Bug 27077 - Belgian banking ID app beid-middleware add require see #6. And update.
Summary: Belgian banking ID app beid-middleware add require see #6. And update.
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: All Packagers
QA Contact:
URL: https://eid.belgium.be
Whiteboard: MGA8TOO
Keywords:
Depends on:
Blocks:
 
Reported: 2020-08-10 23:02 CEST by Rodenbach
Modified: 2022-12-05 17:50 CET (History)
6 users (show)

See Also:
Source RPM: beid-middleware-4.4.8-3.mga8.src.rpm
CVE:
Status comment:


Attachments

Description Rodenbach 2020-08-10 23:02:03 CEST
ne fonctionne pas 
beid-middleware - Application to read information from the Belgian e-ID card​                                                                                                                         
This application allows the user to read out any information from a Belgian electronic ID card, by using libbeid and libbeidlibopensc to read the data from the card and parse it. Both identity information and information about the stored cryptographic keys can be read in a user-friendly manner, and can easily be printed out or stored for later review.

The application verifies the signature of the identity information, checks whether it was signed by a government-issued key, and optionally checks the certificate against the government's Certificate Revocation List (CRL) and/or by using the Online Certificate Status Protocol (OCSP) against the government's servers.
Comment 1 Morgan Leijström 2020-08-11 01:02:49 CEST
Thank you for reporting.
Please, the description of package do not help, we already know it ;)

Can you explain what the problem is?
Try google translate if you hesitate to write in english.

I tested sucsessfully to install using drakrpm on Mageia 7 64 bit, it installs:
- acr38u-1.7.11-8.mga7.x86_64
- beid-middleware-4.4.8-1.mga7.x86_64
- ccid-1.4.30-1.mga7.x86_64
- lib64acr38u0-1.7.11-8.mga7.x86_64
- pcsc-lite-1.8.26-1.mga7.x86_64

I do not know how to run it... i guess it is normally called from a web browser.
Just to try something I issued:

$ beid-update-nssdb 
Found PKCS#11 library at: /usr/lib64/libbeidpkcs11.so.0
Enabling ID-card functionality in Google Chrome/Chromium/Opera via /usr/lib64/libbeidpkcs11.so.0
ERROR: Failed to delete module "Belgium eID".
Module "Belgium eID" added to database.
$ beid-update-nssdb 
Found PKCS#11 library at: /usr/lib64/libbeidpkcs11.so.0
ID-card support for Google Chrome/Chromium/Opera already enabled


So it seem to work here.

However, this system have a lot of stuff installed.
So it it fail to install on your system, It may be that beid need something that this system already had installed, but yours is missing it.  If so we have a bug here that the package should require something it currently do not.


Or did i not understand correctly and you really need a later version than the one we provide?

If it works and you really only need a later version: have you tried to install the fedora rpm?
https://eid.belgium.be/en/linux-eid-software-installation

CC: (none) => fri
Ever confirmed: 1 => 0
Status: NEW => UNCONFIRMED
URL: (none) => https://eid.belgium.be
Summary: no install possible, old RPM => beid-middleware problems

Comment 2 Morgan Leijström 2020-08-11 01:20:31 CEST
The link at eid to download and compile ourselves point to a nonexisting file.
The parent folder works: https://dist.eid.belgium.be/continuous/sources/

The latest version of 4.x is  4.4.27 from april this year, and 5.0.6 from last month.

Eldest in th efolder is 4.4.10 from feb 2019

Our version is 4.4.8. so probably one and a half year, which feel a bit old to be a banking security app.  Also the fact it is withdrawn from that folder i guess it is a sign it should not be used.

Of course, cauldron should have version 5.x

For mga7 i think we should stay with latest 4.4.  But as i do not have any experience of beid i do not know.

Summary: beid-middleware problems => beid-middleware problems, update request
Source RPM: beid-middleware - Application to read information from the Belgian e-ID card​  => beid-middleware-4.4.8-1.mga7.src.rpm

Comment 3 Morgan Leijström 2020-08-11 01:28:18 CEST
CC registered packager, i do not know if you are still active here.

