Bug 773 - Belgian Identity card reader package beid
Summary: Belgian Identity card reader package beid
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 1
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-04-11 15:45 CEST by Bert Aerts
Modified: 2014-05-08 18:04 CEST (History)
8 users (show)

See Also:
Source RPM:
CVE:
Status comment:


Attachments

Description Bert Aerts 2011-04-11 15:45:51 CEST
Description of problem:

Mandriva has the package "beid" for the Belgian Identity Card reader.
beid-2.6.0-4mdv2010.1.x86_64.rpm in main repo.
Could this be added to Mageia?

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.


Reproducible: 

Steps to Reproduce:
Comment 1 Bert Aerts 2011-04-20 13:14:03 CEST
Additional info can be found on in dutch or french
http://eid.belgium.be/nl/Hoe_installeer_je_de_eID/Linux/
http://eid.belgium.be/fr/Comment_installer_l_eID/Linux/

There is a package for 2 distributions: Fedora and Ubuntu
http://eid.belgium.be/fr/binaries/beid-middleware-fedora_tcm146-102539.tgz
http://eid.belgium.be/fr/binaries/beid-middleware-3%2E5%2E3-ubuntu-9%2E10-i686-quickfix_tcm146-102565.tgz

In Mandriva Cooker there is currently no beid package anymore, while 2.6.0 is available in 2010.1/main

In Mandriva there is Bug 54048 - The eID Middleware software offers components for using the Belgian eID (BEID)

Would it be possible to add this package to Mageia?
Comment 2 Bert Aerts 2011-05-18 21:26:43 CEST
Let's make life simple.

The only thing needed for the application Tax-on-Web with the Belgian electronic identity card is eid-mw-4.0.0-0.925.fc16.x86_64.rpm from http://code.google.com/p/eid-mw/

Could this rpm be placed in Mageia repository?

Can after install following message be shown:

To configure firefox 4.0 for Tax-on-Web follow these steps:
+ After restart Firefox and while eID card is in reader
  Edit/Preferences Advanced Encryption "View certificates" "Authorities"
  "Belgium Root CA" Edit
  Enable web and email
+ Tax-on-Web requests SSL renegotiation while firefox 4 does not allow that
  workaround:
    o address about:config
    o filter renego
    o security.ssl.renego_unrestricted_hosts : ccff02.minfin.fgov.be

Of course acr38u-1.7.10-2.mga1 must be installed as well.
Comment 3 AL13N 2011-06-06 23:02:46 CEST
if i have some time left, maybe i can do it, i'm wanting this package too

CC: (none) => maarten.vanraes

Comment 4 Bert Aerts 2011-06-07 10:00:26 CEST
There is also a very nice Belgian identity card viewer available:

http://code.google.com/p/eid-viewer/
http://eid-viewer.googlecode.com/files/eid-viewer-4.0.0-0.52.fc16.x86_64.rpm

Just install the rpm and there is even a menu entry created in KDE.
Comment 5 AL13N 2011-06-07 19:44:35 CEST
me being from belgium, i've used the ones from mandriva last year, so i know :-)
Comment 6 Bert Aerts 2011-06-07 21:28:04 CEST
Please note that the ones from Mandriva 2010.1 are the ones from Comment 1, i.e. the official ones, but beidgui is a 32 bit application.

The ones from Comment 2 and 4 are the unofficial unsupported ones, but at least usable on x86_64 Mageia 1 and much more up to date.

Just to be sure.
Comment 7 Wim Coulier 2011-06-10 22:17:58 CEST
Indeed a package that is really required in Belgium. And since it is tax filing time, it is urgent for everyone using mageia to file their taxes.

