Paths for .so file are wrong on Ubuntu

Question

Paths for .so file are wrong on Ubuntu

Closed this issue 3 years ago · 6 comments

The correct path for the .so file on Ubuntu varies depending on the architecture. A complete list of the file paths used is here:

https://packages.ubuntu.com/search?searchon=contents&keywords=opensc-pkcs11.so+&mode=exactfilename&suite=eoan&arch=any

The most common one used would be:

   /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so

I'm not sure how you want to handle this in the documentation. Maybe in one step instruct users to export a shell variable with the right path, and then refer to the variable in the remaining shell commands. That would keep most the commands as "copy/pasteable" for most users.

Answer 1 · 2020-01-28T03:34:58.000Z

Other than the issues I reported, I was able to successfully work through the Howto on Ubuntu 19.10!

Thanks a lot for posting this. The other Howto that involved GPG was so complex that I eventually gave up. Even if I got it to work, it wasn't something that I could recommend to co-workers and it seemed like to break over time.

This is simpler!

Answer 2 · 2020-01-28T18:26:30.000Z

That is an interesting issue. Is the ssh-agent on Ubuntu compiled to allow this path for PKCS whitelist? If not we'd also have to recommend using adding -P /usr/lib/x86_64-linux-gnu when ssh-agent is started.

For dpkg-based systems you can use dpkg-query to list which package and the full path a file comes from, so maybe we could create a shell function wrapping that to output the full path to the library, e.g.

opensc_lib_path() {
  dpkg-query -S '*/ssh-agent' | awk '{print $2}'
}

ssh-agent -P $(opensc_lib_path)

Glad you found the found the guide useful otherwise!

Answer 3 · 2020-01-28T18:54:02.000Z

The ssh-agent integration was the one piece I didn't test last night. I'll test that tonight.

Answer 4 · 2020-01-28T19:34:14.000Z

On Ubuntu 18.04, I can programmatically find the right path to the .so file like this:

    dpkg -S opensc-pkcs11.so | grep -v onepin | head -1 | cut -d ' ' -f 2

Answer 5 · 2020-01-28T20:12:32.000Z

I tested the agent integration on Ubuntu 18.04 and it worked. I used ssh -v to confirm I was using the key intended.

The "whitelisted paths" concern you raised will not be a problem. According to man ssh_config, the default whitelisted path includes /usr/lib/* and the *.so files on Ubunt are underneath that path in all cases.

Answer 6 · 2021-05-13T13:04:55.000Z

I don't use Ubuntu anymore and it looks the yubikey-agent project is recommended instead of this one anyway, so closing this.