Bug 14890

Summary: chromium does not support esteid-browser-plugin
Product: Mageia Reporter: Ãlo Parri <yltsparri>
Component: New RPM package requestAssignee: Sander Lepik <mageia>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: https://github.com/open-eid/chrome-token-signing
Whiteboard:
Source RPM: CVE:
Status comment:
Attachments: SPEC versions

Description Ãlo Parri 2014-12-25 22:42:04 CET 
Chromium has dropped support for NPAPI.
Without chrome-token-signing package signing with Estonian ID-card using chromium is no longer possible.

This should be part of task-esteid 

https://github.com/open-eid/chrome-token-signing

https://installer.id.ee/media/sources/chrome-token-signing-3.9.0.374.tar.gz
https://installer.id.ee/media/sources/chrome-token-signing-3.9.0.374.tar.gz.asc

https://www.openxades.org/web_sign_demo/sign.html

https://installer.id.ee/media/ubuntu/pool/main/c/chrome-token-signing/


Reproducible: 

Steps to Reproduce:
David Walser 2014-12-26 04:50:14 CET

Assignee: bugsquad => mageia

Comment 1 Sander Lepik 2014-12-27 19:48:13 CET 
I don't think I have time to work on this. Not to mention that the state of Chromium package in Mageia is pretty sad and I wouldn't encourage anyone to use it.

Upstream has tested this package only on Ubuntu, so I have no idea if it even works with Chromium on Mageia. If someone can provide me a working and tested spec then I'm happy to take maintainership, but w/o it I'm not sure if it will be included in mga6 or not.
Comment 2 Ãlo Parri 2014-12-31 11:20:26 CET 
I am not an expert on writing rpm spec files. But played with it a bit and reached "works for me" stage. Demo page works haven't had chance to do actual signing.

Bit tricky part is creating valid crx file and setting the correct extension id in update.xml, esteid_policy.json, ee.ria.esteid.json and to be correct in manifest.json.

Extensions id is generated from public key from certificate used to sign crx file and it has to be correct to allow access to binary part.

I am also not sure how to handle certificate used for signing crx file. Private keys should not really be made public, but crx file must be signed. 
https://installer.id.ee/media/sources/chrome-token-signing-3.9.0.374.tar.gz provides presigned crx file.

esteid_policy.json: used to install extesnion for all users
ee.ria.esteid.json: used to allow extension to call crome-token-signing binary
update.xml:         used for automatic updating
Comment 3 Ãlo Parri 2014-12-31 11:36:40 CET 
Created attachment 5777 [details]
SPEC versions

chromium-token-signing-3.9.tar.gz is created from 
git clone --recursive https://github.com/open-eid/chrome-token-signing
Comment 4 Sander Lepik 2017-01-14 16:41:45 CET 
Hi!

Took me quite some time but chrome-token-signing is now uploaded. Please test if you are still interested. It should work with Chrome and Chromium as well. Getting it to work with Firefox will take some more time.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 5 Ãlo Parri 2017-01-15 13:10:54 CET 
Seems to work on Cauldron x64 with chromium and chrome.