Of course cauldron should be updated too.  Using this bug for both for now.

Whiteboard: (none) => MGA7TOO
Version: 7 => Cauldron
CC: (none) => alien

Morgan Leijström 2020-08-11 01:29:14 CEST

Summary: beid-middleware problems, update request => Belgian banking ID app beid-middleware have problems, update request

Comment 4 Herman Viaene 2020-08-11 11:04:55 CEST
No need to look for other packages than the ones in M7 repos, it works perfectly OK.
At Rodenbach:
first steps to check out what's happening:
install beid-middleware, that draws in some more
install opensc, idem
make sure in MCC-System-Services (you installed in English or Dutch or French???) that pcscd is running.
have your card reader connected and insert your eid-card
open a terminal and type the command eidenv<Enter>
That should read your eid-card.
If that is OK, open firefox and add the Eid-Belgium extension to it.
Check in its preferences - Privacy - Security devices that there is a Belgian PKCS11 Module, if not add it and have it pointing to /usr/lib64/libbeidpkcs11.so.0.
Now you should be able to use your eid-card to login to taxonweb e.a.
Warning: each time firefox will give a warning that the middleware is obsolete or not installed, ignore these.

CC: (none) => herman.viaene

Comment 5 Morgan Leijström 2020-08-11 13:18:30 CEST
:)

@ Herman, could you put that in a wiki page?

Maybe should beid-middleware require opensc?
Comment 6 Herman Viaene 2020-08-11 13:33:39 CEST
@ Morgan: beid-middleware does not strictly need opensc. But the eidenv command from opensc is very usefull when one has to get to the bottom of the case. So, I would not object.
As for the wiki, I'm willing to do that, but
1. is there some guidance for a wiki page (access rights involved???)
2. I would like to have someone have a look at it. Who is maintaining beid-middleware??? I remember some years ago, one other Belgian was involved, but I cann't remember who it was.
Let's see if Rodenbach gets thru with what I wrote above.
BTW, I love Rodenbach - the beer.....
Comment 7 Morgan Leijström 2020-08-11 14:49:27 CEST
@Herman 

I think you can use the same credentials as here.
If you cant log in then ask for access, best on doc-discuss i think if you are there, or qa list in case someone know how there.

To create a new page just try to go to it, i.e
https://wiki.mageia.org/en/Beid and then on the text link "create this page"

For syntax, sneak on other pages and copy-paste+edit.  When you are logged in there is an edit tab on every wiki page.  There are also some syntax help link.

Summary: Belgian banking ID app beid-middleware have problems, update request => Belgian banking ID app beid-middleware add require see #6. And update.

Comment 8 Rodenbach 2020-08-11 16:04:50 CEST
(In reply to Herman Viaene from comment #4)
> No need to look for other packages than the ones in M7 repos, it works
> perfectly OK.
> At Rodenbach:
> first steps to check out what's happening:
> install beid-middleware, that draws in some more
> install opensc, idem
> make sure in MCC-System-Services (you installed in English or Dutch or
> French???) that pcscd is running.
> have your card reader connected and insert your eid-card
> open a terminal and type the command eidenv<Enter>
> That should read your eid-card.
> If that is OK, open firefox and add the Eid-Belgium extension to it.
> Check in its preferences - Privacy - Security devices that there is a
> Belgian PKCS11 Module, if not add it and have it pointing to
> /usr/lib64/libbeidpkcs11.so.0.
> Now you should be able to use your eid-card to login to taxonweb e.a.
> Warning: each time firefox will give a warning that the middleware is
> obsolete or not installed, ignore these.

