer=public_structure_new();

This would allow for any change in the structure you like without having to
recompile anything.

In fact this is the way I'm doing things in my own projects, because some
quite big applications depend on my libs (e.g. GnuCash, KMyMoney), so having
to recompile these big projects is nearly out of question.

[...]
> Note that you can have different versions of the same lib installed at
> the same time. It is not a perfect solution but you do not _force_ any
> application to be recompiled. A working application will continue to
> work with the old lib.
[...]
As I described above: Not necessarily, you don't have control over what the
application does with your objects unless you dictate the way of how they are
allocated and let the app only access the members via getters/setters (which
will also give you control over what the application gets/sets).


> > That delayes the entrance of such new library versions into the
> > distributions (because nobody likes to make himself more work than
> > necessary. And having to re-compile all depending programs qualifies as
> > "much work" :-)
>
> That will not delay anything. A distribution can contain different
> versions of libp11 if needed.
[...]
Of course, I'm very well aware of this fact. However, you want new releases to
be in use as soon as possible, don't you?

I have quite extensive experience with the approach Andreas suggests and I can
only tell you that this makes maintainence and development much easier
(because in most cases existing applications can use the new version
instantly).

[...]
> I like to keep the code as simple as possible. If libp11 is a fast
> moving target and we then have problems I may change my mind.
[...]
I think with a security library you should make new (and possibly fixed, not
that I think it might possibly contain bugs at this early stage :-) )
versions available to existing applications as soon as possible, so the
little overhead (and it really isn't too much) is IMHO acceptable.


Regards
Martin


--
"Things are only impossible until they're not"

AqBanking - http://www.aquamaniac.de/aqbanking/
LibChipcard - http://www.libchipcard.de/

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: release libp11 as an independent lib? [u]

Ludovic Rousseau
On 26/08/05, Martin Preuss <[hidden email]> wrote:
> But if you make the members of a structure public then you invite people to
> allocate those structs themselves, like in
>
> PublicStructure myStructure;

I had a rapid review of the documented API in libp11.h. The structures
are allocated by libp11 and not by the application.
If the developper allocates or free the structures himself he is doing
something wrong and unsupported.

> So the application (i.e. the binary) expects a special size of this structure.
> If you modify the structure then the ABI is NO LONGER compatible, thus you
> have to recompile the application.
>
> On the other hand when not declaring the contents of the structures there is
> no way an application can allocate such a structure, so access is only
> possible via pointers, as in
>
> PublicStructure *myStructurePointer;
> myStructurePointer=public_structure_new();

That is what is done by most (if not all) the libp11.h functions. If
not we should change the function prototype. Do you have an example of
such a problematic function in libp11.h?
 
> As I described above: Not necessarily, you don't have control over what the
> application does with your objects unless you dictate the way of how they are
> allocated and let the app only access the members via getters/setters (which
> will also give you control over what the application gets/sets).

I don't want to _enforce_ how a developper should use the API. We
document the API and a developper use it. If he wants to do bad things
with it we can't do much to prevent it.
With C language you can do whatever you want even bypassing the get
functions and directly access the structures fields. Java can enforce
an API but I don't need a libp11 in Java :-)

> > That will not delay anything. A distribution can contain different
> > versions of libp11 if needed.
> [...]
> Of course, I'm very well aware of this fact. However, you want new releases to
> be in use as soon as possible, don't you?

No, I don't. Every application developper is free to use whatever
version of libp11 suits their needs.

I think this discussion goes nowhere. I need a libp11 library. If the
libp11 evolves in a way I don't like I may fork the code a work on my
own version.

Regards,

--
 Dr. Ludovic Rousseau
 For private mail use [hidden email] and not "big brother" Google
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc.org/cgi-bin/mailman/listinfo/opensc-devel
12