Hi all,
XDG_CACHE_HOME was not defined, also not after a GDM login as user root.
I added it to /root/.bash_profile. Afterwards:
grep XDG_CACHE_HOME ~/.bash_profile
export XDG_CACHE_HOME=$HOME/.cache
[root@minicard ~]# ls -ldZ $XDG_CACHE_HOME
drwx------. 11 root root system_u:object_r:cache_home_t:s0 158 Nov 18
15:49 /root/.cache
[root@minicard ~]# ls -ldZ $XDG_CACHE_HOME/opensc
drwx------. 2 root root unconfined_u:object_r:cache_home_t:s0 6 Nov 18
12:33 /root/.cache/opensc
[root@minicard ~]# ls -lZ $XDG_CACHE_HOME/opensc
<empty!>
And: user the smartcard is slow once again. Put back file_cache_dir in
/etc/opensc.conf and the smart card is (more or less) fast again.
Winfried
Op 18-11-2024 om 15:31 schreef Sumit Bose via FreeIPA-users:
Am Mon, Nov 18, 2024 at 02:50:09PM +0100 schrieb Winfried de Heiden:
Hi all,
The tuning options as provided on
https://github.com/OpenSC/OpenSC/wiki/Aventra-MyEID-PKI-card#smart-card-reader-configuration.
He looks however it is related to file caching. In "man 5 opensc.conf":
If caching is done by a system process, the cached files may be
placed inaccessible from a user account. Use a globally readable
and writable location if you wish to share the cached
information.
Note that the cached files may contain personal data such as name
and mail address.
email handtekening privé It seems caching is done by GDM (user: gdm) and
sssd (user: root) and I added to ensure a caching directory is created (and
removed when rebooted, nice and handy during testing)
/etc/tmpfiles.d/opensc.conf
d /dev/shm/.cache/opensc 2700 gdm root -
I also added "file_cache_dir" to /etc/opensc.conf:
app default {
# debug = 3;
# debug_file = opensc-debug.txt;
framework pkcs15 {
use_file_caching = public;
file_cache_dir = /dev/shm/.cache/opensc;
}
reader_driver pcsc {
# The pinpad is disabled by default,
# because of many broken readers out there
enable_pinpad = false;
}
}
# the pkcs15-init is used for card initialization when the file caching
# brings more trouble than use so disable that:
app pkcs15-init {
framework pkcs15 {
use_file_caching = no;
}
}
It's still not bleeding fast () but it'sa shure more acceptable and
workable. After a reboot:
time sudo -l; sudo -k; time sudo -l
PIN for MyEID-222 (MyEID-222 Basic PIN):
User winfried may run the following commands on minicard:
(ALL : ALL) ALL
real 0m8.016s
user 0m0.019s
sys 0m0.022s
PIN for MyEID-222 (MyEID-222 Basic PIN):
User winfried may run the following commands on minicard:
(ALL : ALL) ALL
real 0m5.428s
user 0m0.019s
sys 0m0.012s
When I remove the line "file_cache_dir", sudo -l takes ages (...) but
strangely there are no traces of any cache anywhere on the filesystem; no
wonder it is slow...
According to the man pages:
Where to cache the card's files. The default values are:
• $XDG_CACHE_HOME/opensc/ (If $XDG_CACHE_HOME is defined)
• $HOME/.cache/opensc/ (Unix)
• $USERPROFILE\.eid-cache\ (Windows)
But nothing is there!? Anyone got an idea whatś happening here?
Hi,
have you check if the `$XDG_CACHE_HOME` or `$HOME/.cache` directories
exists for the root user?
bye,
Sumit
Thanks!
Winfried
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