Priority: Normal => High
CC: (none) => wim
Severity: normal => major

Comment 8 AL13N 2011-06-13 03:17:05 CEST
I'm trying to get it done in time... but i've hit a quite important snag atm (not being able to enter a pincode...)

also, FF4 is not supported to enter taxes, i've had to change 2 about settings, and fake a FF3 header...
Comment 9 Bert Aerts 2011-06-13 11:11:09 CEST
Comment 2 is a complete manual on how to use firefox 4 with this single rpm.
Comment 10 AL13N 2011-06-13 14:26:17 CEST
yes, it's not accurate anymore, you need to fake FF3 headers now, taxonweb is actively blocking anything not FF3 or 32bit IE's
Comment 11 Bert Aerts 2011-06-13 15:24:56 CEST
Yes indeed, FF4 is refused now.
In what old fashioned country do we live ? :-(
This means I can not use Mageia to do tax-on-web :-(
Comment 12 AL13N 2011-06-13 15:34:42 CEST
i used a plugin that can fake a user-agent string and copypasted a FF3 string. i'll try to talk to the upstream about this...
Comment 13 AL13N 2011-06-13 22:27:35 CEST
ok, i got a more or less working package (i filled in the taxes with it)

there are a few packaging errors, i'm looking into that...

i expect it to come more or less soonish (at least in its basic form, only pkcs11 libs and the .xpi)
Comment 14 AL13N 2011-06-17 00:17:41 CEST
ok, i got a new package beid-middleware built on cauldron atm. still no backports/updates yet, so i'm waiting on that to get it into mageia 1.

I would love some more feedback, i mean, i had it working, but do you have some issues with it? let me know...

I'm keeping this bug report open until it's on mageia 1, since it's a "missing package"
Comment 15 Wim Coulier 2011-06-17 16:58:48 CEST
Is there a way to test the rpm already on Mageia 1 now? I do not dispose of a cauldron version, but since you intend to have it in backports, I suppose that the rpm should work on a Mageia 1 version? How can I get the rpm?
Comment 17 Wim Coulier 2011-06-17 17:06:31 CEST
Does a i586 version exist? I'm not running x86_64.
Comment 19 AL13N 2011-06-17 17:11:16 CEST
as Bert said: on the mirrors, and since cauldron is still quite similar to 1, it'll likely work; you could also rebuild the src.rpm on the mirrors too, that will definately work:

get the src.rpm from a mirror and do rpmbuild --rebuild file.src.rpm; that will eventually make a regular rpm file which you can install.

if you're testing, don't forget to:
A) spoof your user agent setting (via an addon), make it detect your FF4 as a FF3
B) change those 2 settings
C) put your card in the reader BEFORE you start firefox
D) make sure pcscd is running

also, let me know if:
A) the beid FF addon is active after installation
B) the reader device is found in firefox, or if you had to load the security device yourself
C) you filed your taxes :-)
Comment 20 Bert Aerts 2011-06-17 17:19:58 CEST
The addon to spoof your user agent - is it included in your rpm?
Comment 21 AL13N 2011-06-17 17:28:14 CEST
no, i'm in the process of asking the people only give warning but not outright reject FF4. i searched user agent in the addons, installed something and configured it, and it worked, but i don't know anymore what it was...
Michel Morisot 2011-06-17 19:32:33 CEST

CC: (none) => carabao

Comment 22 Bert Aerts 2011-06-17 19:49:13 CEST
With the help of
https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/
I could fake Firefox 4 to be Internet Explorer 8.

Then the procedure of comment 2 works again.

AL13N,

Is it correct that you created a new rpm, compiled with tools of Mageia, based on http://code.google.com/p/eid-mw-continuous/downloads/detail?name=eid-mw-4.0.0-929.tar.gz&can=2&q= ?
Which means that the files are more or less similar to eid-mw-4.0.0-0.925.fc16.x86_64.rpm except for version 929 iso 925 ?

As I had the rpm's of comments 2 and 4 already installed I only needed the user agent switcher.
Comment 23 AL13N 2011-06-17 22:56:26 CEST
they could be more or less similar, but it's built specifically for mageia, and has therefor more chances of having correct dependencies and it'll be on the mirrors, so no need to find and download it later on.
Comment 24 Bert Aerts 2011-06-19 10:39:36 CEST
Up to now I was using Mageia 1 x86_64 on an external USB harddisk.

Yesterday I installed it on my internal harddisk and wanted to install 
beid-middleware-4.0.0.r929-1.mga2.x86_64.rpm.

First of all I get the message on selecting this package:
"Rpmdrake or one of its priority dependencies needs to be updated first. Rpmdrake will then restart."

