[opensc-devel] OpenSC github Test project
Hello, I created a Test [1] project at github. This project is supposed to be used to test integration of github with other services before deploying the configuration to a real OpenSC sub-project. Feel free to use it. You may need to get access rigths. Just ask on this list. Bye, [1] https://github.com/OpenSC/Test -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Status of the server migration
Hello, 2012/12/27 Greg Troxel : > > All sources, OpenSC and sub-projects, are in github. > > A perspective from someone on the outside who is trying to pay > attention: > > It would be helpful if the sourceforge page links to something that is > part of the future, and points out the github repos, and that there > are no repos on sourceforge. If sourceforge is not ok with this then > a new strategy may be needed :-) Good remark. The sourceforge project now has a link to the github wiki page. I also created a new "OpenSC Services" page at github wiki are add a link to that page from the sourceforge project page. > If the opensc-project.org wiki is going away, it would be good to have > the front wiki page have a note about that and pointers to > sourceforge and github. I don't know what that the opensc-project.org domain name will become. I have no control on it. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Status of the server migration
Hello all, 2012/12/26 Viktor Tarasov : > On Wed, Dec 26, 2012 at 3:56 PM, Andreas Jellinghaus >> * mailing lists: no idea what the current status is (i.e. this is a >> test mail). Do we have new lists? Subscribers migrated or invited? >> Does this old list still work, or should I shut it down? > > > The mailing lists with the same names are created on SF. > The request to import the 'OpenSC' archive (for a while only OpenSC) is > pending. > https://sourceforge.net/tracker/?func=detail&atid=497423&aid=3596976&group_id=61487 Viktor, this request has been closed the same day you opened it. It looks like it is not the correct procedure. I just sent an email on each of the 3 lists to ask users to resubscribe to the lists at SF. >> * Trac/Wiki/ -> any progress here? I remember so offerings and >> questions to migrate, but no status update since - maybe I missed it? > > We are waiting solution from Peter. I don't think we can count on Peter. I had a bad experience on the libusb project and waited after Peter for a new release during 2 years before participating to a forked project (libusbx). > If something will no go as he expects, > the alternative solution is to use the Wiki on github. > Currently all wiki pages of OpenSC are migrated to github. > https://github.com/OpenSC/OpenSC/wiki > > Sure, the github wiki is not the equivalent substitution to the Wiki&Trac, > but an advantage is that there is no dependence on particular person to get > it running. I do not like it at all but we may have lose all the bugs reported at opensc-project.org and start a new collection at github. If it is possible to do it automatically we may add a comment to every bug asking the bug reporter to report it again on github if the bug is still valid. >> * opensc-project.org domain - registered to martin paljak, opensc.org >> reigstered to same unknown person - opensc.com for sale. >> any chance to move one of the domains to (whom?) someone? or live >> without them? > > > I have no much experience, but > my guess is if Peter will create a real wiki&trac, he could use this domain > for this service. > > If not, I can use this domain for the actual opensc.fr platform. Martin is busy with other project and real life. The best we can do is ask him to redirect opensc-project.org to opensc.org so a web site is still available. >> Anything else I missed? >> >> As said, I'd like to retire the server end of year, as it is a very >> old and unmaintained installation. Andreas, can you wait until mid-January before retiring the server so I have a chance to backup what I can? I am not at home now. Thanks -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] List opensc-devel migration
Hello, You are a subscribed member of the opensc-devel@lists.opensc-project.org mailing list. The server at opensc-project.org will be shut down soon and all the services need to migrated to a new home [1] and [2]. An opensc-devel mailing list has been created at SourceForge. Go to [3] and subscribe again if you want to continue to receive messages for opensc-announce. We decided NOT to migrate your email automatically. So you have to resubscribe by hand. Sorry for the inconvenience. Regards, [1] http://sourceforge.net/projects/opensc/ [2] https://github.com/opensc [3] https://lists.sourceforge.net/lists/listinfo/opensc-devel -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Muscle smart card Applet various versions from M.U.S.C.L.E. and OpenSC
2012/12/10 Douglas E. Engert : > I am not using the Muscle card applet, but was looking looking at the OpenSC > debug log for this thread: > Re: [opensc-devel] The smart card reader is known as "VMware Virtual USB CCID > 00 00" in linux ??!! > > The OpenSC card-muscle.c (0.12.2 or 0.13.0) is looking for > PROTO_VERSION_MAJOR=1 > > The author of the original note said: > > I've loaded and initialized Muscle applet (0.9.11) on it. > > This appears in the log that GET_STATUS is returning: 00 01 00 05 ... > i.e. PROTO_VERSION_MAJOR=0, PROTO_VERSION_MINOR=1 > > This version from 2003-12-19, does not sound like the latest to me... > > Yet in the Muscle CVS archives: >http://anonscm.debian.org/viewvc/muscleplugins/trunk/MCardApplet/ > as of 4 years ago has version.properties has: > >APPLET_VERSION_MAJOR=0 >APPLET_VERSION_MINOR=9 > >PROTO_VERSION_MAJOR=1 >PROTO_VERSION_MINOR=3 > > And there have been changes in the SVN 9 months ago, 2 years ago and > 3 years ago, which are not reflected in the Download page: >https://alioth.debian.org/frs/?group_id=30111 > > Can the download versions be update, or the page change to say > compile it yourself? Or point to the OpenSC page? I also noticed that the download section provides version 0.9.11 from Dec 2003. But the README file has a version 0.9.12 from Feb 2008 that is not available to download. > Then on OpenSC-project: >http://www.opensc-project.org/opensc/wiki/MuscleApplet > it says: > "OpenSC supports the Muscle applet, available from Debian SVN:" > svn co svn://svn.debian.org/muscleplugins/trunk/MCardApplet > > (This appears to be the same SVN as on the Muscle page, revision 298 > from 9 months ago.) > > "An updated version, targeting recent JavaCard 2.2.2 cards with > extended APDUs is available from github:" > http://github.com/martinpaljak/MuscleApplet > > This github is 3 years old, yet changes where made to the Muscle SVN > 9 months ago. > > > https://github.com/martinpaljak/MuscleApplet/blob/master/src/com/musclecard/CardEdge/CardEdge.java > (3 years old) > buffer[pos++] = (byte) 1; // Major Card Edge Protocol version n. > buffer[pos++] = (byte) 3; // Minor Card Edge Protocol version n. > buffer[pos++] = (byte) 0; // Major Applet version n. > buffer[pos++] = (byte) 9; // Minor Applet version n. > > Which is in line with the PROTO_VERSION_MAJOR the OpenSC code is looking for. > > Can Martin and Ludovic get together and get these versions in sync, > and make it so others don't download the 9 year old version? The MUSCLE applet needs a real maintainer. Any volunteer? It looks like the 2-years old Martin's version on github already includes the 9-months old fix from svn.debian.org. So the (unmaintained) version from http://anonscm.debian.org/viewvc/muscleplugins/trunk/MCardApplet/ could be removed and replaced by Martin's version. I propose to: - add a file DO_NOT_USE_ME.txt in the SVN repository to point the github version - remove the MCardApplet-0.9.11.tar.gz from https://alioth.debian.org/frs/?group_id=30111 - update the http://www.opensc-project.org/opensc/wiki/MuscleApplet (and github wiki version) page to point to Martin's github version Other ideas? -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] pam_pkcs11 with many certificates on a single token
2012/12/10 : > Hello, > > Here is my patch (actually, 2 patches that depend if the patch concerns only > the error 2328 (patch 1) or the whole block processing the return value of > verify_certificate() (patch 2)). Patch 2 applied in git https://github.com/OpenSC/pam_pkcs11/commit/75613e32dfc49e1174d55ed37c18ce84cabadb47 Thanks -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] The smart card reader is known as "VMware Virtual USB CCID 00 00" in linux ??!!
Hello, 2012/12/12 Rns Course : >> (2) You said: >>> installed Card Reader driver on fedora with name "ifdokccid.so" >>> (my Card Reader is Omnikey CardMan 3121). > >>Is this really needed on unix? I thought pcscd would use its own >>libccid.so for this reader. > > Apparently not! The Omnikey CardMan 3121 reader is supported by my CCID driver. See http://pcsclite.alioth.debian.org/ccid/supported.html#0x076B0x3021 The vmware virtual reader is also supported by my CCID driver. See http://pcsclite.alioth.debian.org/ccid/shouldwork.html#0x0E0F0x0004 >>If this is a vendor provided library, what version are you using? Can >> you try without this file? > Version 3.7.0, I added smartcard-list.txt on Dr. Ludovic Rousseau site that > caused "pcsc_scan" recognizes my card (SmartCafe Expert 3.2 72k). > It seems there was no need to "ifdokccid.so" driver! ifdokccid.so should not be needed. But it should not create problems if you install it and should be used by pcscd instead of my libccid driver. I am happy your problem is now fixed by a correct configuration of OpenSC. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC Wiki in github
2012/12/11 Viktor Tarasov : > Hello, Hello, > for a while we have no news about migration of trac&wiki to the dedicated > platform. > > Meanwhile, waiting for better solution, I migrated OpenSC wiki to github [1] Great job. Thanks. > (Only wiki pages, not tickets.) I hope we can migrate the tickets using a tool and not only by hand. > The OpenSC Wiki pages in github are converted into 'textile' format. > > The rapid script used for this conversion, the archives with the dump of the > OpenSC sub-project wiki pages and > wiki attachments are also present in wiki repository. (Files are not > accessible with GUI -- you need to clone repository. [2]) > Using these files and archives the Wiki of the other OpenSC sub-projects can > be also migrated to github. All the subprojects are in the OpenSC wiki. Maybe we should migrate their wiki pages to their own github wiki repository. But I don't know how easy that would be. It looks like the subprojects do not have many wiki pages. > I do not yet looked 'manually' through all the wiki pages to update > existing, suppress obsolete or add new information. > > I will do it gradually and invite you as well to participate in this > exciting activity, if you have will, possibility, time, etc... > If you notice any 'systematic' conversion error, tell me please, I will > change the conversion script and re-submit the pages . Some pages can be removed like [1] and [2] since they are about trac. Bye [1] https://github.com/OpenSC/OpenSC/wiki/WikiFormatting [2] https://github.com/OpenSC/OpenSC/wiki/Using-HTML-in-Wiki-Text -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] pam_pkcs11 with many certificates on a single token
2012/12/10 : > Hello, Hello, > I use pam_pkcs11 0.6.8 with libcurl but without nss. My tokens works fine but > they can contain 4 or 5 certificates (with corresponding rsa keys). > > My certificates are not all from the same PKI, so they are not certified by > the same ACs. > > The problem I encounter with pam_pkcs11 is that if the first certificate it > tries to verify is not certified by ACs I installed on my workstation, I got > an error 2328 because verify_certificate() return -4 and pam_pkcs11 stops > (line 584 of src/pam_pkcs11/pam_pkcs11.c : goto auth_failed_nopw;), not > trying to verify others certificates in my token. I do not really want to > install all ACs (including CRLs, ...) of my certificates of my token on every > workstations. > > I tried to add a "continue;" in pam_pkcs11.c in the switch test for the error > 2328 : if verify_certificate() returns -4, pam_pkcs11 prints the error > message "error 2328: ..." and with the continue command, pam_pkcs11 continues > to process the next certificates and everything works great. > > Maybe I missed something that explains why pam_pkcs11 stops processing > certificates if the verification of a certificate returns -4. I guess it is just a bug or a missing feature. Can you send me a patch (or, better, a github pull request) so I can fix the problem? The project is at https://github.com/OpenSC/pam_pkcs11 Thanks -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] a few more trivial patches
2012/12/10 Anthony Foiani : > Ludovic, greetings -- > > On Sun, Dec 9, 2012 at 7:19 AM, Ludovic Rousseau > wrote: >> >> 2012/12/8 Anthony Foiani : >> > Greetings -- >> > >> > I have two small patches which you might want to consider integrating. >> > >> > (And given that I can't get git to do what I want, you probably want >> > to just cherry-pick these, as I suspect I've completely destroyed my >> > repo history...) >> >> You should rebase your patches above OpenSC/OpenSC master. > > Ok, but pardon my git ignorance: I thought that one should never > rebase a tree that will be published and pulled from? Or only if it's > published and someone tries to *base a new tree* off of it? That is what I thought also. But it is far easier to review a patch when the history is clean. >> > https://github.com/tkil/OpenSC/commit/0c4a2e0c4063f31bc41c34e45869b9a9e7ca41d7 >> > This uses "dir local" settings to configure Emacs indentation correctly. >> >> I don't think that an Emacs configuration file should be added to the >> OpenSC source code. > > Hm. Why not? It would ensure that emacs users have their style set > appropriately for this project, and shouldn't affect anyone else in > any way. > > In my own use case, I work on 3-4 projects in the same emacs session, > and each one has different indentation settings. dir-local settings > seem the easiest way to assign a style per directory (tree). > >> You should keep this change in your own branch. > > And for my second question of git ignorance: how can I maintain "my > own branch", when merging upstream into a branch is discouraged? Or > do I misunderstand the tone of the log comments when trying to check > in such a merge? Or just keep the file.dir-locals.el out of git. I have no objection to add this file. I do not use Emacs myself. I see it can help code quality so unless someone objects I will merge it upstream. Please submit a pull request. >> > https://github.com/tkil/OpenSC/commit/599bd1e6c906af63eb379c866076f98a91654cb2 >> > I spotted an inconsistency in how the option argument pointers were >> > initialized; this fixes it (to make it more consistent). >> >> Not a bug but the code would be nicer. > > For whatever it's worth, my understanding is that uninitialized global > variables are actually allocated as a part of program runtime, and are > initialized to zero at that point. *Initialized* global variables, > however, are stored in the binary itself, even if the initializer is > zero. > > So as a matter of style, it might be better to leave all those > pointers uninitialized. (This was a big stink on the linux-kernel > mailing list a few years back.) > > On the other hand, I don't know if this behavior is true across all > platforms, and the space/time cost in this case is trivial. > >> Can you create a branch from OpenSC/OpenSC master with only this patch >> and ask for a Pull Request? > > I'll try. :) Every time I try to use git for anything fancier than > an svn-replacement, I seem to get burned... > > In this case, it looks like I'll have to fork the OpenSC version > (instead of the CardContact version), then branch in my new fork, > commit this change, and then request a pull of my new branch on the > new fork? (Not complaining about amount of work, just trying to make > sure I have the flow correct.) Now merged upstream. Merging a pull request from github adds a "merge pull request" commit. The history is then not very nice (linear) but I don't know a better way using the github web interface. Thanks -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] The smart card reader is known as "VMware Virtual USB CCID 00 00" in linux ??!!
