ne fonctionne pas beid-middleware - Application to read information from the Belgian e-ID card This application allows the user to read out any information from a Belgian electronic ID card, by using libbeid and libbeidlibopensc to read the data from the card and parse it. Both identity information and information about the stored cryptographic keys can be read in a user-friendly manner, and can easily be printed out or stored for later review. The application verifies the signature of the identity information, checks whether it was signed by a government-issued key, and optionally checks the certificate against the government's Certificate Revocation List (CRL) and/or by using the Online Certificate Status Protocol (OCSP) against the government's servers.
Thank you for reporting. Please, the description of package do not help, we already know it ;) Can you explain what the problem is? Try google translate if you hesitate to write in english. I tested sucsessfully to install using drakrpm on Mageia 7 64 bit, it installs: - acr38u-1.7.11-8.mga7.x86_64 - beid-middleware-4.4.8-1.mga7.x86_64 - ccid-1.4.30-1.mga7.x86_64 - lib64acr38u0-1.7.11-8.mga7.x86_64 - pcsc-lite-1.8.26-1.mga7.x86_64 I do not know how to run it... i guess it is normally called from a web browser. Just to try something I issued: $ beid-update-nssdb Found PKCS#11 library at: /usr/lib64/libbeidpkcs11.so.0 Enabling ID-card functionality in Google Chrome/Chromium/Opera via /usr/lib64/libbeidpkcs11.so.0 ERROR: Failed to delete module "Belgium eID". Module "Belgium eID" added to database. $ beid-update-nssdb Found PKCS#11 library at: /usr/lib64/libbeidpkcs11.so.0 ID-card support for Google Chrome/Chromium/Opera already enabled So it seem to work here. However, this system have a lot of stuff installed. So it it fail to install on your system, It may be that beid need something that this system already had installed, but yours is missing it. If so we have a bug here that the package should require something it currently do not. Or did i not understand correctly and you really need a later version than the one we provide? If it works and you really only need a later version: have you tried to install the fedora rpm? https://eid.belgium.be/en/linux-eid-software-installation
CC: (none) => friEver confirmed: 1 => 0Status: NEW => UNCONFIRMEDURL: (none) => https://eid.belgium.beSummary: no install possible, old RPM => beid-middleware problems
The link at eid to download and compile ourselves point to a nonexisting file. The parent folder works: https://dist.eid.belgium.be/continuous/sources/ The latest version of 4.x is 4.4.27 from april this year, and 5.0.6 from last month. Eldest in th efolder is 4.4.10 from feb 2019 Our version is 4.4.8. so probably one and a half year, which feel a bit old to be a banking security app. Also the fact it is withdrawn from that folder i guess it is a sign it should not be used. Of course, cauldron should have version 5.x For mga7 i think we should stay with latest 4.4. But as i do not have any experience of beid i do not know.
Summary: beid-middleware problems => beid-middleware problems, update requestSource RPM: beid-middleware - Application to read information from the Belgian e-ID card => beid-middleware-4.4.8-1.mga7.src.rpm
CC registered packager, i do not know if you are still active here. Of course cauldron should be updated too. Using this bug for both for now.
Whiteboard: (none) => MGA7TOOVersion: 7 => CauldronCC: (none) => alien
Summary: beid-middleware problems, update request => Belgian banking ID app beid-middleware have problems, update request
No need to look for other packages than the ones in M7 repos, it works perfectly OK. At Rodenbach: first steps to check out what's happening: install beid-middleware, that draws in some more install opensc, idem make sure in MCC-System-Services (you installed in English or Dutch or French???) that pcscd is running. have your card reader connected and insert your eid-card open a terminal and type the command eidenv<Enter> That should read your eid-card. If that is OK, open firefox and add the Eid-Belgium extension to it. Check in its preferences - Privacy - Security devices that there is a Belgian PKCS11 Module, if not add it and have it pointing to /usr/lib64/libbeidpkcs11.so.0. Now you should be able to use your eid-card to login to taxonweb e.a. Warning: each time firefox will give a warning that the middleware is obsolete or not installed, ignore these.
CC: (none) => herman.viaene
:) @ Herman, could you put that in a wiki page? Maybe should beid-middleware require opensc?
@ Morgan: beid-middleware does not strictly need opensc. But the eidenv command from opensc is very usefull when one has to get to the bottom of the case. So, I would not object. As for the wiki, I'm willing to do that, but 1. is there some guidance for a wiki page (access rights involved???) 2. I would like to have someone have a look at it. Who is maintaining beid-middleware??? I remember some years ago, one other Belgian was involved, but I cann't remember who it was. Let's see if Rodenbach gets thru with what I wrote above. BTW, I love Rodenbach - the beer.....