Pressing OK allows to install the package, but I get a huge amount of dependent packages all cauldron's "mga2":

- aria2-1.11.2-1.mga2.x86_64
- beid-middleware-4.0.0.r929-1.mga2.x86_64
- lib64notify4-0.7.3-1.mga2.x86_64
- meta-task-1-34.mga2.noarch
- perl-5.14.0-5.mga2.x86_64
- perl-base-5.14.0-5.mga2.x86_64
- perl-Cairo-1.70.0-5.mga2.x86_64
- perl-Crypt-SSLeay-0.580.0-6.mga2.x86_64
- perl-Curses-1.280.0-6.mga2.x86_64
- perl-DBI-1.616.0-4.mga2.x86_64
- perl-Digest-SHA-5.610.0-3.mga2.x86_64
- perl-Digest-SHA1-2.130.0-6.mga2.x86_64
- perl-FCGI-0.730.0-2.mga2.x86_64
- perl-File-FnMatch-0.20.0-6.mga2.x86_64
- perl-File-Sync-0.90.0-7.mga2.x86_64
- perl-Filesys-Df-0.920.0-7.mga2.x86_64
- perl-Glib-1.230.0-9.mga2.x86_64
- perl-Gnome2-Vte-0.90.0-3.mga2.x86_64
- perl-Gtk2-1.230.0-6.mga2.x86_64
- perl-Gtk2-Notify-0.50.0-3.mga2.x86_64
- perl-Gtk2-SourceView2-0.100.0-4.mga2.x86_64
- perl-Gtk2-WebKit-0.90.0-1.mga2.x86_64
- perl-HTML-Parser-3.680.0-3.mga2.x86_64
- perl-JSON-PP-2.271.50-4.mga2.noarch
- perl-Locale-gettext-1.50.0-6.mga2.x86_64
- perl-Net-DBus-0.33.6-9.mga2.x86_64
- perl-Pango-1.221-6.mga2.x86_64
- perl-String-CRC32-1.4-11.mga2.x86_64
- perl-Term-ReadKey-2.30-12.mga2.x86_64
- perl-Time-Piece-1.200.0-5.mga2.x86_64
- perl-Tk-804.29.0-7.mga2.x86_64
- perl-URPM-3.38.1-2.mga2.x86_64
- perl-version-0.880.0-3.mga2.x86_64
- perl-WWW-Curl-4.150.0-6.mga2.x86_64
- perl-XML-LibXML-1.720.0-1.mga2.x86_64
- perl-XML-Parser-2.410.0-1.mga2.x86_64
- userdrake-1.13.5-2.mga2.x86_64
- vim-common-7.3.219-2.mga2.x86_64
- vim-enhanced-7.3.219-2.mga2.x86_64

Please create a package for Mageia 1 !!
Comment 25 AL13N 2011-06-19 11:51:29 CEST
actually, it seems like you had a pre-release installed?

i would remove all media and re-add media:

urpmi.removemedia -a
urpmi.addmedia --distrib --mirrorlist '$MIRRORLIST'

but i'm not 100% sure if the mageia 1 will be chosen,

so, after you readd media, check your sources with

urpmq --list-url

if there is cauldron in your urls, that's the issue. similarly, you can use this to confirm my claims.
Comment 26 Bert Aerts 2011-06-19 12:00:35 CEST
To be able to select your package, I added
ftp://ftp.belnet.be/mirror/mageia/distrib/cauldron/x86_64/media/core/release
to the list of repositories.
Comment 27 Bert Aerts 2011-06-19 15:09:24 CEST
I downloaded the file and installed it via Dolphin. No dependencies anymore.

ftp://ftp-stud.hs-esslingen.de/pub/Mirrors/Mageia/distrib/cauldron/x86_64/media/core/release/beid-middleware-4.0.0.r929-1.mga2.x86_64.rpm