2012/12/9 Rns Course : > Another request of you: > what's your opinion about windows version of opensc (0.12.2 or 0.13.0) and > the problem "File not found" in pkcs15 initialization? No idea. -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] a few more trivial patches
2012/12/8 Anthony Foiani : > Greetings -- > > I have two small patches which you might want to consider integrating. > > (And given that I can't get git to do what I want, you probably want > to just cherry-pick these, as I suspect I've completely destroyed my > repo history...) You should rebase your patches above OpenSC/OpenSC master. > https://github.com/tkil/OpenSC/commit/0c4a2e0c4063f31bc41c34e45869b9a9e7ca41d7 > This uses "dir local" settings to configure Emacs indentation correctly. I don't think that an Emacs configuration file should be added to the OpenSC source code. You should keep this change in your own branch. > https://github.com/tkil/OpenSC/commit/599bd1e6c906af63eb379c866076f98a91654cb2 > I spotted an inconsistency in how the option argument pointers were > initialized; this fixes it (to make it more consistent). Not a bug but the code would be nicer. Can you create a branch from OpenSC/OpenSC master with only this patch and ask for a Pull Request? Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] The smart card reader is known as "VMware Virtual USB CCID 00 00" in linux ??!!
2012/12/9 Rns Course : > Hello > > Here's the trace: > > +++ > Versions > > smart card reader driver name and version: > > The output of pcsc_scan: > VMware Virtual USB CCID 00 00 > > (ifdokccid_lnx_i686-3.7.0) > -- > pcsc-lite version: > > The output of the command "pcscd -v": > 1.8.2 I can't believe "pcscd -v" returned only one line. > the output of the command "/usr/sbin/pcscd --version": > > pcsc-lite version 1.7.4. > Copyright (C) 1999-2002 by David Corcoran . > Copyright (C) 2001-2011 by Ludovic Rousseau . > Copyright (C) 2003-2004 by Damien Sauveron . > Report bugs to . > Enabled features: Linux i386-redhat-linux-gnu serial usb libudev > usbdropdir=/usr/lib/pcsc/drivers ipcdir=/var/run/pcscd > configdir=/etc/reader.conf.d And now you have a different version of pcscd. > I guess the problem is because of pcscd version (1.8.2 or 1.7.4)?! > Am I right? (It's confusing!!) Your pcsc-lite configuration is completely broken. Recreate a clean fedora 16 virtual machine from zero and try again. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] The smart card reader is known as "VMware Virtual USB CCID 00 00" in linux ??!!
2012/12/9 Rns Course : > Thanks; >> opensc-tool can see the (virtual) reader. But failed to connect to the >> card. > > Now, what's the solution? Debug the problem. Generate a pcscd trace as described in [1] for the "opensc-tool -a" command. Bye [1] http://pcsclite.alioth.debian.org/pcsclite.html#support -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] The smart card reader is known as "VMware Virtual USB CCID 00 00" in linux ??!!
2012/12/7 Rns Course : >> Ludovic had said it was strange that pcsc_scan worked but opensc-tool -a >> did not. > > Pcsc_scan finds the reader as Virtual CCID not OMNIKEY, but gets the card's > ATR correctly. > Opensc-tool doesn't find the card to show the ATR, because the card reader > is not known for it as OMNIKEY. opensc-tool will use any connected reader. Unless you gave a specific name but that was not explicit in your first email. opensc-tool can see the (virtual) reader. But failed to connect to the card. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] minimal requirements for working with crypto tokens?
2012/12/6 Anthony Foiani : > Greetings, all. Hello, > As with a similar posted in the last day or two, I'm working deploying > an embedded linux system, and I'm trying to figure out the smallest > set of libraries that I need to do this. > > The desired use for tokens in the field is: > > 1. Sign binary blobs, generating a detached RFC5652 signature file > from each data file. > > 2. (Eventually) for both client and server-side SSL handshaking. > > On a typical Linux workstation, I can do all this already, thanks to > the developers here and on libusb, ccid, and pcsc-lite. Barring > late-breaking changes, this functionality is already available in > packages for the distribution I'm using here (Fedora 17). > > To test the latest and greatest, I had to build: > > libusb-1.0.9 > pcsc-lite-1.8.6 > ccid-1.4.8 > openssl-1.0.1c > libp11-0.2.8 > opensc-0.13.0rc1-g2895729 (from CardContact) > engine_pkcs11-0.1.8 > > Other than having to adjust the interprocess expectations of pcscd and > its users, that also works fine. > > However, the embedded box is not running the typical workstation > daemons. There's no udev at all; I'm handling the event stream > directly within my application. (E.g., I'm receiving and handling USB > mass storage device insertions / removals.) > > What I'm looking for is guidance on which libraries are required to do > the work, if I can tell those libraries exactly which USB device to > use, and only when there is something there to be used. > > Is libusb used only for discovery, or for access as well? Likewise, > if there is only ever one process accessing the token (and I can > guarantee that it's single-threaded access), then is pcscd necessary? libusb (or udev but you do not use it) is used by pcscd to discover USB readers. libusb is used by libccid to access the USB readers. You can write your own simpler pcscd if you want. > Even further, if I know exactly which token will be used, is it > possible and/or advisable to short-circuit the generic aspects of > libpkcs11 and somehow use that token's driver directly? The question is: why would you change existing and working code? What is the problem with the existing programs? Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] The smart card reader is known as "VMware Virtual USB CCID 00 00" in linux ??!!
2012/12/5 Rns Course : > Hi all; Hello, > I have a smart card (SmartCafe Expert 3.2 72k) and I've loaded and > initialized Muscle applet (0.9.11) on it. > Now, I have problem with pkcs15 initializing... > In Windows, I couldn't initialize the card using "pkcs15-init" tool, so I > decided to compile opensc-0.12.2 in linux (fedora 16) and use "pkcs15-init" > tool in linux. > > I have fedora on VMWare ( my host OS is Windows7) and installed Card Reader > driver on fedora with name "ifdokccid.so" (my Card Reader is Omnikey CardMan > 3121). > I've got and installed "pcsc-tools" package on linux and run "pcsc_scan" > command on Terminal, the output was as below: > > ------- > PC/SC device scanner > V 1.4.17 (c) 2001-2009, Ludovic Rousseau > Compiled with PC/SC lite version: 1.6.6 > Scanning present readers... > 0: VMware Virtual USB CCID 00 00 > > Wed Dec 5 11:03:39 2012 > Reader 0: VMware Virtual USB CCID 00 00 > Card state: Card inserted, > ATR: 3B F7 18 00 00 80 31 FE 45 73 66 74 65 2D 6E 66 C4 > > ATR: 3B F7 18 00 00 80 31 FE 45 73 66 74 65 2D 6E 66 C4 > + TS = 3B --> Direct Convention > + T0 = F7, Y(1): , K: 7 (historical bytes) > TA(1) = 18 --> Fi=372, Di=12, 31 cycles/ETU > 129032 bits/s at 4 MHz, fMax for Fi = 5 MHz => 161290 bits/s > TB(1) = 00 --> VPP is not electrically connected > TC(1) = 00 --> Extra guard time: 0 > TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0 > - > TD(2) = 31 --> Y(i+1) = 0011, Protocol T = 1 > - > TA(3) = FE --> IFSC: 254 > TB(3) = 45 --> Block Waiting Integer: 4 - Character Waiting Integer: 5 > + Historical bytes: 73 66 74 65 2D 6E 66 > Category indicator byte: 73 (proprietary format) > + TCK = C4 (correct checksum) > > Possibly identified card (using /usr/share/pcsc/smartcard_list.txt): > 3B F7 18 00 00 80 31 FE 45 73 66 74 65 2D 6E 66 C4 > SmartCafe Expert 3.2 72K > -- > > My problem is that VMWare finds the reader as: > Reader 0: VMware Virtual USB CCID 00 00 > > NOT > > Reader 0: Omnikey CardMan 3121 00 00 !! > > So, the command "opensc-tool -a" has the following output: > > Using reader with a card: VMware Virtual USB CCID 00 00 > Failed to connect to card: Unresponsive card (correctly inserted?) > > When I connect the reader to the system, VMWare recognizes it as : > "Shared OMNIKEY CardMan 3x21 0" in Removable Devices section of VM, so > fedora finds it as "VMware Virtual USB CCID 00 00" reader not Omnikey! > How should the card reader be introduced in VM to solve this problem? > I guess the problem is because of VMWare settings for card reader not > OpenSC, but I've not found more related forum than here to ask this > question; > > Could you help me please? VMWare uses a trick to show the smart card reader in the VM without disconnecting it from the host. VMWare uses PC/SC on Windows to access the reader and shows it as a fake CCID reader in the VM. It is strange that you can get the ATR using pcsc_scan but not using "opensc-tool -a". It is also possible to connect your reader directly to the VM as any other USB device. It will then not be available from Windows. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] pam-pkcs11 module buils and install
2012/11/27 Toni Sjoblom - Aventra : > Hi, Hello, > Can somebody help me with the build and install of the pam-pkcs11 module? > > The problem is that I try to execute “make” I get an error: > > > > “make: *** No targets specified and no makefile found. Stop.” > > > > I execute this as the documentation says[1], i.e. in the path where the src > and other stuff is located. > > I have tried the packages 0.6.3, 0.6.8 and the current svn trunk with the > same error. > > > > I’m I missing something here. Yes, you missed something. The documentation your are referring to is for using with a .tar.gz archive. This is not the case when you use the code from svn. You have to use the ./bootstrap script first to generate the configure script. Note that the new repository for pam_pkcs11 is now on github [2]. Bye > [1] http://www.opensc-project.org/doc/pam_pkcs11/pam_pkcs11.html#install [2] https://github.com/OpenSC/pam_pkcs11 -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] state of the project?
2012/11/23 Alon Bar-Lev : > On Fri, Nov 23, 2012 at 4:21 PM, Ludovic Rousseau > wrote: >> 2012/11/23 Alon Bar-Lev : >>> You copied the repositories without tags. I fixed this for openct, >>> pkcs11-helper, but I guess you should check all repositories moved, >>> make sure we did not lose anything. >> >> Exact. svn2git did not get the tags for releases :-( >> I added them by hand for pam_pkcs11. > > I used git-svn which was great. I guess you had to convert branches to tags. I re-did the SVN to GIT convertion (including tags for releases) for: - pam_pkcs11 - OpenSC-java - libp11 - engine_pkcs11 - pam_p11 I hope it is correct now. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] state of the project?
2012/11/22 Alon Bar-Lev > On Wed, Nov 21, 2012 at 4:52 PM, Ludovic Rousseau > wrote: > > > > Hello, > > > > 2012/11/17 Alon Bar-Lev : > > > On Sat, Nov 17, 2012 at 11:54 PM, Ludovic Rousseau > > >> I don't think I can give you admin access to only these 2 projects. > > >> I can add you as a member of the OpenSC organisation and you would > > >> have access to all the repositories. > > > > > > Yes you can, there are teams, each team can have admin/write/read > > > access to specific repositories. > > > > I created a "OpenCT maintainers" team [1]. > > Alon Bar-Lev is the only member of the team but I can add others. > > Please do the same for pkcs11-helper, thanks! > Done. -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] state of the project?
2012/11/18 Ludovic Rousseau : > 2012/11/18 Viktor Tarasov : >> mailing list will go (without archive ?) to SourceForge, or, in case of the >> last minute obstacles, to groups.google.com. > > The numbers of members to the 3 lists hosted at opensc-project.org are: > 546 opensc-devel_members.txt > 129 opensc-announce_members.txt > 39 opensc-commits_members.txt > > I created 3 mailing lists at SourceForge OpenSC project > https://sourceforge.net/p/opensc/mailman/ > > It looks like it is possible to mass subscribe to a mailman list [1]. > But I could not find how using the SourceForge list interface. I found how to mass subscribe to the new mailing lists I created. > Maybe the only (and good) solution is to ask people to subscribe at > SourceForge. What do you think is best: - mass subscription without asking for permission? - ask people to subscribe to the new lists? Maybe some people are on the list but no more interested by OpenSC. Maybe they just redirect the emails into the spam/trash folder. What do you think? Thanks -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] state of the project?
Hello, 2012/11/17 Alon Bar-Lev : > On Sat, Nov 17, 2012 at 11:54 PM, Ludovic Rousseau >> I don't think I can give you admin access to only these 2 projects. >> I can add you as a member of the OpenSC organisation and you would >> have access to all the repositories. > > Yes you can, there are teams, each team can have admin/write/read > access to specific repositories. I created a "OpenCT maintainers" team [1]. Alon Bar-Lev is the only member of the team but I can add others. Alon, you should be able to push changes directly in OpenSC / openct If you need something else just ask the OpenSC owners (Martin, Viktor and myself for now). Bye [1] https://github.com/organizations/OpenSC/teams -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] state of the project?