@Herman I think you can use the same credentials as here. If you cant log in then ask for access, best on doc-discuss i think if you are there, or qa list in case someone know how there. To create a new page just try to go to it, i.e https://wiki.mageia.org/en/Beid and then on the text link "create this page" For syntax, sneak on other pages and copy-paste+edit. When you are logged in there is an edit tab on every wiki page. There are also some syntax help link.
Summary: Belgian banking ID app beid-middleware have problems, update request => Belgian banking ID app beid-middleware add require see #6. And update.
(In reply to Herman Viaene from comment #4) > No need to look for other packages than the ones in M7 repos, it works > perfectly OK. > At Rodenbach: > first steps to check out what's happening: > install beid-middleware, that draws in some more > install opensc, idem > make sure in MCC-System-Services (you installed in English or Dutch or > French???) that pcscd is running. > have your card reader connected and insert your eid-card > open a terminal and type the command eidenv<Enter> > That should read your eid-card. > If that is OK, open firefox and add the Eid-Belgium extension to it. > Check in its preferences - Privacy - Security devices that there is a > Belgian PKCS11 Module, if not add it and have it pointing to > /usr/lib64/libbeidpkcs11.so.0. > Now you should be able to use your eid-card to login to taxonweb e.a. > Warning: each time firefox will give a warning that the middleware is > obsolete or not installed, ignore these. Bonjour, J'ai suivi votre procédure pour me connecter sur le site: https://idp.iamfas.belgium.be/fasui/login/eidservice# pour le test et cela fonctionne actuellement. Je peux lire ma carte d'identité en mode terminal, existe-t-il une interface graphique pour lire la carte ? je vous remercie pour la rapidité de traitement de ma demande. veuillez aussi m'excuser pour mon mail en français mais je ne connais ni l'anglais ni le néerlandais. Recevez mes meilleures salutations. D. Rodenbach ========== Hello, I followed your procedure to connect to the site: https://idp.iamfas.belgium.be/fasui/login/eidservice# for the test and it is currently working. I can read my ID card in terminal mode, is there a graphical interface to read the card? I thank you for the speed of treatment of my request. Please excuse me for my email in French, but I don't know English or Dutch. Receive my best regards. D. Rodenbach
I first got this answer by private mail. On the last question I refered to a (not existing anymore??) eidviewer from the site of the owners of the Belgian Eid software.
I don't have a problem with pulling in opensc; though it should be a recommends, not a strict requirement. afaik eidviewer was a java program, but IIRC it got incorporated into the source code, i think i'm just removing those files when building it, building java programs is not as easy for packaging and i didn't see the need for it... I'm the original packager, and i did this, so i could fill in my taxes each year :-) . in the program there was also a FF plugin in it, which basically does that setting in FF for the security devices, but the FF plugin structure was updated and the upstream didn't work anymore, which means you may need to do this step manually. I don't have much time to package anymore, but if one of you guys is willing to join the packaging team, i'm willing to mentor you guys for this. Packaging is actually not that hard, it's basically a script that tells the system how to do the building from source, and what files are in the packages and what the dependencies are. adding a recommends for beid-middleware is quite easy, look at this file: https://svnweb.mageia.org/packages/cauldron/beid-middleware/current/SPECS/beid-middleware.spec?view=markup
Hi AL13N, I decided to have a look at the new versions, and got the files from https://dist.eid.belgium.be/continuous/sources/eid-mw-4.4.27-v4.4.27.tar.gz So I guess I have to go thu configure, make etc... first. But I get immediately a snag, it seems development environments in Fedora and Mageia are not quite the same. At the configure command I get checking for PCSC... no configure: error: Package requirements (libpcsclite >= 1.4.4) were not met: Package 'libpcsclite', required by 'virtual:world', not found Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. Alternatively, you may set the environment variables PCSC_CFLAGS and PCSC_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details. The version of lib64pcsclite is OK, but this is a 64-installation, so there is no libpcsclite. But nevermind, I enabled the 32-bit Core repo and installed libpcsclite, but the error remains the same. And all the environment variables are null here.
Haha, Herman, No, the spec file tells the mageia buildsystem how to do it, and you don't have to do all this manually... i would advise you to install "mgarepo" and "rpm-build" and then you can do "mgarepo co beid-middleware" which will get all the necessary files for this. then you can change the spec file (which should be in the SPECS/ subdir) (like adding a Recommends for that other package) and you can actually test this locally on your machine: rpmbuild -bs SPECS/beid-middleware.spec which will create a src.rpm file, which you can then rebuild into rpms for your system: rpmbuild --rebuild path/to/file.src.rpm of course you won't have direct access to the buildsystem, but at least you'll be able to test a small change in your spec file. you should look into the structure of this spec file (that i linked above), it is fairly simple. But, we should continue this in private, you have my email, right? you can send me an email and we can go more in detail then...