It works.
Comment 28 Wim Coulier 2011-06-19 16:33:14 CEST
Hi,

I got the RPM installed but I'm not able yet to authenticate to tax-on-web. Here is what I did:
- Installed pcsclite and acr38u
- Downloaded the source rpm.
- Installed rpm-build
- Tried to rpmbuild the source rpm, but it needed a number of other packages (don't remember exactly which ones), so it failed
- Installed the packages referred to
- Rpmbuilded the source rpm (this time it worked)
- Installed the resulting rpm
- Edited both Government CA's belonging to Belgian Root CA in FF and selected web and mail
- Set security.ssl.renego_unrestricted_hosts to ccff02.minfin.fgov.be
- Installed User Agent RG 1.0 FF add-on
- Closed FF, hooked up my card reader and entered my card
- Restarted FF and set User Agent to FF 3.6
- Opened Tax-On-Web and tried to logon

Result:
Secure Connection Failed
An error occurred during a connection to ccff02.minfin.fgov.be.
SSL peer was unable to negotiate an acceptable set of security parameters.
(Error code: ssl_error_handshake_failure_alert)

Is there something I forgot? There is an add-on active in FF with the name Belgium eID 1.0.11. How can I test where it fails?

I noticed that there is no Beid GUI installed. So that does not even allow me to test whether it the card is read at all or not.
Comment 29 Wim Coulier 2011-06-19 17:47:03 CEST
Some more info:
On another machine that still runs Mandriva 2010.0, the same card reader and card do work (so no HW problem). On that machine, when I attach the reader, the green led flickers slowly, and when I insert the card it burns continuously. On my machine with Mageia, when I attach the reader, the green led flickers as well, but when I insert the card it does not burn continuously.
On the Mageia machine, there is no security device installed in FF either.
I'll try to load it manually, but need to restart the browser to test.
Comment 30 Wim Coulier 2011-06-19 18:04:05 CEST
Success! 

It was indeed the security module that needed to be loaded manually: in the menu select "Edit/Preferences". In the "Firefox Preferences" window, "Advanced" section, "Security" tab, click the "Security Devices" button. The "Device Manager" window opens. Click the "Load" button. In the "Module Name" field enter a name, e.g. "BeidCard" and in the "Module filename" field enter the following path: â/usr/lib/libbeidpkcs11.so.0 and click the "OK" button.

Can the RPM that I have build be used for distribution? Can I upload it somewhere?
Comment 31 AL13N 2011-06-19 21:31:42 CEST
Wim, thanks, that was exactly what I needed to know, afaik the FF addon, is supposed to load up the libbeidpkcs11.so.0 automagically; that is it's purpose. I'm going to talk this over with the upstream people (and maybe dig in the code myself a bit)

the 4.0 series (which is greatly improved building design (over the 2.6 and 3.5 series)), separated a bunch of such things, the middleware is exactly that, only the middleware, beidgui is obsolete now, and is superseded by eid-viewer (a java based viewer: thus a totally different codebase), which i haven't packaged, (yet; not sure if i will or if it's needed/wanted))

you can't use that rpm for distribution, in fact, when the BS is ready, i can just submit this src.rpm with the knowledge that it'll build for mageia1 perfectly.

Mageia has as a security feature, enforced that all builds have to be made by the buildsystem, (and it also signs it as official; your package didn't have a signature). as a plus, the buildsystem also puts it automagically on the mirrors. :-)
Comment 32 Bert Aerts 2011-06-19 21:44:02 CEST
In my case the device /usr/lib64/libbeidpkcs11.so.0 was already present in Firefox 4. I didn't need to add it manually. In contrast to Wim's case ...
Comment 33 AL13N 2011-06-19 22:05:09 CEST
could it have been there with regards to previous testings?

is anyone of you using 64bit and the other not?
Comment 34 Wim Coulier 2011-06-19 22:43:49 CEST
I'm using a fresh install of Mageia 1 i586. But rather then a difference in architecture, I suspect a difference in installation type might cause the different behaviour. If Bert did an upgrade, then that might explain way the security device was no problem in his case while it was in mine on my fresh install.
Comment 35 Bert Aerts 2011-06-19 22:48:23 CEST
I did a fresh install on the internal harddisk of my Dell Inspiron 1720 notebook with format of / and /home, to clean out the previously installed Mandriva 2010.2.
From USB stick with Mageia 1 x86_64.
After install of beid-middleware-4.0.0.r929-1.mga2.x86_64.rpm the security device was there, but I did a reboot to get acr38u active.
Could the restart cause the different bahaviour compared to Wim?
Comment 36 AL13N 2011-06-19 23:35:58 CEST
i was thinking that perhaps due to the /usr/lib64/ location that it might not work there, but reboot for acr38u... i don't know, i don't a reboot is required? but then, i'm not 100% sure