Hello, 2012/11/18 Andreas Schwier : > My point is, that I offer to do the integration on opensc-java (as I > already had commit rights to the old repository). I just created a "OpenSC-Java maintainers" team. Give me your github login and I add you to the team. You will then be able to push changes. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Admin access to the OpenSC project at SourceForge.net
2012/11/19 Olaf Kirch : > Hi Ludovic, Hello, > On Saturday 17 November 2012 17:26:56 Ludovic Rousseau wrote: >> Hello Juha and Olaf, >> >> The machine hosting https://www.opensc-project.org/ will be stopped at the >> end of this year (2012). We are looking for a new hosting solution. >> >> You both are admin of the OpenSC project at SourceForge.net. Can you add me >> (login: ludov) as a new admin so we can use https://sourceforge >> .net/projects/opensc/ as a new host? We plan to host the mailing list(s) at >> SF.net. > > It seems this has already happened, if I'm not mistaken? You are right. Juha was quiet fast to update the OpenSC SourceForge project. Thanks to both. -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] state of the project?
2012/11/18 Viktor Tarasov : > mailing list will go (without archive ?) to SourceForge, or, in case of the > last minute obstacles, to groups.google.com. The numbers of members to the 3 lists hosted at opensc-project.org are: 546 opensc-devel_members.txt 129 opensc-announce_members.txt 39 opensc-commits_members.txt I created 3 mailing lists at SourceForge OpenSC project https://sourceforge.net/p/opensc/mailman/ It looks like it is possible to mass subscribe to a mailman list [1]. But I could not find how using the SourceForge list interface. Maybe the only (and good) solution is to ask people to subscribe at SourceForge. Bye [1] http://wiki.list.org/display/DOC/How+can+I+Mass+Subscribe+a+list+with+real+names -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] state of the project?
2012/11/17 Alon Bar-Lev : > On Sat, Nov 17, 2012 at 9:26 PM, Ludovic Rousseau > wrote: >> 2012/11/17 Alon Bar-Lev : >>> On Sat, Nov 17, 2012 at 6:00 PM, Ludovic Rousseau >>> wrote: >>>> 2012/11/16 Alon Bar-Lev >>>>> >>>>> On Wed, Nov 14, 2012 at 10:22 PM, Alon Bar-Lev >>>>> wrote: >>>>> > On Wed, Nov 14, 2012 at 10:20 PM, Ludovic Rousseau >>>>> > wrote: >>>>> >> >>>>> >> >>>>> >> 2012/11/14 Ludovic Rousseau >>>>> >>> >>>>> >>> I could not migrate: >>>>> >>> - pkcs11-help. Something fails in the authors names conversion >>>>> >> >>>>> >> >>>>> >> I forked the github repository of Alon. pkcs11-helper is now available >>>>> >> under the OpenSC organization. >>>>> >> https://github.com/OpenSC/pkcs11-helper >>>>> >> >>>>> >>> I have not tried to migrate: >>>>> >>> - OpenCT >>>>> >>> - OpenSC-Java >>>>> >>> Aren't these projects obsolete now? >>>>> >> >>>>> >> >>>>> >> I tried to convert OpenCT. >>>>> >> But I could not get the author correspondence. Some SVN revisions have >>>>> >> no author and confuse svn2git. >>>>> > >>>>> > I will prepare github for you to use. >>>>> >>>>> Ready: >>>>> https://github.com/alonbl/openct >>>> >>>> >>>> Forked at https://github.com/OpenSC/openct >>> >>> No... it should not be forked it should be entire clone. >>> From this one I should fork mine if I work on openct. >>> Same for other projects opensc repos should be the master as they >>> are formal upstream. >> >> OK. I deleted openct and pkcs11-helper to recreate them. >> You can now fork them on your side. > > Thanks. > It would be lovely if you give me admin access to both of these. I don't think I can give you admin access to only these 2 projects. I can add you as a member of the OpenSC organisation and you would have access to all the repositories. The idea of git is to _not_ have to give access. Just send pull requests and I (or another admin) will pull your code. Same remark for Andreas and the OpenSC-java repository. Or am I wrong? Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] state of the project?
2012/11/17 Alon Bar-Lev : > On Sat, Nov 17, 2012 at 6:00 PM, Ludovic Rousseau > wrote: >> 2012/11/16 Alon Bar-Lev >>> >>> On Wed, Nov 14, 2012 at 10:22 PM, Alon Bar-Lev >>> wrote: >>> > On Wed, Nov 14, 2012 at 10:20 PM, Ludovic Rousseau >>> > wrote: >>> >> >>> >> >>> >> 2012/11/14 Ludovic Rousseau >>> >>> >>> >>> I could not migrate: >>> >>> - pkcs11-help. Something fails in the authors names conversion >>> >> >>> >> >>> >> I forked the github repository of Alon. pkcs11-helper is now available >>> >> under the OpenSC organization. >>> >> https://github.com/OpenSC/pkcs11-helper >>> >> >>> >>> I have not tried to migrate: >>> >>> - OpenCT >>> >>> - OpenSC-Java >>> >>> Aren't these projects obsolete now? >>> >> >>> >> >>> >> I tried to convert OpenCT. >>> >> But I could not get the author correspondence. Some SVN revisions have >>> >> no author and confuse svn2git. >>> > >>> > I will prepare github for you to use. >>> >>> Ready: >>> https://github.com/alonbl/openct >> >> >> Forked at https://github.com/OpenSC/openct > > No... it should not be forked it should be entire clone. > From this one I should fork mine if I work on openct. > Same for other projects opensc repos should be the master as they > are formal upstream. OK. I deleted openct and pkcs11-helper to recreate them. You can now fork them on your side. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] state of the project?
2012/11/17 Ludovic Rousseau : > 2012/11/17 Andreas Jellinghaus >> SF is sourceforge.net I guess? it still has the opensc project (that >> was used many, many years ago). >> Owners are juha and olaf - if you can reach them, you can re-activate it. > > I just sent a email to Olaf and Juha. I hope they still read the > emails sent to their SF.net contact address. That was fast. Juha added me as admin. It would be best if other active people are also added as admin. Viktor, do you have a SourceForge account? BYe -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] state of the project?
2012/11/17 Andreas Jellinghaus > SF is sourceforge.net I guess? it still has the opensc project (that > was used many, many years ago). > Owners are juha and olaf - if you can reach them, you can re-activate it. I just sent a email to Olaf and Juha. I hope they still read the emails sent to their SF.net contact address. If we can't (re)use the SourceForge OpenSC project then hosting the OpenSC mailing list(s) at groups.google.com would be a good solution. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] Admin access to the OpenSC project at SourceForge.net
Hello Juha and Olaf, The machine hosting https://www.opensc-project.org/ will be stopped at the end of this year (2012). We are looking for a new hosting solution. You both are admin of the OpenSC project at SourceForge.net. Can you add me (login: ludov) as a new admin so we can use https://sourceforge .net/projects/opensc/ as a new host? We plan to host the mailing list(s) at SF.net. Thanks -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] state of the project?
2012/11/16 Alon Bar-Lev > On Wed, Nov 14, 2012 at 10:22 PM, Alon Bar-Lev > wrote: > > On Wed, Nov 14, 2012 at 10:20 PM, Ludovic Rousseau > > wrote: > >> > >> > >> 2012/11/14 Ludovic Rousseau > >>> > >>> I could not migrate: > >>> - pkcs11-help. Something fails in the authors names conversion > >> > >> > >> I forked the github repository of Alon. pkcs11-helper is now available > under the OpenSC organization. > >> https://github.com/OpenSC/pkcs11-helper > >> > >>> I have not tried to migrate: > >>> - OpenCT > >>> - OpenSC-Java > >>> Aren't these projects obsolete now? > >> > >> > >> I tried to convert OpenCT. > >> But I could not get the author correspondence. Some SVN revisions have > no author and confuse svn2git. > > > > I will prepare github for you to use. > > Ready: > https://github.com/alonbl/openct > Forked at https://github.com/OpenSC/openct Thanks -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] state of the project?
2012/11/14 Andreas Schwier > We are still maintaining a version of OpenSC-Java. If you migrate the > repo to GITHUB I will care for it. > Now available at https://github.com/OpenSC/OpenSC-Java I pushed 3 branches: - master - pkcs11-0.2-branch - pkcs11-test-0.2-branch The latest commit in master is 4 years old. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] state of the project?
2012/11/14 Ludovic Rousseau > I could not migrate: > - pkcs11-help. Something fails in the authors names conversion > I forked the github repository of Alon. pkcs11-helper is now available under the OpenSC organization. https://github.com/OpenSC/pkcs11-helper I have not tried to migrate: > - OpenCT > - OpenSC-Java > Aren't these projects obsolete now? > I tried to convert OpenCT. But I could not get the author correspondence. Some SVN revisions have no author and confuse svn2git. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] state of the project?
Hello, 2012/11/11 Viktor Tarasov > I propose to start migration the week 19-25.11 . I'll have more free time: > - sources: all sources will migrate to github; > I just migrated the following projects to github on the OpenSC organization: - libp11 - engine_pkcs11 - pam_p11 - pam_pkcs11 See https://github.com/OpenSC I could not migrate: - pkcs11-help. Something fails in the authors names conversion I have not tried to migrate: - OpenCT - OpenSC-Java Aren't these projects obsolete now? I used svn2git [1] with the attached authors.txt file - TRAC (wiki?): it seems that Peter Stuge proposed to do something with > Trac. > Peter, if you are here, can you take this part, or at least explain how it > could be done, please? > If no suggestions, Trac can also be hosted by 'opensc.fr' . > github provides a wiki and bug tracking system. I have no objection to use trac at opensc.fr. - mailling list: the same, if no other suggestions, I'm ready to > install/migrate it to 'opensc.fr' platform. > Would be nice if one of the experts explain what is the actions to follow > for such migration. > opensc-project.org use mailman as the list manager and # list_lists 5 matching mailing lists found: Mailman - [no description available] opensc-announce - A mailing list for OpenSC announcements opensc-commits - OpenSC source code commit notifications opensc-devel - Development of OpenSC and other smart card related software opensc-user - (INACTIVE) A mailing list for OpenSC users I can retrieve the list of subscribers using list_members(8). Vitkor, it looks like you do not have access to the opensc-project.orgsystem. I can help you with the migration. Viktor, I am not/no more a Unix system admin. But I volunteer to help if needed. I think it is a good idea to have more than one (you?) system administrator. Andreas, the host available at opensc-project.org will disapear at the end of the year 2012 [2]. The domain name has been transfered to Martin Paljaka year ago [3]. But Martin is now missing. Can you transfer the opensc-project.org domain name to Viktor or someone else? Regards, [1] https://github.com/nirvdrum/svn2git [2] http://www.opensc-project.org/pipermail/opensc-devel /2012-September/018377.html [3] http://www.opensc-project.org/pipermail/opensc-devel /2011-October/017312.html -- Dr. Ludovic Rousseau ludovic.rousseau = Ludovic Rousseau aj = Andreas Jellinghaus jonsito = Juan Antonio Martinez martin = Martin Paljak alonbl = Alon Bar-Lev nils = Nils Larsch jps = Jean-Pierre Szikora ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] [Muscle] Ubuntu 12.04 smartcard reader install? AKA: Dear Canonical: could you fix this?
2012/10/16 helpcrypto helpcrypto : > On Thu, Oct 11, 2012 at 3:37 PM, Ludovic Rousseau > wrote: >> >>> I havent restarted yet (to check if the reader start working), but >>> would like to know if theres is something I can do to detect and use >>> the reader (without rebooting). >> >> Replug your reader after installing libccid so that the udev rule file >> is executed. >> You may also have to reboot. > > Replug didnt work, restart did. > Why should I restart? It wont be possible to be hotplug? > (sorry for the cross-post, but tought it was interesting to all) The libccid package installs a udev rule file to change the access rights of the USB device. This rule file is examied at device plug so you need to replug the reader _after_ the file is installed. This rule file is examined by udev so you (may) have to "restart" udev, or simply reboot. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Need help building Mac OS X packages
2012/10/2 Jean-Michel Pouré - GOOZE :
> Hello,
>
> I have some problems building Mac OS X packages on the farm.
> This is Mac OS X 10.6 (SnowLeopard) and OpenSC git.
>
> Can you help?
On my Snow Leopard system with up to date version of OpenSC I have:
/Users/rousseau/Documents/github/OpenSC/OpenSC.tokend/OpenSC/OpenSCRecord.cpp:72:13:{72:15-72:25}:
error: assigning to 'uint8 *' (aka 'unsigned char *') from
incompatible type 'struct sc_pkcs15_der' [3]
data.Data = cert->data;
^ ~~
/Users/rousseau/Documents/github/OpenSC/OpenSC.tokend/OpenSC/OpenSCRecord.cpp:73:23:{73:17-73:21}:
error: no member named 'data_len' in 'sc_pkcs15_cert' [3]
data.Length = cert->data_len;
^
2 errors generated.
The sc_pkcs15_cert structure has been updated in OpenSC but not its
use in the tokend. The tokend is then out of sync and can't be build
with a "recent" OpenSC.
I would suggest to drop the OpenSC tokend, unless someone volunteer to
maintain it.
I also propose to, instead, use the tokend over PKCS#11 hosted at the
SmartCard Services project [1]. This tokend should work with any
PKCS#11 library.