Bonjour,

J'ai suivi votre procédure pour me connecter sur le site: https://idp.iamfas.belgium.be/fasui/login/eidservice# pour le test et cela fonctionne actuellement. Je peux lire ma carte d'identité en mode terminal, existe-t-il une interface graphique pour lire la carte ?

je vous remercie pour la rapidité de traitement de ma demande.

veuillez aussi m'excuser pour mon mail en français mais je ne connais ni l'anglais ni le néerlandais.

Recevez mes meilleures salutations.

D. Rodenbach

==========

Hello,

I followed your procedure to connect to the site: https://idp.iamfas.belgium.be/fasui/login/eidservice# for the test and it is currently working. I can read my ID card in terminal mode, is there a graphical interface to read the card?

I thank you for the speed of treatment of my request.

Please excuse me for my email in French, but I don't know English or Dutch.

Receive my best regards.

D. Rodenbach
Comment 9 Herman Viaene 2020-08-11 16:16:08 CEST
I first got this answer by private mail. On the last question I refered to a (not existing anymore??) eidviewer from the site of the owners of the Belgian Eid software.
Comment 10 AL13N 2020-08-12 09:53:39 CEST
I don't have a problem with pulling in opensc; though it should be a recommends, not a strict requirement.

afaik eidviewer was a java program, but IIRC it got incorporated into the source code, i think i'm just removing those files when building it, building java programs is not as easy for packaging and i didn't see the need for it...

I'm the original packager, and i did this, so i could fill in my taxes each year :-) .

in the program there was also a FF plugin in it, which basically does that setting in FF for the security devices, but the FF plugin structure was updated and the upstream didn't work anymore, which means you may need to do this step manually.

I don't have much time to package anymore, but if one of you guys is willing to join the packaging team, i'm willing to mentor you guys for this.

Packaging is actually not that hard, it's basically a script that tells the system how to do the building from source, and what files are in the packages and what the dependencies are.

adding a recommends for beid-middleware is quite easy, look at this file: https://svnweb.mageia.org/packages/cauldron/beid-middleware/current/SPECS/beid-middleware.spec?view=markup
Comment 11 Herman Viaene 2020-08-14 14:54:33 CEST
Hi AL13N,

I decided to have a look at the new versions, and got the files from https://dist.eid.belgium.be/continuous/sources/eid-mw-4.4.27-v4.4.27.tar.gz
So I guess I have to go thu configure, make etc... first.
But I get immediately a snag, it seems development environments in Fedora and Mageia are not quite the same.
At the configure command I get
checking for PCSC... no
configure: error: Package requirements (libpcsclite >= 1.4.4) were not met:

Package 'libpcsclite', required by 'virtual:world', not found

Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.

Alternatively, you may set the environment variables PCSC_CFLAGS
and PCSC_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.

The version of lib64pcsclite is OK, but this is a 64-installation, so there is no libpcsclite.
But nevermind, I enabled the 32-bit Core repo and installed libpcsclite, but the error remains the same. And all the environment variables are null here.
Comment 12 AL13N 2020-08-14 15:35:55 CEST
Haha, Herman,

No,

the spec file tells the mageia buildsystem how to do it, and you don't have to do all this manually...

i would advise you to install "mgarepo" and "rpm-build"

and then you can do "mgarepo co beid-middleware" which will get all the necessary files for this.

then you can change the spec file (which should be in the SPECS/ subdir) (like adding a Recommends for that other package)

and you can actually test this locally on your machine:

rpmbuild -bs SPECS/beid-middleware.spec

which will create a src.rpm file, which you can then rebuild into rpms for your system:

rpmbuild --rebuild path/to/file.src.rpm


of course you won't have direct access to the buildsystem, but at least you'll be able to test a small change in your spec file.

you should look into the structure of this spec file (that i linked above), it is fairly simple.

But, we should continue this in private, you have my email, right? you can send me an email and we can go more in detail then...
Aurelien Oudelet 2020-09-02 17:51:24 CEST

CC: (none) => ouaurelien

Comment 13 Aurelien Oudelet 2020-10-31 18:59:18 CET
Status of this bug?
Also, please note that there is version 4.4.27 and also a 5.0.8 version.

