libengine-pkcs11-openssl installs to wrong directory

Thanks Luke for making us aware!

Note/TL;DR: this is openssl 1.0/1.1 fallout, the Debian bug has much more history one it already and Luke is proposing a fix there which we should pick up into 17.04 then as well.

I could confirm this affecting all releases back to trusty which makes me wonder if I'm doing something wrong as I'm certainly no pkcs expert :-/
Need to be revisited once Debian acks on the fix - but to me atm it seems this never worked?! which makes it lower prio than it seems at first.

Older releases had that at least in a non version specific path, so with some hackery one could load it:

Trusty:
openssl engine dynamic -pre SO_PATH:/usr/lib/engines/engine_pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:opensc-pkcs11.so

On Artful that verion-free path is no more, but you can still go with a workaround like:
openssl engine dynamic -pre SO_PATH:/usr/lib/x86_64-linux-gnu/openssl-1.0.2/engines/pkcs11.so -pre ID:pkcs11 -pre LIST_ADD:1 -pre LOAD -pre MODULE_PATH:opensc-pkcs11.so

Which all does not mean it should not be fixed, I just wondered if that can be loaded at all.

Luke you assigned the Ubuntu portion to yourself - will you be driving this on the Ubuntu side as well?

> Luke you assigned the Ubuntu portion to yourself - will you be driving this on the Ubuntu side as > well?

I'll need a sponsor (I'm in ~moto, not ~core-dev), but happy to.

Source package was different in 16.04

I think there was a *brief* period where this worked correctly in the archive, insofar as the version of ``libengine-pkcs11-openssl`` in Yakkety, built against xenial libssl1.0.0, would've used the right path.

But you are right that this does not appear to ever actually worked in a stable Ubuntu release. I haven't checked lucid, though ;)

I checked if I could help sponsoring that already - thanks Luke for all the work!
For engine-pkcs11 one has to realize that it was dropped in artful as it seems.
In that sense for he SRU "it is released" I'd think - at least when the other packages change are complete.

For libp11 it is clearer - but the fix for libp11 in Debian is still in experimental, I guess this might only resolve after the stretch release? Then it will be auto-synced into artful with the fix.
=> From there we have to check SRU'ability (issue is present back to Trusty)

@Luke - please let me know if I got that somehow wrong - or anything else than waiting the few days for Debian to act on and release that fix has to be done atm.

Coming by checking bugs that were dormant an unexpected long time.

@Luke: Before doing anything wrong here I wanted to ask on an update of the latest status and next steps in your opinion?

libp11 has been fixed since 0.4.4-2. Therefore, the fix is available since bionic.

Since engine-pkcs11 is not available from bionic and on (series under standard support), I am marking it as wontfix.