I have not rebuild this tokend since a long time so it may be as easy
(or hard) to rebuild as the tokend from OpenSC.
Bye,
[1] http://smartcardservices.macosforge.org/trac/browser/trunk/Tokend/PKCS11
--
Dr. Ludovic Rousseau
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] [Muscle] Ubuntu 12.04 smartcard reader install? AKA: Dear Canonical: could you fix this?
2012/10/11 helpcrypto helpcrypto : > Hi. Hello, > Probably some of you already deal with this, so here's the issue: > > I have some problems trying to install a smartcard reader on Ubuntu 12.04 > According to [1], this is due to Ubuntu bad use. You do not describe your problem. > I havent restarted yet (to check if the reader start working), but > would like to know if theres is something I can do to detect and use > the reader (without rebooting). Replug your reader after installing libccid so that the udev rule file is executed. You may also have to reboot. > Of course, if i try to remove libpcsclite1, network-manager and some > others are removed, and the network is broken... > > > Actually pcsc_scan get stuck at: > PC/SC device scanner > V 1.4.18 (c) 2001-2011, Ludovic Rousseau > Compiled with PC/SC lite version: 1.7.4 > Using reader plug'n play mechanism > Scanning present readers... > Waiting for the first reader... > > and a dpkg -l shows: > > ii libccid1.4.5-1 > PC/SC driver for USB CCID smart card readers > ii libpcsc-perl 1.4.12-1build2 > Perl interface to the PC/SC smart card library > ii libpcsclite1 1.7.4-2ubuntu2 > Middleware to access a smart card using PC/SC (library) > ii pcsc-tools 1.4.18-1 > Some tools to use with smart cards and PC/SC > ii pcscd 1.7.4-2ubuntu2 > Middleware to access a smart card using PC/SC (daemon > side) > > Im using a Gemalto PCTwin, so no more drivers packages should be > neccesary, right? Exact. > Have a good weekend!!! Same for you. Bye > [1] > http://ludovicrousseau.blogspot.com.es/2010/10/pcsc-lite-upgrade-and-ubuntu-special.html -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Need help building Mac OS X packages
2012/10/7 Ludovic Rousseau : > 2012/10/2 Jean-Michel Pouré - GOOZE : >> Hello, >> >> I have some problems building Mac OS X packages on the farm. >> This is Mac OS X 10.6 (SnowLeopard) and OpenSC git. >> >> Can you help? >> >> ./bootstrap >> ./MacOSX/build 10.6 > > I never used the ./MacOSX/build script. > > I fixed some issues for 10.8 (Moutain Lion) in my macosx branch [1]. > For now the OpenSC.tokend fails to build because the SDK is no more in > /Developer/SDKs/ but inside the Xcode application. > > I will try to have a look at the issues on 10.6. I can't rebuild the tokend on 10.8 :-( The SDK used in the project is 10.6. This is no more supported by Xcode for 10.8. After changing the project to use 10.7 or 10.8 SDK I have the error: In file included from /Users/rousseau/Documents/github/OpenSC/OpenSC.tokend/Tokend/RecordHandle.cpp:29: In file included from /Users/rousseau/Documents/github/OpenSC/OpenSC.tokend/Tokend/RecordHandle.h:32: In file included from /Users/rousseau/Documents/github/OpenSC/OpenSC.tokend/build/security_cdsa_utilities.framework/Headers/handleobject.h:32: /Users/rousseau/Documents/github/OpenSC/OpenSC.tokend/build/security_cdsa_utilities.framework/Headers/handletemplates.h:132:17: error: use 'template' keyword to treat 'findAllRefs' as a dependent template name state().findAllRefs(refs); ^ template 1 error generated. I do not plan to debug the tokend build. Apple deprecated [1] the use of tokend in 10.7. I propose to reuse the latest tokend binary and include it in the the package for 10.8. Or maybe just build OpenSC for 10.6 and use the same package for 10.6, 10.7 and 10.8. Bye [1] http://ludovicrousseau.blogspot.fr/2011/08/mac-os-x-lion-and-tokend.html -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] github OpenSC organisation privileges
Hello, I wanted to create a fork of martinpaljak / OpenSC.tokend under the OpenSC organisation but I can't. I do not have enough permissions. It would also be a good idea to more opensc-project.org subprojects uder the OpenSC github organisation. Martin, I guess you are the admin of the github OpenSC organisation. Can you update my privileges so I can create repositories under OpenSC? I guess Viktor is in the same situation. Thanks -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Need help building Mac OS X packages
2012/10/2 Jean-Michel Pouré - GOOZE : > Hello, > > I have some problems building Mac OS X packages on the farm. > This is Mac OS X 10.6 (SnowLeopard) and OpenSC git. > > Can you help? > > ./bootstrap > ./MacOSX/build 10.6 I never used the ./MacOSX/build script. I fixed some issues for 10.8 (Moutain Lion) in my macosx branch [1]. For now the OpenSC.tokend fails to build because the SDK is no more in /Developer/SDKs/ but inside the Xcode application. I will try to have a look at the issues on 10.6. Bye [1] https://github.com/LudovicRousseau/OpenSC/commits/macosx -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC 0.13 + pcscd as a daemon for Android
2012/9/26 Jean-Michel Pouré - GOOZE : > Dear all, Hello Jean-Michel, > I would like to raise questions about using OpenSC 0.13 under Android. I > hope that Ben from Feitian can participate in this discussion. > > The idea behind is that Feitian released the iReader, a ccid card reader > for mobile devices. The iReader is CCID and is supported under OpenSC > (on computer). GOOZE will be releasing the iReader shortly. I found the iReader on Feitian site [1]. It looks like an interesting product. To know how easy (or hard) it will be to port pcsc-lite I would need more information. The web page is not very informative. For example the iR301 "Support Win2000+/Linux/Mac OS X/Solaris/Android/iOS platform". Is it a reader for iPhone? How does it support Win2000 on iOS? I guess Feitian has documentation on how to use the reader. Bur could not find it. The web site says "Provide secondary development library". What is the primary development library? I also guess Feitian is providing a driver or an API to use the reader. Do you have some documentation about that? The same device can be used with iOS and Android? How do you connect it on an Android device? Is it a real product? Or just vaporware? Bye [1] http://www.ftsafe.com/product/Smart_Reader/iReader301 -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Request for comment: bringing warnings down to a dull roar
2012/9/22 B. Scott Michel : > I'm not a fan of rejected and resubmitted patches -- I prefer to discuss > first before issuing the pull request. That way, the receiver ends up > understanding the intent of the patch versus reacting to the patch. > Neither I nor the patch reviewer can read each others' minds, yet. As Linus Torvalds would say: show me the code. Other ideas are: - do not mix different fixes in the same patch (git is great a generating patch series) - generate minimal changes in patches Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Request for comment: bringing warnings down to a dull roar
Hello, 2012/9/20 B. Scott Michel : > I'm debating whether to submit a pull request on github with patches to > reduce gcc's warnings to a minimum (actually, completely eliminated.) > However, the patches violate the coding rules by marking unused > parameters in static functions -- the "marking" is very explicit and > very visible. > > I also took care of other issues, such as replacing "int" with "size_t" > where needed. I should have made the unused param patch separate from > the integer conversion and other warnings. Do not "fix" unused param warnings. The correct way to fix them is to remove the parameter. Use -Wno-unused-parameter > Question (and request for comments): Should I submit the pull request, > even though the patch would potentially violate the coding conventions? It is always a good idea to submit a pull request to be able to review it. Maybe it will be rejected and you will be asked to change it. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] issue with sc_decompress() call when run on Big Endian OS
2012/9/18 Puneet Khunteta : > Hello, Hi, > I observed that when i use a sc_decompress() call on a Big Endian OS ( Linux > with Arm Processor), i got a error code return -1400. > Where as it works perfectly for the window ( Little Endian) OS. > I have used the same certificate file to de-compress on both devices. > > nRet = sc_decompress(outbuff, (size_t *)&nOutBuffLen, Inbuff, nInBuffLen, > COMPRESSION_AUTO); I don't know what the type of nOutBuffLen is but it is very dangerous to cast pointers. If nOutBuffLen has not the same size as size_t your code is bogus. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Help compiling Mac OS 10.7, 10.8 and 10.9 on ONE machine
2012/9/18 Jean-Michel Pouré - GOOZE : > Hello, Hi, > The build farm has one Mac OS X machine running compilation scripts: > https://opensc.fr/jenkins/computer/farm-macosx-lion/ > > This machine also has several systems installed on different partitions: > Mac OS X Snow Leopard (10.7), Lion (10.8) and Mountain Lion (10.9). Each > time we need a new installer for 10.7 I just reboot the machine, which > is tedious. We also need installers for 10.9. > So my question is: do you know how to install various development kits > (10.7, 10.8 and 10.9) on one system (10.9) to compile to all targets at > once? Is that possible by design in OpenSC and Mac OS X? I tried Google > but could not achieve this. You can install Mac OS X (client) inside VitualBox [1]. It is technically possible. The legal aspect is another problem. I only tried using VirtualBox on a Mac. Maybe that is even possible using VirtualBox on a GNU/Linux machine. > Another solution would be to invest into cheap Mac OS X machines on eBay > (Mac mini core solo), which can be found around 150€ each. That may be the easiest solution. But not the cheapest one (buy the computers and pay for the electricity bill). Bye [1] https://www.virtualbox.org/wiki/Guest_OSes -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] SafeNet/Aladdin new eToken PRO (Java) - driver
2012/9/3 Martin Čmelík : > Hi, Hello, > I would like to ask you if someone can help with drivers for "new" > SafeNet eToken (Aladdin) 5100 (Java Card). > Based on this http://www.opensc-project.org/opensc/wiki/AladdinEtokenPro > it seems to be evolution version of eToken PRO (Java), more info here: > http://www.safenet-inc.com/Products/Data_Protection/two-factor-authentication/SafeNet_eToken_5100/ > ATR - 3b d5 18 00 81 31 fe 7d 80 73 c8 21 10 f4 > is wrongly identified as Bank of Lithuania Identification card, based > on this: > http://ludovic.rousseau.free.fr/softwares/pcsc-tools/smartcard_list.txt The ATR is also identified as a "Aladdin PRO/Java card http://www.aladdin-rd.ru/catalog/etoken/java/"; See http://smartcard-atr.appspot.com/parse?ATR=3bd518008131fe7d8073c82110f4 > SafeNet buy/acquire Aladdin in 2009 so Aladdin product aren't > distributed/supported anymore and only those are in stock :[ I can't help more. Sorry. -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] OpenSC and Coverity scans
Hello, Coverity [1] is a software company selling (proprietary) tools to do static analysis of source code. The company propose to analyse Free Software programs for free. OpenSC is one of the free software projects statically analysed by their tools [4]. You can see the project in the list [2]. Coverity found "some" issues in OpenSC. I fixed some of them in the coverity branch at [3]. But many others need to be analysed and fixed. This is a huge task and help is welcome. If a developer wants to have access to the Coverity reports/database just tell me and I give you access. It is a great tool to find issues. Regards, [1] http://coverity.com/ [2] http://scan.coverity.com/all-projects.html [3] https://github.com/OpenSC/OpenSC/pull/85 [4] http://www.coverity.com/products/static-analysis.html -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] C_GetSlotList() returns 0 slots in Linux?