could the both of you test the following:
[]# urpme beid-middleware
--> unplug reader
--> log out and back in
--> open firefox, and see if the beidpkcs entry is still there, if so, remove it
--> log out and back in
--> keep firefox closed
[]# urpmi beid-middleware
--> plug in reader and card
[]# /etc/init.d/pcscd restart
--> startup firefox, and see if it works.
--> if it doesn't, log out and back in and retry
Comment 37 AL13N 2011-06-23 02:28:04 CEST
beid-middleware-4.0.0-r929-1.1.mga1 is now available in core/updates_testing for mageia1

I tested it with an mdv upgrade, and it works.

reassigning to QA for test and move to core/updates.

Assignee: bugsquad => qa-bugs

Comment 38 AL13N 2011-06-23 02:39:29 CEST
update announcement could be:

beid-2.6.0 was shipped in Mandriva 2010.1, and Mageia 1 is missing beid. This is the missing package, which obsoletes the Mandriva 2010.1 beid packages.
Anssi Hannula 2011-06-23 02:41:33 CEST

CC: (none) => anssi.hannula

Comment 39 AL13N 2011-06-26 10:45:09 CEST
Modify bug headers to reflect the update request

Component: New RPM package request => RPM Packages
Hardware: x86_64 => All
Version: Cauldron => 1

Comment 40 AL13N 2011-07-02 00:45:35 CEST
Dropping priority due to the time for biggest usefullness has elapsed.

Priority: High => Normal

Comment 41 Manuel Hiebel 2011-07-02 13:44:37 CEST
maybe you should find people to test ...

(for the both architecture in Mageia 1 )
Comment 42 Manuel Hiebel 2011-07-02 13:51:55 CEST
I'am not Belgian, so I can not really test.

So on x86_64, it is installed correctly 

[root@vosdook lib64]# ls | grep beid
libbeidcardlayer.so.0@
libbeidcardlayer.so.0.0.0*
libbeidcommon.so.0@
libbeidcommon.so.0.0.0*
libbeiddialogs.so.0@
libbeiddialogs.so.0.0.0*
libbeidpkcs11.so.0@
libbeidpkcs11.so.0.0.0*
libcardpluginbeid.so*

and the add-on is listed in firefox
Comment 43 AL13N 2011-07-02 14:02:24 CEST
can you check in firefox:

edit -> preferences -> advanced -> encryption -> devices

if "libbeidpkcs11.so.0" is in there?

the xpi's job is to do that, afaik.
Comment 44 AL13N 2011-07-02 14:04:57 CEST
also with testing, the point is not to test this package (that's already been done), it's to test the upgrade from a mdv2010.1, which had beid installed.

Personally i've done that test, and it worked, so now the QA team is supposed to check it and push to updates if it does work.

Since QA team is getting overloaded with work, they didn't have time to do this one yet.
Comment 45 Manuel Hiebel 2011-07-02 14:06:58 CEST
(In reply to comment #43)
> can you check in firefox:
> 
> edit -> preferences -> advanced -> encryption -> devices
> 
> if "libbeidpkcs11.so.0" is in there?

Yep the lib is there

CC: (none) => manuel

Comment 46 AL13N 2011-07-02 14:11:53 CEST
awesome, thanks for checking, if it didn't; i'd have to file an upstream bug.
Raphaël Vinet 2011-07-03 07:17:51 CEST

CC: (none) => superaphke

Comment 47 Dave Hodgins 2011-07-07 02:36:31 CEST
All I can test is that it installs without conflicts, which it does on my
i586 system.  Comment 43 indicates it installs ok on x86-64, and other
comments make it clear that it works, so I consider this testing complete.

