Andreas Jellinghaus write in Tue 04/14 2009 at 18:51 +0200: > Hi Stanislav, > > please check svn, I applied all of your patches. > > also can you help updating the wiki pages OperatingSystems > and Quickstart?
Attaching raw draft of hal section of OperatingSystems. Please check whether it is acceptable. > > - Removes deprecated access to /proc/bus/usb. > > not sure if everyone did already switch over, but lets hope hald > will know where their usb device file is - so we don't need to > keep track of it. New version of the addon uses HAL_PROP_SMART_CARD_READER_DEVICE_FILE instead of building the device path. Let's hope that HAL provides the correct one. > btw: can't hald chown and chgrp on device files? I thought so, but > I have little clue about such details. No, hal itself can't chown/chgrp. It contains hal-acl-tool, which is a PolicyKit integration tool. It works in this way: 1. new device is enumerated by HAL 2. HAL FDI rules define policy and node to apply policy in properties 3. HAL calls hal-acl-tool callout 4. hal-acl-tool asks PolicyKit and sets ACL on device node for all users with permission to access the device (e. g. users on active local console) 5. hal-acl-tool records manipulated nodes in /var/run/hald/acl-list 6. When event affecting permissions happens, ACL permissions are updated For standard UNIX permissions and device node creation hal depends on udev. > and if anyone wants to do some cleanup: ludovic published his database > with all usb device he knows. we can remove all the vendor/product id > files from out config files, if the generic ccid rule already matches > those. (and for the remaining files, a perl/sed/shell script to > publish one text file into all the different files would be great, > so we don't need to manualy maintain so many copies with the same > information). Yes, it would be nice. Maybe even HAL can accept such list. Maybe a simple text file would be better "source" format, as it is one line for device. I can create scripts for processing this list, as I need just another output anyway (modalias supplements for rpm, which will allow automatic package proposal in openSUSE). Generic CCID rule is a bit different, as it matches interface class. I guess that all other rules match USB ID. -- Best Regards / S pozdravem, Stanislav Brabec software developer --------------------------------------------------------------------- SUSE LINUX, s. r. o. e-mail: [email protected] Lihovarská 1060/12 tel: +420 284 028 966, +49 911 740538747 190 00 Praha 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz/
=== hald setup === Hald needs a fdi config file and an addon script it runs when something in the fdi config file matches. To install these files. It is recommended to use separate information and policy fdi files. Installation path for the addon is distro specific and there is no simple way to determine it (see http://bugs.freedesktop.org/show_bug.cgi?id=15768). It may be /usr/bin, /usr/sbin, /usr/libexec, /usr/libexec/hal, /usr/lib/hal, /usr/lib64/hal, /usr/lib32/hal. openct daemon needs correct permissions for your smart card device. If your openct daemon is running as root, you don't have to care about it. Otherwise you have to edit etc/openct.hald and properly set chown and eventually chmod. {{{ # mkdir -p /usr/share/hal/fdi/information/10freedesktop/ # cp etc/openct.fdi /usr/share/hal/fdi/information/10freedesktop/10-usb-openct.fdi # cp openct-policy.fdi /usr/share/hal/fdi/policy/10osvendor/10-usb-openct.fdi # only in lastest openct # cp etc/openct.hald /usr/lib/hal/hald-addon-openct # distro dependent }}} If you are using hal, don't install udev rules. Direct access to device nodes If required, there are three possible types of policies for direct access to device nodes: - Only root can access. - Use standard UNIX UID/GID permissions by editing of etc/openct.fdi. - Use UNIX ACL for grating access. Latest hal and openct snapshots support smart-card-reader PolicyKit policy. With such version of hal, direct access is permitted for local users with active terminal. OpenCT however allows everybody to access smart card via the daemon. Incompatibilities Different distributions need different setup. Here are most important differences: - Modern distributions use /dev/bus/usb, older distributions use /proc/bus/usb. You have to check, that your hal provide valid device nodes to the addon. - In older HAL versions USB is "bus", not "subsystem". You have to edit FDI files. - Device permissions are set in a different way in older distributions (e. g. using resmgr). PCMCIA and PC-Card readers are not yet supported via hald, advice and patches are very welcome. Hald documentation is available online at http://people.freedesktop.org/~david/hal-spec/hal-spec.html Disabling openct addon If you want to disable openct addon without uninstallation of openct, you can copy etc/openct-disable.fdi to /etc/hal/fdi/policy/.
_______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