2012/8/22 Andrew Zitnay : > I have a Linux user that I'm trying to get working with OpenSC. > However, according to my logs, C_GetSlotList() is finding 0 slots. > I'm unable to reproduce this problem on my own Linux box. > > The user claims the smart card reader is plugged in and working properly > in Firefox/Thunderbird: > > Bus 004 Device 012: ID 058f:9540 Alcor Micro Corp. > In Firefox´s Device Manager: > Security Modules and Devices: > PKCS11 > Module PKCS11 > Path /usr/lib/opensc-pkcs11.so OpenSC loads libpcsclite.so.1 dynamically at run time. Check the path is correct in provider_library definition of the /etc/opensc.conf file. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] [i...@mightymarvels.de: cardos driver problem: PKCS#15 binding failed: Unsupported card]
2012/8/15 : > Hello developers, Hello, > I do not want to bother you but the opensc-users list seems completely > inactive. Is there an alternative list or maybe my topic fits here as well? > See > below... The opensc-user list has been merged into the opensc-devel list. See "Merge of opensc-user and opensc-devel." from May 2011 [1]. Bye [1] http://www.opensc-project.org/pipermail/opensc-devel/2011-May/016678.html -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] SCardTransmit failed
2012/8/8 Francesco Zema : > Hi everyone, Hello, > I'm new to OpenSc and I'm trying to read (and write...hopefully) information > from a blank card (if there is some information, like a RSA key stored). > I use a CASTLES EZ100PU and a SLE5542 blank card. OS: ubuntu. > > > when I send pcscan command the reader is detected: > > manager@kiosk:~$ pcsc_scan > PC/SC device scanner > V 1.4.16 (c) 2001-2009, Ludovic Rousseau > Compiled with PC/SC lite version: 1.5.3 > Scanning present readers... > 0: CASTLES EZ100PU 00 00 > > Tue Aug 7 18:40:15 2012 > Reader 0: CASTLES EZ100PU 00 00 > Card state: Card inserted, > ATR: 3B 8F 80 01 80 4F 0C A0 00 00 03 06 0F A0 01 00 00 00 00 C6 > > ATR: 3B 8F 80 01 80 4F 0C A0 00 00 03 06 0F A0 01 00 00 00 00 C6 > + TS = 3B --> Direct Convention > + T0 = 8F, Y(1): 1000, K: 15 (historical bytes) > TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0 > - > TD(2) = 01 --> Y(i+1) = , Protocol T = 1 > - > + Historical bytes: 80 4F 0C A0 00 00 03 06 0F A0 01 00 00 00 00 > Category indicator byte: 80 (compact TLV data object) > Tag: 4, len: F (initial access data) > Initial access data: 0C A0 00 00 03 06 0F A0 01 00 00 00 00 > + TCK = C6 (correct checksum) > > Possibly identified card (using /usr/share/pcsc/smartcard_list.txt): > 3B 8F 80 01 80 4F 0C A0 00 00 03 06 0F A0 01 00 00 00 00 C6 > 3B 8F 80 01 80 4F 0C A0 00 00 03 06 0F .. .. 00 00 00 00 .. > Contact (7816-10) 2WBP (as per PCSC std part3) > > > but when I send pkcs15-tool --list-keys command: > > root@kiosk:~# pkcs15-tool --list-keys > Using reader with a card: CASTLES EZ100PU 00 00 > [pkcs15-tool] reader-pcsc.c:199:pcsc_internal_transmit: SCardTransmit > failed: 0x80100013 > [pkcs15-tool] reader-pcsc.c:239:pcsc_transmit: unable to transmit > [pkcs15-tool] apdu.c:394:do_single_transmit: unable to transmit APDU > > then, pcscan doesn't work anymore > > manager@kiosk:~$ pcsc_scan > PC/SC device scanner > V 1.4.16 (c) 2001-2009, Ludovic Rousseau > Compiled with PC/SC lite version: 1.5.3 > SCardEstablishContext: Service not available. It looks like pcscd exited. I guess the CASTLES EZ100PU driver crashed at some point. Bad driver quality? After a quick search I found [1] that the SLE5542 card is a _memory_ card. You can't use such a card with PC/SC. You can't use such a card with OpenSC. Get a _smart_ card [2]. Bye [1] http://www.smartcardzone.com/sle5542.asp [2] http://en.wikipedia.org/wiki/Smart_card -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Cryptoflex .NET support
2012/8/6 Konrads Smelkovs : > Hello, Hi, > I have a Gemalto/Axalto Cryptoflex .NET, but it appears not to be supported Exact. > How can I make this card supported? Is writing opensc drivers > difficult? Can someone besides me write them? I don't think the .NET card has anything to do with PKCS#15 (but I may be wrong). So it may be some work to add support of this card in OpenSC. Maybe you should have a look at "Source code of PKCS#11 for .NET cards" [1]. Bye [1] http://ludovicrousseau.blogspot.com/2010/04/source-code-of-pkcs11-for-net-cards.html -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] new release?
Hello, 2012/8/5 Viktor Tarasov : > If anyone has more or less significant proposals, especially the ones that > touch the common framework, > please, create the pull requests for github OpenSC.git/staging until the next > weekend . > Don't worry if you will not arrive until this term -- I hope to make > automatic the essential part of release process and so, > to make releases more frequents. Someone just reported [1] a crash on Mountain Lion (OS X 10.8). I don't think I will have time to work on it. > The next weekend I hope to start the advanced non-regression tests of the > current 'staging' and to tag the candidate for release. > > Look also if something essential is missing in the current 'NEWS' of > 'staging'. > Sorry, 'NEWS' do not reflects in details all the contributions that have been > made during the last year -- they are too numerous. I fixed some typos in the NEWS file. Available as a pull-request on github. > 'Codereview' service of opensc-project.org is still not accessible and so > there is no possibility to pick-up > the 'useful' proposals that have been made there. I asked Martin to restart it. The Codereview service is now up and running. Bye [1] http://ludovicrousseau.blogspot.com/2012/08/mac-os-x-mountain-lion-and-smart-card.html?showComment=1344198899128#c8343187550094818437 -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Unoffical Debian/Ubuntu packages for OpenSC staging branch
2012/6/19 Jean-Michel Pouré - GOOZE : > Dear all, Hello, > This is an early beta of packages. We will do our best to improve > packaging. What needs to be done: > * Add debugging instructions (no strip). > * Release updated pcscd + libccid packages on some Ubuntu distros. > * Work on other packages related to crypto and OpenSC. Have you made changes to the debian/* files except adding a new release in debian/changelog? In other words, can you publish a diff between the official Debian packaging and your packaging? Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC Server Maintenance
2012/6/12 Viktor Tarasov : > Hello, Hi, > Le 11/06/2012 21:39, Alon Bar-Lev a écrit : >> Hello Andreas, >> >> GitHub is a great place... Already there, just need to migrate the wiki. >> The question is where Gerrit will be (if is used). >> And if there is a need to migrate the bugs as well... which may be difficult. > > Currently the most advanced OpenSC source code is in github. > (By the way, who is the owner of github OpenSC project ?) Martin Paljak created the OpenSC organization at github. https://github.com/OpenSC And then Martin created the OpenSC repository for this organization. https://github.com/OpenSC/OpenSC I don't know what "owner" means in this case. The OpenSC organization has 3 members: Martin, you and me. > OpenSC/OpenSC github project is connected to the alternative CI server > (https://opensc.fr/jenkins/ <https://opensc.fr/jenkins/computer/>) > This CI service is connected to the Jean-Michel's build/test farm. > Also there are installed and tested CodeReview service > (https://opensc.fr/gerrit/ <https://opensc.fr/jenkins/computer/>). > > What else do we need? > Wiki, mailing list, file-server, ... Bug tracker Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] CRYPTOMATE64
2012/6/12 NdK : > Il 23/05/2012 15:12, Joemar Mante ha scritto: > >>> Someone already tested that token? It's the only one I could find that >>> handles RSA4096... >>> http://www.acs.com.hk/index.php?pid=product&prod_sections=0&id=CRYPTOMATE64 > Finally arrived -- shipment got "lost" and took quite a lot :( > >> I have worked with ACS before handling products related to ACOS5/ACOS5 64K. >> Though we have not any test with open-sc using this particular card. Are >> you using it via a PKCS#11 middleware? > Trying to use opensc and openssl to handle it. > > All I could obtain from it is: > > [root@jago media]# pcscd -afd > debuglog.c:265:DebugLogSetLevel() debug level=debug > 0114 configfile.l:245:DBGetReaderListDir() Parsing conf directory: > /etc/reader.conf.d > 0025 configfile.l:287:DBGetReaderList() Parsing conf file: > /etc/reader.conf.d/GemPCTwin-serial.conf > 0046 pcscdaemon.c:518:main() pcsc-lite 1.8.2 daemon ready. > 2208 hotplug_libusb.c:421:HPEstablishUSBNotifications() Driver > ifd-ccid.bundle does not support IFD_GENERATE_HOTPLUG. Using active > polling instead. > 0058 hotplug_libusb.c:430:HPEstablishUSBNotifications() Polling > forced every 1 second(s) > > (now I plug it in) > [1635886.755035] usb 6-1: new full speed USB device number 14 using uhci_hcd > [1635886.919253] usb 6-1: New USB device found, idVendor=072f, > idProduct=90db > [1635886.919258] usb 6-1: New USB device strings: Mfr=1, Product=2, > SerialNumber=0 > [1635886.919261] usb 6-1: Product: CryptoMate64 > [1635886.919264] usb 6-1: Manufacturer: ACS > > (nothing gets printed by pcscd) Your device is not know by pcscd because it is not support by my CCID driver. The first step is to follow http://pcsclite.alioth.debian.org/ccid.html#CCID_compliant Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] GetInvolved wiki page
2012/6/9 Peter Stuge : > Ludovic Rousseau wrote: >> I don't know where the "Gerrit's review directory" is and could not >> find a gerrit config file. > > ps www $(pidof java) $ pidof java 24079 $ ps www $(pidof java) PID TTY STAT TIME COMMAND 24079 pts/2Sl+ 29:22 java -jar jenkins.war --httpPort=8889 --httpListenAddress=127.0.0.1 --ajp13Port=-1 --prefix=/autobuild There is another java process $ ps www 25775 PID TTY STAT TIME COMMAND 25775 ?Sl 681:58 GerritCodeReview -jar /home/git/codereview/bin/gerrit.war daemon -d /home/git/codereview --run-id=1338275543.25754 -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] GetInvolved wiki page
2012/6/9 Viktor Tarasov : > Le 05/06/2012 09:38, Ludovic Rousseau a écrit : >> Hello, >> >> 2012/6/5 Jean-Michel Pouré - GOOZE : >>> But my question is: >>> * Are we still using gerrit? >>> * Is gerrit synced? >>> >>> After hearing the community answers, I will rewrite this later today. >> As far as I understand the situation: >> 1- github and gerrit has diverged too much and need to be resync manually >> 2- a lot of work has been invested in the staging branch on github and >> should not be lost >> 3- the idea is to start gerrit with a new clean copy of what is on github > > Start with clean copy is not complicated -- clone bare github repository > somewhere in Gerrit's review directory. opensc-project.org server fo not have a /srv/git as documented in the http://gerrit.googlecode.com/svn/documentation/2.0/install.html#create_git_repository_base I don't know where the "Gerrit's review directory" is and could not find a gerrit config file. On the sever we have: - a gerrit user with a home dir in /home/gerrit - $ ls -l /home/gerrit total 18248 -rw-r--r-- 1 gerrit gerrit 18674518 2011-06-07 21:45 gerrit-2.2.1.war drwxr-xr-x 7 gerrit gerrit 4096 2011-12-01 12:02 OpenSC.git drwxr-xr-x 9 gerrit gerrit 4096 2011-12-01 12:22 OpenSC.review > We can re-visit the old gerrit proposals and cherry-pick the 'usefull' ones > into the new gerrit's project. > >> The problem now is to find manpower (and expertise) to implement point 3. > > I was ready to do it, but as you know, > have no sufficient rights on gerrit and jenkins connected to > opensc-project.org . The server is not mine. Maybe Martin can accept you as sys admin. Martin? Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] is this card? is it supported?
2012/6/8 helpcrypto helpcrypto : > Hi! Hello, > Our company -finally-, is going to change the smartcard we are using. > Actually we have a non-cryptographic, and seems we are sitching to "3B > 6F 00 00 80 66 B0 07 01 01 77 07 53 02 31 24 82 90 00" > > Looking at > http://ludovic.rousseau.free.fr/softwares/pcsc-tools/smartcard_list.txt > i have found its ccid supported (already know that), The card is not "ccid supported". It is a card, not a ccid reader. My list is just an association between an ATR and a name. Nothing more. I don't know if this card is supported by OpenSC. > EXTRA for Ludovic Rousseau: > in http://ludovic.rousseau.free.fr/ you have some encoding troubles. > > "système d'exploitation préféré" where it should be something like > "système...préféré", isnt it? > "Ma clé GnuPG" where it should be "clé", right? Configure your browser to use the automatic encoding or use UTF-8. > jai oublié tout le français que j'etudié dans l'ecole ;) J'ai oublié tout le français que j'ai étudié à l'école. No bad :-) -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] GetInvolved wiki page
Hello, 2012/6/5 Jean-Michel Pouré - GOOZE : > But my question is: > * Are we still using gerrit? > * Is gerrit synced? > > After hearing the community answers, I will rewrite this later today. As far as I understand the situation: 1- github and gerrit has diverged too much and need to be resync manually 2- a lot of work has been invested in the staging branch on github and should not be lost 3- the idea is to start gerrit with a new clean copy of what is on github The problem now is to find manpower (and expertise) to implement point 3. Once gerrit is usable again the github repository should be read only to avoid a new divergence. I do not volunteer for point 3. I was expecting Martin to do it but he may not have enough free time these days. The main problem of OpenSC is a lack of trusted manpower. Andreas (previous leader) left the project. Martin has limited free time. I do not use OpenSC much myself but try to help as much as I can. Viktor is working fine merging github pull requests. Regards, -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] eventmgr
2012/6/4 : > Hi all, Hello, > While I was make some scripts distro-agnostic I noticed following regarding > card event: > On Ubuntu one has to use pkcs11_eventmgr While on Suse you have also > card_eventmgr. The libpam-pkcs11 Ubuntu (and Debian) package contains both pkcs11_eventmgr and card_eventmgr. See [1]. > On the openSC wiki, the info regarding both, looks almost the same to me. What wiki page? URL? > Which eventmgr is preferred? It depends on what you want to do. > I presume the card_eventmgr, as insertion/removal of a card has little to do > with the content of the card... Exact. pkcs11_eventmgr works at the PKCS#11 level. card_eventmgr works at the PC/SC level. Not all PKCS#11 token are smart cards. Not all smart cards are PKCS#11 tokens. Hope it helps :-) Bye [1] http://packages.ubuntu.com/quantal/amd64/libpam-pkcs11/filelist -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] new release?