CC: (none) => ouaurelien
Status of this bug? Also, please note that there is version 4.4.27 and also a 5.0.8 version. For now, Cauldron has beid-middleware-4.4.8-3.mga8.
Source RPM: beid-middleware-4.4.8-1.mga7.src.rpm => beid-middleware-4.4.8-3.mga8.src.rpm
@ Aurelien. I tried in vain to build an rpm for 4.4.27. I contacted Al13n in private as he requested, but after an initial response, I heard nothing from him any further. Also a question ob dev-ml did not get any further. So, no progress anymore since sept, I had other things to attend. But I am willing to get that rpm out, but I'll need some detailed assistance.
@Herman, oops, I'm sorry, I'm gonna relook for your email... I don't exactly have much time to work on Mageia atm, but i do have some time now, so i'll go look for it... i don't recall what was necessary for this but. I do remember that i can use the current mga7 version without troubles...
After struggling with commands and dnf settings and alike, I have been able to build the rpms for 4.4.8 on M7, using the mock command as described in Mageia's wiki. I hope to test this soon, and if that is OK, have my hand at building the 4.4.27 rpm for M7. Big tx to AL13N for his help (private mails) in this quest.
@ Herman, what about the status of this?
Status: UNCONFIRMED => NEEDINFOEver confirmed: 0 => 1
I ran into problems witj the 4.4.27, asked for help on de dev list.........Since then occupied by other things.
(In reply to Herman Viaene from comment #18) > I ran into problems witj the 4.4.27, asked for help on de dev > list.........Since then occupied by other things. Thanks, assigning to you. Feel free to assign globally.
Status: NEEDINFO => NEWAssignee: bugsquad => herman.viaene
"Feel free to assign globally." ????? I feel stupid, looked at the wiki, but get no wiser
No, I assigned this bug report because I think you could do something on this package since comment 16. And I said "Feel free to Assigne back globally"= make the assignee to pkg-bugs at ml dot mageia for org if you can. This can no longer be in Bugsquad List.
In other words: if you don't intend to work on it in near future, assign it to pkg-bugs so another chap give it a try if they like.
Sorry, I have no idea what you two are talking about. All I know and can see is this bug???? And again, I have been trying to build this package, aimoing to learn about this and having an up todate package. But I ran into a problem, reported that on I-can,'t-remember-which-one of the message lists, and then dead silence. I more or less could understand that people at that time where getting the first M8 alpha ISO ready and thus were very busy. I'm willing to try again and report again if that seems a sensible thing to do.
(In reply to Herman Viaene from comment #23) > Sorry, I have no idea what you two are talking about. All I know and can see > is this bug???? > And again, I have been trying to build this package, aimoing to learn about > this and having an up todate package. But I ran into a problem, reported > that on I-can,'t-remember-which-one of the message lists, and then dead > silence. > I more or less could understand that people at that time where getting the > first M8 alpha ISO ready and thus were very busy. > I'm willing to try again and report again if that seems a sensible thing to > do. You're on all your right. Please take a look, take your time. Assigning globally, in this case.
Assignee: herman.viaene => pkg-bugs
I thought that building in M7 would be a waste off time since its EOL is closing in, so upgradedmy M7 to M8 and let it update. Now I get this at the CLI: $ mock --buildsrpm --spec /home/herman/rpmbuild/SPECS/beid-middleware.spec --sources /home/herman/rpmbuild/SOURCES --resultdir /home/herman/rpmbuild/SRPMS INFO: mock.py version 2.9 starting (python version = 3.8.7, NVR = mock-2.9-1.mga8)... Start(bootstrap): init plugins INFO: selinux disabled Finish(bootstrap): init plugins Start: init plugins INFO: selinux disabled Finish: init plugins INFO: Signal handler active Start: run INFO: Start(/home/herman/rpmbuild/SPECS/beid-middleware.spec) Config(mageia-7-x86_64) Start: clean chroot Finish: clean chroot Start(bootstrap): chroot init INFO: calling preinit hooks INFO: enabled root cache INFO: enabled package manager cache Start(bootstrap): cleaning package manager metadata Finish(bootstrap): cleaning package manager metadata INFO: enabled HW Info plugin Mock Version: 2.9 INFO: Mock Version: 2.9 Start(bootstrap): dnf install No matches found for the following disable plugin patterns: local, spacewalk determining the fastest mirror (10 hosts).. done. [ === ] --- B/s | 0 B --:-- ETA Mageia 7 - x86_64 and here it interrupted, because I think the chroot systel should be aken from M8, not M7. I don't see any direct reference to the maeia versio in he spec file.