For now, Cauldron has beid-middleware-4.4.8-3.mga8.

Source RPM: beid-middleware-4.4.8-1.mga7.src.rpm => beid-middleware-4.4.8-3.mga8.src.rpm

Comment 14 Herman Viaene 2020-11-01 09:05:14 CET
@ Aurelien.
I tried in vain to build an rpm for 4.4.27. I contacted Al13n in private as he requested, but after an initial response, I heard nothing from him any further. Also a question ob dev-ml did not get any further. So, no progress anymore since sept, I had other things to attend.
But I am willing to get that rpm out, but I'll need some detailed assistance.
Comment 15 AL13N 2020-11-01 14:33:01 CET
@Herman, oops, I'm sorry, I'm gonna relook for your email... I don't exactly have much time to work on Mageia atm, but i do have some time now, so i'll go look for it... i don't recall what was necessary for this but.

I do remember that i can use the current mga7 version without troubles...
Comment 16 Herman Viaene 2020-12-03 10:55:21 CET
After struggling with commands and dnf settings and alike, I have been able to build the rpms for 4.4.8 on M7, using the mock command as described in Mageia's wiki. I hope to test this soon, and if that is OK, have my hand at building the 4.4.27 rpm for M7.
Big tx to AL13N for his help (private mails) in this quest.
Comment 17 Aurelien Oudelet 2021-03-08 11:21:01 CET
@ Herman, what about the status of this?

Status: UNCONFIRMED => NEEDINFO
Ever confirmed: 0 => 1

Comment 18 Herman Viaene 2021-03-08 11:33:52 CET
I ran into problems witj the 4.4.27, asked for help on de dev list.........Since then occupied by other things.
Comment 19 Aurelien Oudelet 2021-03-21 18:11:30 CET
(In reply to Herman Viaene from comment #18)
> I ran into problems witj the 4.4.27, asked for help on de dev
> list.........Since then occupied by other things.

Thanks, assigning to you. Feel free to assign globally.

Status: NEEDINFO => NEW
Assignee: bugsquad => herman.viaene

Comment 20 Herman Viaene 2021-03-22 16:20:02 CET
"Feel free to assign globally." ?????
I feel stupid, looked at the wiki, but get no wiser
Comment 21 Aurelien Oudelet 2021-03-22 16:25:39 CET
No, I assigned this bug report because I think you could do something on this package since comment 16.

And I said "Feel free to Assigne back globally"= make the assignee to pkg-bugs at ml dot mageia for org if you can. This can no longer be in Bugsquad List.
Comment 22 Morgan Leijström 2021-03-22 16:33:51 CET
In other words: if you don't intend to work on it in near future, assign it to pkg-bugs so another chap give it a try if they like.
Comment 23 Herman Viaene 2021-03-22 16:58:05 CET
Sorry, I have no idea what you two are talking about. All I know and can see is this bug????
And again, I have been trying to build this package, aimoing to learn about this and having an up todate package. But I ran into a problem, reported that on I-can,'t-remember-which-one of the message lists, and then dead silence.
I more or less could understand that people at that time where getting the first M8 alpha ISO ready and thus were very busy.
I'm willing to try again and report again if that seems a sensible thing to do.
Comment 24 Aurelien Oudelet 2021-03-22 17:04:16 CET
(In reply to Herman Viaene from comment #23)
> Sorry, I have no idea what you two are talking about. All I know and can see
> is this bug????
> And again, I have been trying to build this package, aimoing to learn about
> this and having an up todate package. But I ran into a problem, reported
> that on I-can,'t-remember-which-one of the message lists, and then dead
> silence.
> I more or less could understand that people at that time where getting the
> first M8 alpha ISO ready and thus were very busy.
> I'm willing to try again and report again if that seems a sensible thing to
> do.

You're on all your right. Please take a look, take your time.
Assigning globally, in this case.

