Hello, On 30.09.2009, at 18:19, Jean-Pierre Szikora wrote: > I've just commited 2 files (Makefile-SL and openssl-prep.sh) on SCA > trunk. I've developed and tested it on a freshly installed MacOSX > 10.6 and with the developer tools from the Installation DVD. SL is Intel only, so no PPC needed. In theory, the only change for normal leopard could be playing with architectures, used SDK and - mmacosx-version-min compiler flag. The same build system should work for 10.5 and 10.6
> After a "make all", I've an openssl, opensc, libp11, engine and a > patched openssh compiled for the 3 architectures (x86_64, i386 and > ppc7400) in the compiled-*/Library/OpenSC directories. No installer > yet (but it can be done manually with a cp -HR). No more need for 2 > computers, etc... Snow leopard comes with OpenSSL 0.9.8k. Is it compiled without some options that for example engine_pkcs11 requires? For an installer, I'd prefer it uses the system provided OpenSSL, if possible. For example, I already use both fink and macports and for various reasons I have at least 3 copies of OpenSSL: /usr, /sw /opt/local. One more in /Library/ OpenSC ... would not hurt if it was required for something but generally takes up space, at least in my case. > For the moment, I've dropped the support for libusb and egate. Actually, that's one thing my installer for Estonian eID has included: most up to date CCID driver, but with statically linked libusb. I wish Apple updated pcsc-lite as well every now and then :) > Martin, do you think you can add support for Tokend to the Makefile? I can't remember why the lipo choice was implemented in the first place? Something did not compile correctly as universal, but what was it? Was it only on 10.4? I would reap the Makefile from lipo phases, maybe even rewrite the whole thing. I have prepared "build105.tar.gz" and "build106.tar.gz" packages that include the required internal frameworks Tokend builds against and buildgin the tokend is as simple as downloading the required pre-requisites (not building them with darwinbuild) and issuing a xcodebuild command. > My idea is to start a new 0.3 SCA branch for Leopard and SnowLeopard > and dropping support and maintenance of the (0.2 branch of) SCA for > Tiger. Maybe we should define better what SCA actually is or tries to be? Is it a packaged version of OpenSC and its interfaces and utilities? Is it a "bundle of everything we know can use OpenSC PKCS#11 and does not come bundled with OS X"? Should we maybe delegate some pieces to macports/fink? Should we maybe come up with a control panel kind of thing on OS X? Work with GUI frontend providers, like tunnelblick for OpenVPN? Maybe we should try working with apple to get libopensc and the tokend to be included in OSX? http://smartcardservices.macosforge.org/ leaves me the impression that maybe, just maybe, apple is also interested in working *with* the open source community and not just publish the source they use and hope that somebody fixes the bugs they introduce? Given the fact that OpenSC supports many European eID cards there is a good reason why to treat OpenSC.tokend on a par with PIV/ CAC tokend-s, except unlike PIV is not of interest to the US federal buyers. I know that it does not apply 1:1 with a generalized idea OpenSC should try to achieve, but in Estonia the installer that includes OpenSC makes things like automagically configuring Firefox and adding Keychain Preferences (that are required for optional client certificate configurations, which means most of useful ID-card protected websites in Estonia) for common sites. But the goal is clear: to provide a package to for other software (e-voting, digital signature etc) to use the Estonian ID card and to enable supported web browsers. Maybe if we figure it out it would also help resurrect SCB (that existed before SCA) and maybe even create SCC (Smart Card Cobol?) :-) > Any comments? Dropping tiger is of course a good idea. There are some folks out there who of course want to use an ancient OK cardman 2020 reader with OS X 10.4.3 on a G3 machine and are furious if you say it is not supported and never will, "becase Firefox 1.0.2 works just fine" (real opinion from Estonian Mac user) ;) -- Martin Paljak http://martin.paljak.pri.ee +372.515.6495 _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
