Re: pkcs11 module registration in Ubuntu 12.04 and chromium

1,213 views
Skip to first unread message

Frank Marien

unread,
Aug 9, 2012, 10:32:38 AM8/9/12
to eid...@googlegroups.com
Dear Mr Stein,

On 08/06/12 12:56, benste wrote:
Hi, 

i've just purchased a crad reader - and used ubuntu successful with different cards,
isntalled the BEID GUI i can also get the information written onto the card.
When you write "used ubuntu successful with different cards" what do you mean, exactly?
Your distro is Ubuntu, but did you use eID cards successfully, in SSL sessions?, reading Identity data?
using the official Middleware, or other software? Or was it other cards you used?

Could you please elaborate so we could get a better idea of your situation.


Using inbuild packages i was trying to follow your 
Did you build your own packages? Just wondering because most Ubuntu users today use the official
FedICT .deb packages and we get very few complaints, so if you have problems with the official package
causing you to have to build your own: we'd sure like to hear about it.. but this aside..

which seems to have messed up my DB now ? - What am I doing wrong and what's the right step to move forward without installing the tarbal ?
btw. if it's important my card reader is a reinersct rifd standard - class 3 device.
I don't think one could structurally mess up the nss db using the modutil command, however, during

modutil -dbdir sql:.pki/nssdb/ -list

it will attempt to load the pkcs11 modules in the list, and if that fails behind the scenes I'm not sure whether it will give the type
of output you're seeing (we don't support nss,directly). I propose we try and find out whether your nss db is structurally corrupt,
or it's OK but the commands are attempting to use libbeidpkcs11 and that fails (and the command doesn't handle that gracefully).

1) Could you check out (and paste) the contents of your

.pki/nssdb/pkcs11.txt

file, in your home directory, please?

also,

could you run the modutil command through an strace and send us the log, please? The command to run would be

strace -f modutil -dbdir sql:.pki/nssdb/ -list 2> modutil.txt


(and send us modutil.txt - if you don't have strace yet, the package is also named strace: apt-get install strace)

Here some output - btw- searched the directorys also the commented one and both don't have the file mentionied as libfile

at least the following packages are isntalled
apt-get install fxcyberjack libifd-cyberjack6 pcsc-tools libnss3-tools libbeidlibopensc2

I don't know the specific Cyberjack tools or libraries, but I know libbeidlibopensc2: It's part of an ancient beid version
that's long deprecated: It's presense could most certainly be causing you the troubles you're seeing. Please uninstall it.
Also, why not try the official Debian release at:

http://eid.belgium.be/nl/je_eid_gebruiken/de_eid-middleware_installeren/linux/

?



benste@benste-VAIO:/usr$ modutil -dbdir sql:.pki/nssdb/ -add "Belgium eID" -libfile /usr/lib/libbeidpkcs11.so

WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 

modutil: function failed: security library: bad database.
benste@benste-VAIO:/usr$ modutil -dbdir sql:.pki/nssdb/ -list
modutil: function failed: security library: bad database.

I tried these commands (appartently, standard on my Arch Linux - or installed with chromium, not sure), and I get the
same warning until I close FireFox, but not the "bad database" error (that would be too easy..) What I do see in the strace on my machine is that
the list operation loads our pkcs11 module, so I definitely think the strace is the way to check this out.

WKR
Frank.




--
Je hebt dit bericht ontvangen, omdat je je hebt aangemeld bij de groep 'eID Middleware' van Google Discussiegroepen.
Ga naar https://groups.google.com/d/msg/eid-mw/-/B69Io_1YH9gJ om deze discussie op het internet te bekijken.
Als je een bericht in deze groep wilt plaatsen, stuur je een e-mail naar eid...@googlegroups.com.
Als je je wilt afmelden voor deze groep, stuur je een e-mail naar eid-mw+...@googlegroups.com.
Bezoek deze groep op http://groups.google.com/group/eid-mw?hl=nl voor meer opties.

Reply all
Reply to author
Forward
0 new messages