Assignee: herman.viaene => pkg-bugs

Comment 25 Herman Viaene 2021-03-24 23:17:30 CET
I thought that building in M7 would be a waste off time since its EOL is closing in, so upgradedmy M7 to M8 and let it update.
Now I get this at the CLI:
$ mock --buildsrpm --spec /home/herman/rpmbuild/SPECS/beid-middleware.spec --sources /home/herman/rpmbuild/SOURCES --resultdir /home/herman/rpmbuild/SRPMS
INFO: mock.py version 2.9 starting (python version = 3.8.7, NVR = mock-2.9-1.mga8)...
Start(bootstrap): init plugins
INFO: selinux disabled
Finish(bootstrap): init plugins
Start: init plugins
INFO: selinux disabled
Finish: init plugins
INFO: Signal handler active
Start: run
INFO: Start(/home/herman/rpmbuild/SPECS/beid-middleware.spec)  Config(mageia-7-x86_64)
Start: clean chroot
Finish: clean chroot
Start(bootstrap): chroot init
INFO: calling preinit hooks
INFO: enabled root cache
INFO: enabled package manager cache
Start(bootstrap): cleaning package manager metadata
Finish(bootstrap): cleaning package manager metadata
INFO: enabled HW Info plugin
Mock Version: 2.9
INFO: Mock Version: 2.9
Start(bootstrap): dnf install
No matches found for the following disable plugin patterns: local, spacewalk
determining the fastest mirror (10 hosts).. done.                                       [                     ===                                                           ] ---  B/s |   0  B     --:-- ETA
Mageia 7 - x86_64            

and here it interrupted, because I think the chroot systel should be aken from M8, not M7. I don't see any direct reference to the maeia versio in he spec file.
Comment 26 papoteur 2022-11-24 22:15:34 CET
Hello,
I have updated the package to 5.1.8 version.
I have also added a package to include the viewer separately, however I didn't test it, not even the installation.

CC: (none) => yves.brungard_mageia

Comment 27 papoteur 2022-11-24 22:17:08 CET
This is for cauldron, at the moment. If OK, I can submit it in Mageia 8.
Comment 28 Rodenbach 2022-11-25 19:04:21 CET
(In reply to papoteur from comment #26)
> Hello,
> I have updated the package to 5.1.8 version.
> I have also added a package to include the viewer separately, however I
> didn't test it, not even the installation.

bonsoir
comment le trouver ?
merci
Comment 29 Dave Hodgins 2022-11-25 21:30:54 CET
In cauldron ...
# urpmi beid-middleware-viewer 
A requested package cannot be installed:
beid-middleware-viewer-5.1.8-1.mga9.x86_64 (due to unsatisfied devel(libbeidpkcs11(64bit)))

beid-middleware installs ok.

I have the 32 bit repos enabled in that test install.

CC: (none) => davidwhodgins

Comment 30 Herman Viaene 2022-11-26 12:08:30 CET
Did an M9 cauldron netinstall, got as far as Dave in Comment 29.
Also installed opensc and its dependencies, and I could access my eid-card with the eidenv command, that's quite OK.
Now, to effectively test the usage of the eid, that libbeidpkcs11 is needed for both the eid-viewer and access with firefox on the various government sites.
But I find this a bit strange, since I would expect this SW being part of the whole package of SW from BOSA.
Comment 31 papoteur 2022-11-26 20:18:02 CET
Hello,
I have updated the packages to beid-middleware-viewer-5.1.8-3.mga9
I can install it and launch it also.
Comment 32 Herman Viaene 2022-11-28 11:56:25 CET
Installed the new version of beid-midddelware and added the beid-middleware-viewer-5.1.8-3.mga9.
The eidviewer works OK. But the firefox security device setting was not filled out automatically as normally is in fedora (or MS) installations.
Got around this after some googling and searching the installed files, that running the pkcs11-register command overcomes this problem, since then I can use mu eid on all sites that require it.
Tx a lot.
Comment 33 papoteur 2022-11-28 15:27:14 CET
It seems that our package lacks 
belgium_eid-1.0.32.xpi 
and
eid_belgie-1.0.23.xpi
Can it be the explanation of the lacking settings?
Comment 34 Herman Viaene 2022-11-28 15:40:46 CET
Reading https://xpifile.com/extension/belgium-eid-extension-xpi-file/ makes me think this is the case.
Comment 35 papoteur 2022-11-29 08:37:53 CET
I have added 2 xpi file from the installation source.
Updated in beid-middleware-viewer-5.1.8-4.mga9
Comment 36 Morgan Leijström 2022-11-29 11:56:24 CET
mga7 is EOS...

