[Desktop-packages] [Bug 1843392] Re: [snap] smart card reader no longer works

Mon, 07 Oct 2019 07:51:22 -0700 

This is similar to https://forum.snapcraft.io/t/cant-load-security-
device-in-firefox-snap/12471.

You probably already know that, but just in case: running
/snap/chromium/current/usr/lib/chromium-browser/chrome directly results
in bypassing the snapd sandbox, so it's never a good idea (other than
for testing/debugging purposes).

The proposed approach to solve this that was discussed with the security team 
is:
 - stage common PKCS modules in the snap
 - add a layout for /usr/lib/pkcs11 pointing to a writeable area of the snap 
(e.g. $SNAP_USER_DATA/.local/lib)
 - on first run, copy the common PKCS modules to that writeable area
 - document that custom modules (and their dependencies?) should be manually 
copied to that directory
 - create a new interface (not auto-connected, that's okay) for access to 
/var/run/pcscd/pcscd.comm

I'm not familiar with how smart card readers work though, so feedback
and suggestions are welcome.

** Summary changed:

- [snap] smart card reader no longer works after switching to snap verison
+ [snap] smart card reader no longer works

** Changed in: chromium-browser (Ubuntu)
     Assignee: (unassigned) => Olivier Tilloy (osomon)

** Changed in: chromium-browser (Ubuntu)
   Importance: Undecided => High

** Changed in: chromium-browser (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/1843392

Title:
  [snap] smart card reader no longer works

Status in chromium-browser package in Ubuntu:
  Confirmed

Bug description:
  chromium uses the Netscape Cryptographic Module to access smartcards
  for authentication purposes. This stopped working when switching to
  the snap version. Chromium would normally access the setup in
  ~/.pki/nssdb/pkcs11.txt That file  would refer to a library used to
  access the smart card. I.e /usr/lib/x86_64-linux-gnu/pkcs11/opensc-
  pkcs11.so

  The problem can be bypassed by manually launching chromium via:
  /snap/chromium/current/usr/lib/chromium-browser/chrome

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1843392/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to