2012/5/27 Jean-Michel Pouré - GOOZE : > Sufficient privileges in GIThub should be granted to a group of people. > Trust is enough to agree on commits. FOAS means "Free" and "Open". FOAS = ? According to http://acronyms.thefreedictionary.com/FOAS we have: FOASFuture Offensive Air System FOASFiber Optic Acoustic Sensors (Northrop Grumman) FOASFirst Order Abstract Syntax (computing) FOASFall of Autumn Skies (band; Australia) FOASFriends of Albert Schweitzer (England, UK) FOASFootsteps of a Stranger (song) FOASFriends of the Animal Shelter of St. Bernard, Inc. (Chalmette, LA) Is it one of them? :-) Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] SIM
2012/5/24 Hans Witvliet : > Hi all, Hello, > >From what i learned, it seems that GSM-sims hold their info in specific > EF's on the smartcard. > > Although they miss the directory structure normally found on cards, is > there any reason why i should not be able to read thsoe EF's? > > I mean, when inserting a SIM into a reader, i get the ATR, but nothing > more. I hoped that opensc-explorer could read them. > > Do those cards require special middleware (like those from safesign) or > is there an other reason why i can not read them? A SIM is not a PKI card. So I am not surprised if OpenSC tools can't use a SIM. I wrote 3 articles [1] in my blog about programs to read and interact with a SIM card. A SIM card is much more easy to use since the commands are standardised and the documentation is public. You do not have that, in general, for a PKI card. Bye [1] http://ludovicrousseau.blogspot.fr/search/label/sim -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] ACR122U + MyEID dual interface
2012/5/24 NdK : > I think this one is well supported: its driver sources have 'rousseau' > in nearly all headers :) > Seems Ludovic got a contract with ACS (I hope for him) in 2009... ACS forked my CCID driver. I got no contract with ACS. Your "ACS ACR122U PICC Interface" reader should work with my CCID driver. I have no answer regarding OpenSC support. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] libccid + keyboard
2012/5/24 : > Hi all, Hello, > Just accidentally I came across some lines in Lodovic's blog. > > For the latest version of licccid-1.4.6, he writes: > "Disable SPE for HP USB CCID Smartcard Keyboard. The reader is bogus and > unsafe." > > I am not sure what "SPE for HP..." means, > but I certainly hope I can still use it for our smartcards as we have a > couple of thousands of those keyboards. > > I hope that it is just an obscure extra feature. SPE is Secure PIN Entry. In this mode the PIN is entered on the keyboard (numeric pad) and sent directly to the smart card without going to the host. See the note at [1]. I do not have such a keyboard myself. So I can't tell you more about the problems. Bye [1] http://pcsclite.alioth.debian.org/ccid/unsupported.html#0x03F00x1024 -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Import X.509 certificate via Firefox?
2012/5/16 Nguyễn Hồng Quân : > Hello all, Hello, > I'm supplementing OpenPGP card support for OpenSC. > I did some changes in OpenPGP driver and PKCS15 interface to make > Firefox and Thunderbird read the X.509 certificate stored in the OpenPGP > card (succeed). Now I want to make Firefox to import certificate to > OpenPGP card (I implemented write support for OpenPGP driver already), I > have some question to need your help: > > - When Firefox import certificate, which C_* functions in PKCS#11 module > will be called? > - What is the action flow from the C_* functions in PKCS#11 to the driver? > - Currently, after select *.p12 file, Firefox automatically assume the > destination as Software Security Device (SSD), instead of asking me > where to import (SSD or Smartcard...). There may be due to something > missing in the PKCS-card_driver code. Can you point me what I need to > implement to make Firefox know that "there are another place to import > than the built-in SSD"? You should use the pkcs11-spy tool [1] provided with OpenSC. It will display all the C_* calls made by firefox. So you will know what to implement to support what you want. Bye [1] https://www.opensc-project.org/opensc/browser/OpenSC/src/pkcs11/pkcs11-spy.c -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Handling multiple USB tokens in IFD handler
2012/4/27 Alexander Gozman : > Hello. Hi, > Probably the problem I'm gonna describe is already known: OpenCT's IFD > handler, used by pcscd, does not > handle multiple USB tokens correctly. With one token everything works fine, > but if you insert another one, it > leads either to error, or even to pcscd's segmentation fault. > The problem hides in CT_init() and CT_close() functions. The first one > calculates wrong channel number for a > new device, and the second causes memory corruption when deleting an item > from a linked list. > I've made a simple patch that corrects these problems and makes IFD handler > work good - see the attachment. > Hope it'll be useful. Applied in revision 1191. Thanks for the patch. OpenCT was maintained by Andreas Jellinghaus. Andreas has now left the smart card world for other opportunities. Do not expect a new release of OpenCT anytime soon. Bye, -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Biometric integraiton?
Le 26 avril 2012 11:32, helpcrypto helpcrypto a écrit : >> Report CKF_PROTECTED_AUTHENTICATION_PATH to the application. OpenSC >> then calls an external lib to do do what is needed to authenticate the >> user. >> >> The external lib can do anything like display a dialog box, talk to >> the biometric reader, talk to a remote server, etc. > > and what about the library-in-the-middle attack? See bellow >> Todo list: >> - define an API between OpenSC and an external lib > > maybe the readers have many different system of autehtication (pin, > biometric, "on the fly /time generated") > I have to think this twice. The only information needed by OpenSC is a boolean: did the authentication succeeded? >> - define a configuration to tell OpenSC to use an external lib > > and, what if i edit your current config and replace the lib with my > modified evil lib? The config file should be secured by the file access rights. /etc/opensc/opensc.conf is owned by root with no write access for normal users. If you can edit a root file you can do anything much more evil. >> I don't know how/if OpenSC can know the smart card reader is >> biometric. I have not seen any thing like that in PC/SC. > > neither I. > what about something like "declaring reader features" ? > If the reader support extended apdus, then EXTENDED_APDU_SUPPORT flag is set. > What do you think of BIOMETRIC_SUPPORT / EXTERNAL_LOGIN_SUPPORT? to know that? > have this been discussed (improve readers feature info on PCSC wg?) Biometric do not use PC/SC. PC/SC has no use of biometric. If a biometric lib is configured in OpenSC then OpenSC should query the lib to know if the/a connected reader is biometric or not. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Biometric integraiton?
Le 26 avril 2012 10:23, helpcrypto helpcrypto a écrit : > The question remains, anyway: how could opensc support > biometric/whatever readers? Report CKF_PROTECTED_AUTHENTICATION_PATH to the application. OpenSC then calls an external lib to do do what is needed to authenticate the user. The external lib can do anything like display a dialog box, talk to the biometric reader, talk to a remote server, etc. Todo list: - define an API between OpenSC and an external lib - define a configuration to tell OpenSC to use an external lib I don't know how/if OpenSC can know the smart card reader is biometric. I have not seen any thing like that in PC/SC. A few years ago I played with fprint [1] and a COVADIS Alya reader [2]. Another API to loot at may be bioapi [3]. Bye [1] http://www.freedesktop.org/wiki/Software/fprint [2] http://pcsclite.alioth.debian.org/ccid/features.html#201 [3] http://code.google.com/p/bioapi-linux/ -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Biometric integraiton?
Hello, Le 26 avril 2012 09:18, helpcrypto helpcrypto a écrit : >> I don't know about the readers or their internals, but OpenSC for sure >> does not support any kind of biometric authentication. > > PKCS#11 interface define both, ui callback (notify) What is that? Can you be more specific? > and that login can > be made using pinpads/external devices. (C_Login can receive the pin, > or can show a dialog if pin==NULL). Yes. That is the flag CKF_PROTECTED_AUTHENTICATION_PATH in CK_TOKEN_INFO. > Biometric/other kind of pinpads can be used using external libraries > provided in config. This, of course, could mean a security risk 'cause > someone could proxyfy the libraries. > > Couldnt opensc provide a way to do this safely? > Could signed libraries solve this? What is the threat model? Who is the attacker and what can he do? Signing a library will not solve much if the attacker has root access or is the user itself. Regards -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] epass2003 unpowered immediately after plugging in
Le 24 avril 2012 23:38, Martin Kaiser a écrit : > Dear all, Hello, > I've spent some time trying to get my epass2003 token to work with > opensc and pcsclite. Unfortunately, I'm stuck and I hope you can help me > track down my problem. > > I'm running on Debian squeeze > Linux xxx 2.6.39-bpo.2-amd64 #1 SMP Tue Jul 26 10:35:23 UTC 2011 x86_64 > GNU/Linux > > I'm using pcsclite and ccid drivers (compiled from source, not the > debian packages) > > pcsc-lite version 1.8.3. > Copyright (C) 1999-2002 by David Corcoran . > Copyright (C) 2001-2011 by Ludovic Rousseau . > Copyright (C) 2003-2004 by Damien Sauveron . > Report bugs to . > Enabled features: Linux x86_64-unknown-linux-gnu serial usb libudev > usbdropdir=/usr/local/pcsclite/lib/pcsc/drivers ipcdir=/var/run/pcscd > configdir=/usr/local/pcsclite/etc/reader.conf.d > > > The token is detected by pcscd, it's powered when I plug it in. However, > it's unpowered immediately after reading the ATR. This is the expected behavior since pcsc-lite 1.6.5 See http://ludovicrousseau.blogspot.fr/2010/10/card-auto-power-on-and-off.html > Therefore, it's not > visible with opensc-tool -l or similar. Why do you think this is related to the power off? What is the output of "opensc-tool -l"? > It's recognized by lsusb -v even after it's unpowered. > > I'll attach the logfile of pcscd -d -f and the output of lsusb -v > > Do you have any idea why the token is unpowered? I have the same > behaviour with different tokens on different pcs (debian / fedora core 15) > > The lines > 2211 ccid_usb.c:1042:ControlUSB() control failed (2/3): -9 Success > 0037 ccid_usb.c:973:get_data_rates() IFD does not support GET_DATA_RATES > request: -9 > > look suspicious but I guess that's not the main problem. You are right. It is not related with your problem. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Buffer size and defining constant
Le 23 avril 2012 11:41, Nguyễn Hồng Quân a écrit : > Thanks, > Because I focus on OpenPGP support, I base my branch on Martin's. > Some coding convention (from GNU C for example) recommend not to place > any space character at the end of lines. I think doing such is a good > practice. I fully agree with removing extra spaces. But please use 2 different and independent commits: - one commit for the white spaces correction - one commit for your buffer size change commit Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Buffer size and defining constant
Le 23 avril 2012 11:09, Nguyễn Hồng Quân a écrit : > Thanks, > I made a pull request at https://github.com/martinpaljak/OpenSC/pull/19 I can't accept your pull request because: - you cloned martinpaljak/OpenSC instead of OpenSC/OpenSC - use the staging branch instead of the master branch - you made a lot of reformat and/or white spaces modifications Have a look at https://github.com/martinpaljak/OpenSC/pull/19/files Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC and multi-arch support
Le 11 avril 2012 16:43, Ludovic Rousseau a écrit :
> Le 11 avril 2012 16:37, Douglas E. Engert a écrit :
>>
>>
>> On 4/11/2012 8:16 AM, Frank Morgner wrote:
>>> Adjusting the loader to determine the architecture and recognizing
>>> architecture specific directories would be the more generic solution, I
>>> think. You can change LD_LIBRARY_PATH or edit /etc/ld.so.conf to do so.
>>> I think the OS should fix this.
>>
>> This would appear to be a common problem with many other packages
>> using dlopen like pam.
>>
>>
>> dlopen man page says:
>> If filename contains a slash ("/"), then it is interpreted as a
>> (relative or absolute) pathname. Otherwise, the dynamic linker
>> searches for the library as follows (see ld.so(8) for further details):
>>
>> So can the default be just "libpcsclite.so"?
>
> The default is already "libpcsclite.so.1" (do not forget the ".1")
> withour any path.
>
> I will try to reproduce the Ubuntu bug.
> Maybe the problem is easy to solve.
The bug is Ubuntu specific. See [1] for more details.
The Ubuntu OpenSC package has been configured with
--with-pcsc-provider=/lib/libpcsclite.so.1
This is because on Ubuntu libpcsclite.so.1 is/was in /lib and not in
/usr/lib. See [2].
And now, with the multi arch change, the absolute lib filename is wrong.
We have nothing to change on OpenSC. dlopen(3) is doing its job correctly.
Bye
[1] https://bugs.launchpad.net/ubuntu/+source/opensc/+bug/978974
[2]
http://ludovicrousseau.blogspot.fr/2010/10/pcsc-lite-upgrade-and-ubuntu-special.html
--
Dr. Ludovic Rousseau
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC and multi-arch support
Le 11 avril 2012 16:37, Douglas E. Engert a écrit :
>
>
> On 4/11/2012 8:16 AM, Frank Morgner wrote:
>> Adjusting the loader to determine the architecture and recognizing
>> architecture specific directories would be the more generic solution, I
>> think. You can change LD_LIBRARY_PATH or edit /etc/ld.so.conf to do so.
>> I think the OS should fix this.
>
> This would appear to be a common problem with many other packages
> using dlopen like pam.
>
>
> dlopen man page says:
> If filename contains a slash ("/"), then it is interpreted as a
> (relative or absolute) pathname. Otherwise, the dynamic linker
> searches for the library as follows (see ld.so(8) for further details):
>
> So can the default be just "libpcsclite.so"?
The default is already "libpcsclite.so.1" (do not forget the ".1")
withour any path.
I will try to reproduce the Ubuntu bug.
Maybe the problem is easy to solve.