Can someone from the sysadmin team push the package
beid-middleware
from Core Updates Testing to Core Updates please.
The srpm is beid-middleware-4.0.0.r929-1.1.mga1.src.rpm

CC: (none) => davidwhodgins

Michel Morisot 2011-07-07 09:15:55 CEST

CC: (none) => info

Comment 48 Michel Morisot 2011-07-07 09:19:11 CEST
Hello,

I tried using the card eid at home (x86), it works without problems. Thank You.

Now, do you think it would be possible to provide also the rpm of the GUI (beid-gui): http://code.google.com/p/eid-applet/
Comment 49 Wim Coulier 2011-07-07 10:10:32 CEST
Michel,

The eid-applet does not look to me like something that should be packaged (not required to be installed on the local machine, will be downloaded in the browser from the site using it).
However that is something else for the viewer. I guess that is what you wanted. The viewer project is at https://code.google.com/p/eid-viewer/

And a request to package that as well, I certainly can second that.

Wim
Comment 50 Michel Morisot 2011-07-07 11:49:33 CEST
hello,

Accurate, correct, I typed next

Thank You
Comment 51 Nicolas Vigier 2011-07-07 13:12:54 CEST
pushed to updates.

Status: NEW => RESOLVED
CC: (none) => boklm
Resolution: (none) => FIXED

Comment 52 AL13N 2011-07-07 20:38:46 CEST
I would just like to note that since they split this package up, perhaps you can request that package in a new bug report? perhaps someone would want to do it.

For myself i'm afraid i consider eid-viewer alot less important than the middleware; so i'm not sure i can spend time on that.
Comment 53 Michel Morisot 2011-07-07 22:05:54 CEST
hello,

Sure, it's less important than the middleware but sometimes it's interesting to know what is in the chip. Now I am in no position to ask for a rpm, since I do not have the skills to do
Comment 54 AL13N 2011-07-08 01:56:56 CEST
anyone can make a "feature request bug" here, if you want eid-viewer, you should go file a bug for it. no rpm skills required to file a bug here.
Raphaël Vinet 2011-07-24 08:36:06 CEST

CC: superaphke => mailinglistsduraph

Raphaël Vinet 2011-07-24 08:36:36 CEST

CC: mailinglistsduraph => (none)

Comment 55 Raphaël Vinet 2011-07-24 08:39:39 CEST
Hi,

For me and after using them several times since some weeks mageia packages are ok

For the eid-viewer i use eid-viewer-4.0.0-0.52.fc15.i686.rpm on  http://code.google.com/p/eid-viewer/downloads/list

Thx
A+
Raph

CC: (none) => mailinglistsduraph

Raphaël Vinet 2011-07-24 08:39:55 CEST

CC: mailinglistsduraph => (none)

Comment 56 Bert Aerts 2011-08-09 08:23:08 CEST
In Firefox 5.0.1 from core/updates_testing, the beid plugin is disabled as it is not compatible with version 5.0.1.

I found on http://code.google.com/p/eid-mw-continuous/downloads/list the file eid-mw-4.0.0-0.981.el6.x86_64.rpm which installed fine in Mageia 1 and is accepted in Firefox 5.0.1.
Comment 57 Michel Morisot 2011-08-09 08:35:01 CEST
hello,

Unless I am mistaken this is the version 1.1.11 of the plugin beid which is installed by default and it actually turns off when installing firefox 5.0.1. On the website of mozilla (extension: https://addons.mozilla.org/fr/firefox/addon/belgium-eid/ ) is the 1.1.12 version works. To be installed on top.
Comment 58 Michel Morisot 2011-08-10 09:28:58 CEST
hello,

a newer version is available for the eid. Would it be possible to propose updates.

Thank You

Status: RESOLVED => REOPENED
Resolution: FIXED => (none)

Comment 59 Samuel Verschelde 2011-08-10 14:01:02 CEST
Please do not reopen this bug report, which was closed when the update was pushed. You can open a new bugreport for any bugs or update request.

Status: REOPENED => RESOLVED
CC: (none) => stormi
Resolution: (none) => FIXED

Comment 60 Michel Morisot 2011-08-10 16:49:38 CEST
hello,

ok, thank you. Sorry.
Nicolas Vigier 2014-05-08 18:04:46 CEST

CC: boklm => (none)


Note You need to log in before you can comment on or make changes to this bug.