[Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
** Tags added: sec-407 ** Tags added: sec-408 sec-409 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1892559/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
Triaging to Medium, we would still like to see that stack installed by default but it's not going to be for the coming LTS at this point. ** Changed in: pcsc-lite (Ubuntu) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1892559/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
** Changed in: ccid (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => Ray Veldkamp (rayveldkamp) ** Changed in: ccid (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1892559/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
I've reported the lack of symbols to Debian on https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997932 with a patch now ** Bug watch added: Debian Bug tracker #997932 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=997932 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1892559/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
The plan seems quite solid, and I do agree that having some more testing would be nice (also using libsofthsm2 can help here I think). I'm not sure if all this can be achieved by the next LTS though, which I think we're targetting. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1892559/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
Now that the security team has some new hires, we're looking at reviving this series of tasks. Looking through the bug I have come up with the following outstanding items: - Add a .symbols file to opensc - try to add vsmartcard-vpicc + vsmartcard-vpcd autopkgtests - a formal list of 'supported cards' that we will test with and expect to work - try to address the awkward path of libraries, /lib/pam_pkcs11/ - make pcscd not run as root https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930530 Did I overlook anything? Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1892559/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
On Mon, May 3, 2021 at 10:20 AM Ludovic Rousseau <1892...@bugs.launchpad.net> wrote: > > opensc-pkcs11.so is a PKCS#11 lib so the its API conforms to the > standard defined in https://docs.oasis- > open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html Thanks Ludovic for adding the expert details! And that makes me re-consider this to "yes we should add .symbols". > If you really need to move opensc-pkcs11.so & pkcs11-spy.so in a subdir > I would recommand to use /usr/lib/*/pkcs11/ as it is already the case. Well, since there are external users it will be much harder to move things. As they all need to be compatible (or adapted) to the new place. Still worth having a look to move them, but more complex and more potential impact than what I expected before your explanation. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1892559/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
opensc-pkcs11.so is a PKCS#11 lib so the its API conforms to the standard defined in https://docs.oasis- open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html If you are looking for .h header files you can use: https://www.oasis-open.org/committees/document.php?document_id=55655_abbrev=pkcs11 https://www.oasis-open.org/committees/document.php?document_id=55656_abbrev=pkcs11 https://www.oasis-open.org/committees/document.php?document_id=55657_abbrev=pkcs11 pkcs11-spy.so is a spy/debug library. It uses the same API. A PKCS#11 library is, in general, dynamically loaded using dlopen(3). So the dependency is not visible from an application using the library (for example Firefox). If you really need to move opensc-pkcs11.so & pkcs11-spy.so in a subdir I would recommand to use /usr/lib/*/pkcs11/ as it is already the case. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1892559/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
Thank you Marco and Sebastien, > * the launchpad buglist has been triaged a bit and fixed issues closed Thanks! >From your bug cleanup did you spot any kind of setup/HW that you want to >restrict/exclude? Was there any common pattern that makes up most of the formerly seen bad reports? > * the dh_missing has been reported to Debian now, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987817 Yeah, I think that is enough for now. > the libraries are private (no .so provided, other softwares can't really build with it), ideally they would move it to a subdir but do we really need .symbols added in such cases? I agree this is a case where it is a tough decision if it is strictly required due to them being "meant" private. But I'd not agree that there are no .so files provided. root@h:~# dpkg -L opensc opensc-pkcs11 | grep '\.so' /usr/lib/x86_64-linux-gnu/libopensc.so.7.0.0 /usr/lib/x86_64-linux-gnu/libsmm-local.so.7.0.0 /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11-spy.so /usr/lib/x86_64-linux-gnu/libopensc.so.7 /usr/lib/x86_64-linux-gnu/libsmm-local.so.7 /usr/lib/x86_64-linux-gnu/pkcs11/onepin-opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so /usr/lib/x86_64-linux-gnu/pkcs11/pkcs11-spy.so $ nm --dynamic $(dpkg -L opensc-pkcs11 | grep '\.so' | xargs) | pastebinit https://paste.ubuntu.com/p/7SpfQ5gW26/ So there are in theory symbols, but I agree it still is not really usable (or meant to be used). As there are for example no headers for it :-) And OTOH adding symbols files is a rather trivial task that protects against some bad breakage. So is it strictly mandatory: hmm, debatable ... I guess no. I'd say as prereq add symbols OR move to subdir - of which the latter is the much more useful and correct thing to do. And as there are no other users you won't have to touch any other package for that change. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1892559/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
@opensc * the dh_missing has been reported to Debian now, https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987817 * the launchpad buglist has been triaged a bit and fixed issues closed * the libraries are private (no .so provided, other softwares can't really build with it), ideally they would move it to a subdir but do we really need .symbols added in such cases? ** Bug watch added: Debian Bug tracker #987817 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987817 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1892559/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1892559] Re: [MIR] ccid opensc pcsc-lite
Updating the title, hopefully it reflects correctly what needs to be promoted. @Marco, the binaries we want installed are those 'libpam-sss opensc- pkcs11 pcscd' right? libpam-sss is already in main and pcscd depends on libccid which also needs promotion as a result ** Summary changed: - [MIR] ccid libpcsc-perl opensc pcsc-tools pcsc-lite + [MIR] ccid opensc pcsc-lite -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1892559 Title: [MIR] ccid opensc pcsc-lite To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ccid/+bug/1892559/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