Bye
--
Dr. Ludovic Rousseau
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] OpenSC and multi-arch support
Hello, pcsc-lite on Debian and Ubuntu now supports multi-arch [1]. A multi-arched library is no more stored in /usr/lib/ but in /usr/lib/x86_64-linux-gnu for amd64 systems and /usr/lib/i386-linux-gnu for i386 systems (and the same naming applies for all the other achitectures). The idea of multi-arch is to be able to have intel 32 and 64 bits programs and libraries installed at the same time on the same system. Now the problem with OpenSC. OpenSC is no more linked with libpcsclite but uses dlopen(3) to load the library at runtime. Since the library has moved the dlopen() call fails and the library can't be found and loaded. See Ubuntu bug #973886 [2]. One solution is to link OpenSC with libpcsclite at compile time. This is working because the dynamic linker has been modified for multi arch and knows where to find a library. Now that OpenCT is deprecated and PC/SC should be the only card interface to be used maybe the default could be to link at build time. Is anybody modifying the provider_library= configuration in /etc/opensc.conf to something else than the default value? What is the use case? Bye [1] http://wiki.debian.org/Multiarch [2] https://bugs.launchpad.net/ubuntu/+source/pcsc-lite/+bug/973886 -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Failed to connect to card: Card is invalid or cannot be handled
Le 8 avril 2012 12:18, Anton Svensson a écrit : > Here is from a pcscd --foreground --debug when running opensc-tool --atr > http://pastebin.com/M7MitnZm > When running the tool, i also get this: > "Using reader with a card: Gemalto GemPC Twin 00 00" > "Failed to connect to card: Card is invalid or cannot be handled" > > Any ideas? Please, do not use pastebin.com or another such service. Your trace will be lost when the service is stopped/purged/whatever. Just attach the trace to your email. Please, give us a bit more information like the card name you are using. Your card is unknown to me http://smartcard-atr.appspot.com/parse?ATR=3BFA1800FF8131FE454A434F5034314332303074 Bye PS: to the OpenSC members, don't we have a description of what is needed when reporting a problem? I could not find it on the wiki. -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] new version of pam PKCS#11: 0.6.8
Hello, I released a new version 0.6.8 of PAM PKCS#11 [1]. This version fixes: - Ticket #393 "pkcs11_inspect does not ask for card PIN" - Ticket #392 "pam_pkcs11 uses first found private key for signing, not one matching certificate" - and allow to build using -Werror=format-security as is done by Debian hardening configuration [2]. Bye [1] https://www.opensc-project.org/opensc/wiki/pam_pkcs11 [2] http://wiki.debian.org/Hardening -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] How to deal with the gerrit backlog in an effective way?
Le 4 avril 2012 09:49, Viktor Tarasov a écrit : > On Tue, Apr 3, 2012 at 8:36 AM, Ludovic Rousseau > wrote: >> >> Le 3 avril 2012 00:30, Viktor Tarasov a écrit : >> > Le 02/04/2012 10:01, Ludovic Rousseau a écrit : >> >> Le 2 avril 2012 09:56, Jean-Michel Pouré - GOOZE a >> >> écrit : >> >>>> I don't think there is. >> >>> Here is the address of the secure messaging branch: >> >>> https://github.com/viktorTarasov/OpenSC-SM/tree/secure-messaging >> >>> >> >>> We are using it, as it includes most fixes. >> >>> >> >>> Binaries are published in: >> >>> http://www.opensc-project.org/downloads/nightly/sm/ >> >>> >> >>> Why not use Opensc-SM for OpenSC developing branch? >> >> The solution is very simple. >> >> 1. rebase the SM branch over the OpenSC version in gerrit/staging >> >> 2. submit the changes to gerrit >> >> 3. review the changes on gerrit (they should be OK) >> >> 4. someone (Martin/Viktor/me) will accept the changes in gerrit and >> >> they will be merged >> >> >> >> You do not need extra power for that. It is just normal developer work. >> > >> > How the 'staging', that you are working on, is related to the 'staging' >> > branch of the OpenSC.git from github ? >> > Looking onto the git workflow >> > (https://www.opensc-project.org/opensc/wiki/DevelopmentPolicy) >> > I do not quite understand the place of 'staging' on the >> > opensc-project.org . >> >> The "official" repository should be on opensc-project.org. github >> should be a mirror. > > > > So, the presented schema of the git workflow is invalid, and you are going > to redesign it, isn't it? > > >> >> But gerrit was not working (or I did not know how to use it) so I >> merged pull request on github, that was a mistake. Then the two >> repositories diverged in incompatible ways. >> >> Maybe OpenSC on github should be deleted and recreated as a copy of >> opensc-project.org repository. > > > > Why to not do the same with the opensc-project.org repository and to > recreate it as a copy of github ? > This way looks more respective to the number of people who have forked the > github OpenSC.git project. > It's the opensc-project.org repository could be the mirror of the github's > one -- the main development base. That may be the best solution: to restart from a synchronised state. I hope Martin will have more free time in a few days to implement that. Bye, -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Proposal to simplify OpenSC development process
Le 3 avril 2012 09:08, Jean-Michel Pouré - GOOZE a écrit : > Dear Ludovic, Hello, >> The "official" repository should be on opensc-project.org. github >> should be a mirror. >> >> But gerrit was not working (or I did not know how to use it) so I >> merged pull request on github, that was a mistake. Then the two >> repositories diverged in incompatible ways. >> >> Maybe OpenSC on github should be deleted and recreated as a copy of >> opensc-project.org repository. Or maybe we can achieve the same result >> in a soft way and make the 2 repos to converge again. > > My proposal is to simplify the process: > * One single GIT. [1] This is the one at opensc-project.org > * All patches are merged to staging to allow testing [2a]. There could > be a voting process using Genkins if it works OR a lot of reviewers with > commit rights [2b]. We should rely on trust, not hierarchy. The patches are merged _after_ they are verified valid. > * Staging becomes daily packages for all platforms to allow users to > test [3] No objection. > * Daily cron jobs are running on testing servers with smarcards attached > running regression tests [4]. No objection. > * OpenSC is release on each 1st day every two months [5]. This involves manual work to document the changes and check no critical bug is still present. I do not like the idea to have a release even if the code is not (a minimum) ready. > We have set up [3], [4]. [5] is simple as we now have a build farm. > Ludovic, if you don't have time to administer GIT, please let us manage > GIT and give us more freedom to organize as a community. You don't need > to spend that much time if we work in group. You do not need my help to submit all the SM patches to gerrit. You do not need my help to review patches. You do not need my help to propose an update of the NEWS file before a stable release. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] How to deal with the gerrit backlog in an effective way?
Le 3 avril 2012 00:30, Viktor Tarasov a écrit : > Le 02/04/2012 10:01, Ludovic Rousseau a écrit : >> Le 2 avril 2012 09:56, Jean-Michel Pouré - GOOZE a écrit : >>>> I don't think there is. >>> Here is the address of the secure messaging branch: >>> https://github.com/viktorTarasov/OpenSC-SM/tree/secure-messaging >>> >>> We are using it, as it includes most fixes. >>> >>> Binaries are published in: >>> http://www.opensc-project.org/downloads/nightly/sm/ >>> >>> Why not use Opensc-SM for OpenSC developing branch? >> The solution is very simple. >> 1. rebase the SM branch over the OpenSC version in gerrit/staging >> 2. submit the changes to gerrit >> 3. review the changes on gerrit (they should be OK) >> 4. someone (Martin/Viktor/me) will accept the changes in gerrit and >> they will be merged >> >> You do not need extra power for that. It is just normal developer work. > > How the 'staging', that you are working on, is related to the 'staging' > branch of the OpenSC.git from github ? > Looking onto the git workflow > (https://www.opensc-project.org/opensc/wiki/DevelopmentPolicy) > I do not quite understand the place of 'staging' on the opensc-project.org . The "official" repository should be on opensc-project.org. github should be a mirror. But gerrit was not working (or I did not know how to use it) so I merged pull request on github, that was a mistake. Then the two repositories diverged in incompatible ways. Maybe OpenSC on github should be deleted and recreated as a copy of opensc-project.org repository. Or maybe we can achieve the same result in a soft way and make the 2 repos to converge again. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC page down...
Le 2 avril 2012 13:30, helpcrypto helpcrypto a écrit : > INPUT: > http://www.opensc-project.org/opensc/wiki/UsingOpensc Now fixed. Thanks -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] How to deal with the gerrit backlog in an effective way?
Le 2 avril 2012 12:12, Peter Stuge a écrit : > Ludovic Rousseau wrote: >> >> 1. rebase the SM branch over the OpenSC version in gerrit/staging >> > >> > Okay. So all we need is a diff between SM and staging? >> >> No. What you need is to extract all the SM patches and apply them >> on the gerrit/staging branch. >> Of course some conflicts are expected and need to be fixed. >> >> What I would do (but I am not a git expert) > > You got it exactly right the first time. git rebase does exactly > this. For this work it might make sense to do interactive rebase > in order to avoid duplicate work, but in any case rebase is the > right tool. > > >> on the SM branch use: "git format-patch origin" to get the changes >> in individual patch files. >> on the gerrit/staging use: "git am my_patch" for all the previously >> generated patches. > > I would avoid doing this manually. git rebase really is the way to go. I am still lost when git rebase fails. I need to improve my git skills. >> Do not apply all the patches at once but one after the other (in >> the correct order) and rebuild after each patch. The source code >> shall compile after each change or gerrit will reject it. > > This can actually be automated pretty easily after the fact. I would > first do the complete rebase and only after test each commit on the > branch. How do you do that? >> I had the problem yesterday: a compilation bug that was fixed by >> another patch. I had to merge the two patches. > > Another solution may be to reorder the commits. Interactive rebase > makes this very easy once the commits have been found. Reorder and merge the problematic change with the fix. I know who to do that :-) Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] How to deal with the gerrit backlog in an effective way?
Le 2 avril 2012 10:34, Jean-Michel Pouré - GOOZE a écrit : > Dear all, > >> 1. rebase the SM branch over the OpenSC version in gerrit/staging >> You do not need extra power for that. It is just normal developer >> work. > > Okay. So all we need is a diff between SM and staging? No. What you need is to extract all the SM patches and apply them on the gerrit/staging branch. Of course some conflicts are expected and need to be fixed. What I would do (but I am not a git expert) on the SM branch use: "git format-patch origin" to get the changes in individual patch files. on the gerrit/staging use: "git am my_patch" for all the previously generated patches. Do not apply all the patches at once but one after the other (in the correct order) and rebuild after each patch. The source code shall compile after each change or gerrit will reject it. I had the problem yesterday: a compilation bug that was fixed by another patch. I had to merge the two patches. Bye, -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] How to deal with the gerrit backlog in an effective way?
Le 2 avril 2012 09:56, Jean-Michel Pouré - GOOZE a écrit : >> I don't think there is. > > Here is the address of the secure messaging branch: > https://github.com/viktorTarasov/OpenSC-SM/tree/secure-messaging > > We are using it, as it includes most fixes. > > Binaries are published in: > http://www.opensc-project.org/downloads/nightly/sm/ > > Why not use Opensc-SM for OpenSC developing branch? The solution is very simple. 1. rebase the SM branch over the OpenSC version in gerrit/staging 2. submit the changes to gerrit 3. review the changes on gerrit (they should be OK) 4. someone (Martin/Viktor/me) will accept the changes in gerrit and they will be merged You do not need extra power for that. It is just normal developer work. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] How to deal with the gerrit backlog in an effective way?
Le 29 mars 2012 09:55, Viktor Tarasov a écrit : > Hello, > > On Wed, Mar 28, 2012 at 11:05 PM, Ludovic Rousseau > wrote: >> >> Gerrit has more than 200 patches still waiting the the backlog. >> Many of them can't be merge since they do not 'fast-forward' and must >> be rebased by hand. >> >> Since the git commits were created without a Change-Id: we have 3 >> options (I think): >> 1. edit each commit message to add the missing Change-Id: >> and resubmit a rebased patch >> 2. reject all the patches >> rebase all the patches >> resubmit them as new gerrit entries >> 3. reject all the patches >> ask for new submission >> > > 4. Big part of the patches in backlog comes from SM branch. This branch was > recently merged with the public 'staging'. > So, my proposition is to: > 4a. cherry-pick proposals from 'your staging' that are not related to SM and > not yet present in 'public staging' ; > 4b. switch the 'public staging' to 'SM' and use it as a principal > development base and base for releases; > 4c. reset official gerrit to the 'staging' at this moment; > 4d. re-submit previously cherry-picked proposals. Peter, I do not want to play with the gerrit configuration to remove the fast-forward requirement. I do not want to break something. Viktor, your proposal is work to do for someone. I do not volunteer. I tried to merge the changes from github and gerrit by rebasing github/staging on gerrit/staging. Many patches failed and I rejected them. I committed 5 of them after some rework. No one volunteered to help. As I wrote in my initial email, I now do plan for option 3. Dear contributors, please rebase your changes against the current gerrit/staging branch. Regards, -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] How to deal with the gerrit backlog in an effective way?
Le 29 mars 2012 09:55, Viktor Tarasov a écrit : > Hello, > > On Wed, Mar 28, 2012 at 11:05 PM, Ludovic Rousseau > wrote: >> I do not know if a creating a french OpenSC association to deal with >> the project governance will help here. But people with some free time >> can surely help move OpenSC. > > > > 'French OpenSC association' ? > I saw it has been mentioned in the mailing thread > but do not understood what for ? That was ironic. I should have used a :-) I do not know either why a 'French OpenSC association' could help. But some people (hello Jean-Michel) think it is the solution to all our problems. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] How to deal with the gerrit backlog in an effective way?