I guess when verified in Cauldron, mga8 should be fixed

Whiteboard: MGA7TOO => MGA8TOO

Comment 37 Herman Viaene 2022-12-01 09:42:36 CET
@papoteur
Installed the new version over the 5.1.8-3, works OK.
Installed the new version on another M9 testing system where I had the fedora-rpm's installed. Had to remove those to install the 5.1.8-4, but then all worked OK.
I will now try to make an M9 installation from scratch and see how this behaves.
Comment 38 Herman Viaene 2022-12-01 14:10:23 CET
Well, 5.1.8-4 is definitely an improvement. There are a few niggles left.
Least important: the xpi files are in the beid-middleware rpm (where I think they should be), not in the beid-middleware-viewer as you wrote in Comment 35.

The  beid-middleware rpm provides all the necessary files, but I still had to manually import the rootcertification3 from pem file and the security device libbeidpkcs11so.0 in the firefox settings.
Otherwise: GREAT!!! Tx a lot.
Comment 39 papoteur 2022-12-03 10:13:22 CET
Hi Herman,
Thanks for your tests.
Except if you say me that the import should be managed by the rpm installation, I will port it to Mageia 8.
Comment 40 Herman Viaene 2022-12-03 10:46:45 CET
Well, I think I would prefer to have this ported to M8, but with some sort of warning or wiki or whatever,  since the version currently in the M8 repos is ancient and incomplete, and AFAICS not operational OK anymore.
So, yes, ultimately the import should be handled by the rpm installation. But this is a problem for installations from scratch in the way that I did not see this problem when the 5.1.8-4 overwrites a previous version (Mageia's 4.8 or Fedora's 5.0.x).
Comment 41 papoteur 2022-12-03 13:04:56 CET
There is now:
beid-middleware-devel-5.1.8-1.1.mga8
beid-middleware-5.1.8-1.1.mga8
beid-middleware-viewer-5.1.8-1.1.mga8
from source
beid-middleware-5.1.8-1.1.mga8.src.rpm
Comment 42 Herman Viaene 2022-12-04 18:33:05 CET
Tested on my usual QA-testing system. That one had never seen the beid or any smartcard SW.
Installed packages for pcsc, acr38u, opensc and the new beid-middleware.
After importing the certificate and security device in firefox, I could use the eidviewer and connect to some offical sites authenticating with the eid-card.
Comment 43 Morgan Leijström 2022-12-04 18:46:42 CET
So it seems all software is working then :)

Maybe the procedure description need be updated?
https://wiki.mageia.org/en/Beid

(i.e above you also mention pcsc, acr38u)
Comment 44 Herman Viaene 2022-12-05 17:50:36 CET
In the privacy section you also need to import the certificate manually. It's located in /usr/share/eid-mw/trustdir/belgiumrca3.pem. Importing works OK, but the certificate does not show up until you refresh the list, by leaving this dialogue and get back in.


pcsc-tools is not compulsory, but it includes a eidenv command which reads a minimum info from the eid-card, just a check that it is accessible.

acr38u is a device driver, thus depending on the smartcard-reader. But I haven't yet encountered here such cardreader which does not respond to this driver.

Note You need to log in before you can comment on or make changes to this bug.