Hello, I have updated the package to 5.1.8 version. I have also added a package to include the viewer separately, however I didn't test it, not even the installation.
CC: (none) => yves.brungard_mageia
This is for cauldron, at the moment. If OK, I can submit it in Mageia 8.
(In reply to papoteur from comment #26) > Hello, > I have updated the package to 5.1.8 version. > I have also added a package to include the viewer separately, however I > didn't test it, not even the installation. bonsoir comment le trouver ? merci
In cauldron ... # urpmi beid-middleware-viewer A requested package cannot be installed: beid-middleware-viewer-5.1.8-1.mga9.x86_64 (due to unsatisfied devel(libbeidpkcs11(64bit))) beid-middleware installs ok. I have the 32 bit repos enabled in that test install.
CC: (none) => davidwhodgins
Did an M9 cauldron netinstall, got as far as Dave in Comment 29. Also installed opensc and its dependencies, and I could access my eid-card with the eidenv command, that's quite OK. Now, to effectively test the usage of the eid, that libbeidpkcs11 is needed for both the eid-viewer and access with firefox on the various government sites. But I find this a bit strange, since I would expect this SW being part of the whole package of SW from BOSA.
Hello, I have updated the packages to beid-middleware-viewer-5.1.8-3.mga9 I can install it and launch it also.
Installed the new version of beid-midddelware and added the beid-middleware-viewer-5.1.8-3.mga9. The eidviewer works OK. But the firefox security device setting was not filled out automatically as normally is in fedora (or MS) installations. Got around this after some googling and searching the installed files, that running the pkcs11-register command overcomes this problem, since then I can use mu eid on all sites that require it. Tx a lot.
It seems that our package lacks belgium_eid-1.0.32.xpi and eid_belgie-1.0.23.xpi Can it be the explanation of the lacking settings?
Reading https://xpifile.com/extension/belgium-eid-extension-xpi-file/ makes me think this is the case.
I have added 2 xpi file from the installation source. Updated in beid-middleware-viewer-5.1.8-4.mga9
mga7 is EOS... I guess when verified in Cauldron, mga8 should be fixed
Whiteboard: MGA7TOO => MGA8TOO
@papoteur Installed the new version over the 5.1.8-3, works OK. Installed the new version on another M9 testing system where I had the fedora-rpm's installed. Had to remove those to install the 5.1.8-4, but then all worked OK. I will now try to make an M9 installation from scratch and see how this behaves.
Well, 5.1.8-4 is definitely an improvement. There are a few niggles left. Least important: the xpi files are in the beid-middleware rpm (where I think they should be), not in the beid-middleware-viewer as you wrote in Comment 35. The beid-middleware rpm provides all the necessary files, but I still had to manually import the rootcertification3 from pem file and the security device libbeidpkcs11so.0 in the firefox settings. Otherwise: GREAT!!! Tx a lot.
Hi Herman, Thanks for your tests. Except if you say me that the import should be managed by the rpm installation, I will port it to Mageia 8.
Well, I think I would prefer to have this ported to M8, but with some sort of warning or wiki or whatever, since the version currently in the M8 repos is ancient and incomplete, and AFAICS not operational OK anymore. So, yes, ultimately the import should be handled by the rpm installation. But this is a problem for installations from scratch in the way that I did not see this problem when the 5.1.8-4 overwrites a previous version (Mageia's 4.8 or Fedora's 5.0.x).
There is now: beid-middleware-devel-5.1.8-1.1.mga8 beid-middleware-5.1.8-1.1.mga8 beid-middleware-viewer-5.1.8-1.1.mga8 from source beid-middleware-5.1.8-1.1.mga8.src.rpm
Tested on my usual QA-testing system. That one had never seen the beid or any smartcard SW. Installed packages for pcsc, acr38u, opensc and the new beid-middleware. After importing the certificate and security device in firefox, I could use the eidviewer and connect to some offical sites authenticating with the eid-card.
So it seems all software is working then :) Maybe the procedure description need be updated? https://wiki.mageia.org/en/Beid (i.e above you also mention pcsc, acr38u)
In the privacy section you also need to import the certificate manually. It's located in /usr/share/eid-mw/trustdir/belgiumrca3.pem. Importing works OK, but the certificate does not show up until you refresh the list, by leaving this dialogue and get back in. pcsc-tools is not compulsory, but it includes a eidenv command which reads a minimum info from the eid-card, just a check that it is accessible. acr38u is a device driver, thus depending on the smartcard-reader. But I haven't yet encountered here such cardreader which does not respond to this driver.