Hello, Gerrit has more than 200 patches still waiting the the backlog. Many of them can't be merge since they do not 'fast-forward' and must be rebased by hand. Since the git commits were created without a Change-Id: we have 3 options (I think): 1. edit each commit message to add the missing Change-Id: and resubmit a rebased patch 2. reject all the patches rebase all the patches resubmit them as new gerrit entries 3. reject all the patches ask for new submission I did option 1 for some patches. It is very borring and time consuming. Without help (man power) I do plan for option 3. I do not know if a creating a french OpenSC association to deal with the project governance will help here. But people with some free time can surely help move OpenSC. The process is simple. Select a patch and go to its "oldest" unmerged ancestor. Then do: # a. create a merge branch git branch merge # b. go inside local merge branch git checkout merge # c. get cherry-pick a patch from gerrit git fetch ... # d. add Change-Id: git rebase -i HEAD~1 # e. push git push gerrit HEAD:refs/for/staging # f. go inside staging git checkout staging # g. resync git pull The real command for step c. is given at the gerrit interface for a given patch. Example with https://www.opensc-project.org/codereview/#/c/45/ The command is "git fetch https://www.opensc-project.org/codereview/p/OpenSC refs/changes/45/45/1 && git cherry-pick FETCH_HEAD" In step d. the missing Change-Id: line must be added in the commit message. In the "git rebase" in interactive mode replace "pick" by "reword" Then add the Change-Id: given by gerrit. In this case "Change-Id: Ifc3b467d8a299897bb7417c8dfd09873f24e46f6" as the last line of the commit message. You can loop on steps c, d, e, c, d, e, ... Any volunteer? -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Latest build changes
Le 28 mars 2012 18:28, Alon Bar-Lev a écrit : > Well, > I lost it, there are changes committed, the interface of gerrit is > very difficult for proper review. > I hope these are working. I try to cleanup the gerrit backlog. I have to rebase many/all commits by hand. Time consuming :-( If you see patches that should not be merged just add a -2 review. Thanks -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] patch base in gerrit
Le 27 mars 2012 10:50, "Magosányi, Árpád" a écrit : > Hi! > > We have the following symptoms: > - some modifications come as a set of patches. Gerrit lets you review a > patch a time. > - sometimes it is not even clear what are really the changes > - sometimes approved patches fail to apply > > It would be nice if > - all patches in gerrit would be shown as relative to a common base > - this base would be the currently approved head It should be the case. The problem is that we have a backlog of patches coming from github. And that are ordered. It is possible to resubmit them manually without the artificial dependency.It is time consuming but not really complex. > Another nice feature would be to automatically normalize submissions wrt > whitespaces. > It is a pity that patches should be rejected only because some misplaced > spaces, while there are tools out there to automatically reformat code. My solution is to configure VIM [1] to display extra spaces and tabs in red. http://www.carbon-project.org/Vim__How_to_prevent_trailing_whitespaces.html Bye [1] http://www.vim.org/ -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] MacOSX installer issue
Le 27 mars 2012 10:14, Peter Stuge a écrit : > Ludovic Rousseau wrote: >> > Whenever I start pcscd manually: >> > sudo pcscd --foreground --debug >> >> Use: >> sudo /usr/sbin/pcscd --foreground --debug > > Is it re-executing? Suggest do like sshd and refuse to start without > full path in that case. By default pcscd starts in 64-bits mode. But the CCID driver provided by Apple is available in 32-bits only. So pcscd restart in 32-bits to be able to load the CCID driver. The situation will be simpler when: - all PC/SC drivers are Universal Binary with 32 and 64-bits support - or all 32-bits code has been removed from OS X. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] MacOSX installer issue
Le 27 mars 2012 09:19, Jean-Michel Pouré - GOOZE a écrit : > Dear all, > > I am building MacOSX packages for Viktor's Jenkins. Building packages > works. But after installing packages, OpenSC does not work. > > To reproduce the problem: > * Mac OS X 10.6 > * OpenSC packages from opensc-project.org > > I seems to be a problem with my MacOSX station, but I don't know which: > > Whenever I start pcscd manually: > sudo pcscd --foreground --debug Use: sudo /usr/sbin/pcscd --foreground --debug with the complete pcscd path. Or you get the error: pcscd: posix_spawn: pcscd: No such file or directory Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] gerrit - howto?
Le 27 mars 2012 07:01, Peter Stuge a écrit : > Ludovic Rousseau wrote: >> If you want to follow the OpenSC development is very important to >> subscribe to gerrit notifications (I think). > > I agree with this as well. It would of course be possible for gerrit > to automatically send notifications for all new patches to the > opensc-devel mailing list, we do this in several other projects, but > it will of course result in more email traffic proportionate to the > patches sent. Linux developers can handle it fine though.. I agree with Peter. New patches sent to gerrit should be sent to opensc-devel list. We do not (yet) have so many patches. And this should remind people that a new patch has to be reviewed. Peter, can you explain how to setup gerrit for that? I think only Martin can do that change as the gerrit admin. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] How the original patch submitter gets the review messages?
Hello, Le 26 mars 2012 18:01, "Magosányi, Árpád" a écrit : > I have a little concern about the review procedure. > If I go to the point in the code review comment, it will be short and > not too encouraging. > However the guys submitting the patches do the Right Thing, they are > important ones, and some encouragement would be in place. > Should I also include some "thank you", and "your patch is close to > acceptable, just", or is it handled by other means? > (maybe by some automated mailer enclosing the commit message, or some > developer talking tu the submitter?) I don't think that people sending pull requests on github will get emails from gerrit. So comments adding on gerrit will not (I think) be sent to the patch author. Maybe gerrit should be the only entry point for patches. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] code review question
Le 26 mars 2012 17:27, "Magosányi, Árpád" a écrit : > Would https://www.opensc-project.org/codereview/#/c/263/ also fall to > the "Commits that obviously should be bundled with some other change" > category? > Half of the changes needed is at > https://www.opensc-project.org/codereview/#/c/262/1, and the two or > three lines being the main point has been changed between the two patches. And https://www.opensc-project.org/codereview/#/c/263/ is incomplete/bogus. Very good job at reviewing the patch. Thanks. > And I am still confused by the place of gerrit in the development > procedure. Maybe it is rtfm, then please point me to the fm. > I see the patch in gerrit, its fate seems to be undecided for me, but > the corresponding bug report is "fixed" as the patch got to staging. The changes have been merged (by me) on github but not yet on gerrit. The 2 repositories (github and gerrit) have diverged and it is problematic. I think Martin is working on a merge of the 2 repositories. But I don't know what to do if a patch is accepted on github and then rejected on gerrit. Gerrit should be the only entry for patches to avoid such problems. Bye -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] removing libltdl?
Le 24 mars 2012 12:05, "Magosányi, Árpád" a écrit : > I guess you might want to discuss the pros and cons of removing libltdl > dependency. > There is a heap of changesets about it in gerrit. I do not remember why libltdl was needed in the first place. Alon, do you know/remember why libltdl was added? Is it related to OpenSC on Mac OS X 10.5 for PowerPC? I found a reference in [1]. Bye, [1] https://www.opensc-project.org/opensc/changeset/53c3c486af54a60e4ea09bdd7ce936a3b538f420/OpenSC -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] patch quality standards?
Le 24 mars 2012 00:43, "Magosányi, Árpád" a écrit : > Looking at https://www.opensc-project.org/codereview/#/c/150/ , which is > a patch which is overwritten by a later patch in gerrit, I started to > wonder again about quality standards. And this: > http://lwn.net/Articles/328438/ > And there should be others. This is what I have gathered so far: > - whitespace problems marked red in gerrit are bad > - unchecked null pointers are bad > - with a warning cleanup patch state the warnings which had been cleaned up > - comment. the comment and the code should be in sync > - provide a (description of purpose? man page?) with a command-line program > and there is that fighter airplane book, but maybe it is too long > and I am a big fan of unit tests if someone else have to do them ;) > the same about programming contracts ;) > I'm in no position to draw the rules, so I am not creating a wiki page > out of this, but I suggest that someone do. > It would help the work of code reviewers. Most of your remarks were already in https://www.opensc-project.org/opensc/wiki/DevelopmentPolicy#Movingmasterforward I added what was missing. Thanks -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] gerrit - howto?
Hello, Le 23 mars 2012 21:53, "Magosányi, Árpád" a écrit : > I have registered to gerrit, because saying stuff is one thing, doing it > is another. I guess I am supposed to verify and/or review. Which is > what, and how? > I have choosen Change I1e6f787d to experiment with, which is a nice > oneliner. Some guy have changed an email address in a comment to his own. > I believe reviewing means I should take a look at the patch to ensure > that it is up to the standards. > Well, I don't know the standards still, but as it is in the same form > as the previous, I would think it is. so my verdict here is PASS. > Also I believe verifying normally means testing the patch. But in this > case maybe verifying the authenticity of the contact change would be the > correct way. > So I write an email to the old guy, and to the email address in the > same source code which is from the same domain, and to some guy I guess > is associated with the driver in question. If any one says yes and none > says no, then I will push the verify button. > > Is it what someone supposed to do with this gerrit thingie? I think you are doing the good thing. Thanks. For the others, the patch Árpád refers to is discussed at https://www.opensc-project.org/codereview/#/c/252/ I encourage every user of the opensc-devel list to: - create a gerrit account - subscribe to the Email notifications. Go in Settings -> Watched Projects and check the 3 notifications boxes for the OpenSC project - review patches and add comments I was not subscribed to the notifications at the beginning and then missed a lot of patch submissions. If you want to follow the OpenSC development is very important to subscribe to gerrit notifications (I think). Regards, -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC and gerrit
Martin, Le 23 mars 2012 18:17, Martin Paljak a écrit : > Hello, > > On Sun, Mar 18, 2012 at 00:30, Viktor Tarasov > wrote: >> - replication in gerrit do not working. >> Should we manually push the perfect commits from gerrit's repo to staging? >> (In the github's pull requests the commits are also perfects, almost >> perfect.) > Fetching github > Fetching gerrit > Fetching master > To g...@github.com:OpenSC/OpenSC.git > ! [rejected] master/staging -> staging (non-fast-forward) > error: failed to push some refs to 'g...@github.com:OpenSC/OpenSC.git' > To prevent you from losing history, non-fast-forward updates were rejected > Merge the remote changes (e.g. 'git pull') before pushing again. See the > 'Note about fast-forwards' section of 'git push --help' for details. > To g...@github.com:OpenSC/OpenSC.git > > > Github mirror was supposed to be a plain (one way) mirror, meaning > that things that go through gerrit are published on github and github > pull requests put to Gerrit, but merging both to gerrit and github > causes expected different trees. Fixing this requires some effort. I think I am the/one of responsible for this problem. Since gerrit was not working for me I merged new code on github. Sorry for the mess. Are pull request for OpenSC/OpenSC on github sent to gerrit automatically as documented in [1]? Regards, [1] https://www.opensc-project.org/opensc/wiki/SourceCode -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Changed certificate on opensc-project.org
Jean-Michel, Le 23 mars 2012 08:58, Jean-Michel Pouré - GOOZE a écrit : > Dear Martin, > >> opensc-project.org SSL certificate expired (kind of suddenly, there >> should have been a reminder but that did not arrive for some reason), >> the checksums of the new one are: >> MD5: 68786c3e0cfe44e31d6c789e767605d5 >> SHA1: d7af30e8dfd9b6433353999f24e5dbb74132a988 > > Nice to see you on board. > > Could you have a look at our previous posts and confirm that : > 1) The OpenSC project is not owned by you but by the community at large. > 2) That you are a system administrator and developper. As such, you > admit to serve the community. It is not nice to hijack a thread and change the discussion. > The reason behind is that we would like to avoid OpenSC becoming another > project like CCID or Apple Tokend, where one or two persons lock down > commits. > > Please have a look at this page: > http://smartcardservices.macosforge.org/trac/wiki/team > >> CCID Engineering >> • Lead: Ludovic Rousseau >> • Dev: Ludovic Rousseau > >> PCSCD Engineering >> • Lead: Ludovic Rousseau >> • Dev: Ludovic Rousseau > > I am worried that a a small team of committers linked to companies lead > to interest conflicts. For example, tokend has an outdated CCID, an > outdated libUSB and only some vendor drivers are updated, including > Gemalto. I do not remember having seen _ANY_ patch from you regarding the http://smartcardservices.macosforge.org/ project. You have to understand that free software projects (in a large part) are do-ocracy and not democracy. The people doing things decide how they do it. If you want to get a commit write access you shall first provide good patches and work. It does not work in the reverse order. If you are not happy with what Apple provides in the OS then contact Apple, not me or this mailing list. > Furthermore, you don't seem to answer our emails. Which leads me to > believe that you are acting as an owner and not as a system > administrator. Please confirm by writing that you are not OpenSC owner. > > And please don't answer us something like "go fork", we are not going to > do it. When the project was handed over by Andreas, it was a community > and shall remain. You cannot _require_ anything from volunteers. And you are very rude trying to do that. Regards, -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Managing devices simultaneously
Le 21 mars 2012 11:27, Szabó Áron a écrit : > Dear Members, Hello, > I made some queries in Google to find out what limitations are there at > managing huge number of smart cards, USB tokens (and keys) simultaneously at > the level of CSP, or PKCS#11, but just opensc.conf file gave me some > answers. > > > > # Maximum Number of virtual slots. > > # Default: 16 > > # max_virtual_slots = 32; > > > > # Maximum number of slots per smart card. > > # Default: 4 > > # slots_per_card = 2; > > > > # (max_virtual_slots/slots_per_card) limits the number of readers > > # that can be used on the system. Default is then 16/4=4 readers. > > > > I know that drivers of HSMs can manage (address) thousands of keys, but > there were no exact values for regular smart card, USB token drivers. > > > > What is the maximum number (if any exists at this level) of regular smart > cards, USB tokens (and keys) that can be used and managed by OpenSC in the > same environment (USB controller supports up to 127 devices, up to seven > tiers, including the root tier and five non-root hubs)? I can't say about OpenSC. But at the PC/SC level pcsc-lite is limited to 16 readers by default. You can change PCSCLITE_MAX_READERS_CONTEXTS in PCSC/src/pcsclite.h.in for another (greater) value and rebuild pcsc-lite. Or you can propose a patch to use a list instead of a fixed size array to definitely solve the problem :-) Regards, -- Dr. Ludovic Rousseau ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
