[MacPorts] #52431: opensc @0.16.0: add variant +tokend to install TokenD module
MacPorts
noreply at macports.org
Wed Sep 28 09:50:22 CEST 2016
#52431: opensc @0.16.0: add variant +tokend to install TokenD module
---------------------------------+--------------------------------
Reporter: leonardo.schenkel@… | Owner: macports-tickets@…
Type: enhancement | Status: new
Priority: Normal | Milestone:
Component: ports | Version: 2.3.4
Keywords: maintainer haspatch | Port: opensc
---------------------------------+--------------------------------
I am submitting a patch that introduces a new `+tokend` variant to enable
building and installing the OpenSC TokenD module that allows macOS and the
Keychain to interface with the smart cards.
The reason for this being a variant and not a new `opensc-tokend` port
dependent on `opensc` (which would be nicer) is because OpenSC does not
have a stable API/ABI so any mismatch of `libopensc` and the version the
TokenD has been built against is likely to cause runtime issues — which is
extra disturbing given the fact that the TokenD is a module loaded by the
macOS system and could cause system-wide instability.
I also asked in the `opensc-devel` mailing list about how to best build
TokenD (if as a separate package or not) and I got the following two
replies so far (trimmed for brevity):
Frank Morgner:
libopensc's API and ABI has changed in every release I have seen in
the past. That's why we are building both packages together
https://github.com/OpenSC/OpenSC/blob/master/.travis.yml#L66 and I don't
think it makes much sense decoupling them. Additionally, I suppose users
are expecting the MacPorts package(s) to be identical to the download
release on Github, which also implies building tokend together with
libopensc.
Martin Paljak:
It better be +tokend in this wording. Think of OpenSC.tokend like
out-of-tree PKCS#11 or Minidriver interface of OpenSC. It could also be
bundled inside OpenSC code tree as well (but is not, for historical
reasons).
Martin does mention that it is possible to build the TokenD as a separate
package, however he still recommends the variant as a first choice.
Note that building them together is exactly how upstream is built, so I
replicated the way that the upstream build script works. Since nobody else
seems to be building them separately, I believe it is ill-advised to
separate the two into different packages which are installed separately
and risk making the MacPorts package being vulnerable to API/ABI changes
when nobody else is.
I also took the opportunity and did some minor changes in the Portfile
that don't affect the way it's built.
I'm not an expert on Portfile creation, so it's possible or even likely
that the way I'm building the TokenD here could be improved or simplified.
I'm open to any feedback to improve this patch.
--
Ticket URL: <https://trac.macports.org/ticket/52431>
MacPorts <https://www.macports.org/>
Ports system for the Mac operating system
More information about the macports-tickets
mailing list