[Bug 304149] New: openct package broken in suse 10.1
https://bugzilla.novell.com/show_bug.cgi?id=304149 Summary: openct package broken in suse 10.1 Product: SUSE Linux 10.1 Version: Final Platform: 32bit OS/Version: SuSE Linux 10.1 Status: NEW Severity: Major Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: aj@dungeon.inka.de QAContact: qa@suse.de Found By: Community of Practice Hi, I'm the upstream maintainer of openct. I had a look at recent openct packages from suse and I'm pretty sure they are not working correctly. the hald addon uses /proc/bus/usb which does not exist in suse I'm told, it should instead use /dev/bus/usb. also the fdi map does not match smart card readers via usb interface class 0b. please use both the fdi map and hald-addon script from new openct 0.6.13 and update to 0.6.13 and you should be fine. also at least on ubuntu I had to install the hald-addon in /usr/bin, not /usr/sbin. please check the right location will be used for opensuse. thanks, Andreas -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149#c1 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|security-team@suse.de |sbrabec@novell.com --- Comment #1 from Ludwig Nussel <lnussel@novell.com> 2007-08-24 00:57:20 MST --- reassign to maintainer -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149#c2 --- Comment #2 from Ludwig Nussel <lnussel@novell.com> 2007-08-24 00:57:31 MST --- *** Bug 304148 has been marked as a duplicate of this bug. *** https://bugzilla.novell.com/show_bug.cgi?id=304148 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149#c3 --- Comment #3 from Ludwig Nussel <lnussel@novell.com> 2007-08-24 00:57:38 MST --- *** Bug 304147 has been marked as a duplicate of this bug. *** https://bugzilla.novell.com/show_bug.cgi?id=304147 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149#c4 Stanislav Brabec <sbrabec@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #4 from Stanislav Brabec <sbrabec@novell.com> 2007-08-24 08:29:57 MST --- Updated for OpenSUSE 10.3 (partially related: bug 304316). WONTFIX for 10.1, but might be good to fix for SLES10. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149#c7 Stanislav Brabec <sbrabec@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |silviu_marin-caea@otpbank.ro --- Comment #7 from Stanislav Brabec <sbrabec@novell.com> 2007-09-11 10:25:35 MST --- *** Bug 284583 has been marked as a duplicate of this bug. *** https://bugzilla.novell.com/show_bug.cgi?id=284583 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149#c8 --- Comment #8 from Stanislav Brabec <sbrabec@novell.com> 2007-09-11 10:26:19 MST --- Even after update is does not work in openct-0.6.13, as reported in bug 284583. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149#c9 Stanislav Brabec <sbrabec@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |silviu_marin-caea@otpbank.ro --- Comment #9 from Stanislav Brabec <sbrabec@novell.com> 2007-09-11 10:58:54 MST --- Could you try to edit /usr/lib/hal/hald-addon-openct and add some debugging output there: #!/bin/bash exec >/tmp/hald-addon-openct.log exec 2>&1 echo "$*" set +x .. the rest of the sript (You can also verify atime to check, whether this script was even called.) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149#c10 --- Comment #10 from Silviu Marin-Caea <silviu_marin-caea@otpbank.ro> 2007-09-12 04:37:03 MST --- It doesn't appear to have been called. I have a nice system prompt with the time in it, to help see things clearly. 08:45:11 root@silviu:~# opensc-tool --list-readers winscard_clnt.c:3420:SCardCheckDaemonAvailability() PCSC Not Running Readers known about: Nr. Driver Name 0 openct Aladdin eToken PRO 1 openct OpenCT reader (detached) 2 openct OpenCT reader (detached) 3 openct OpenCT reader (detached) 4 openct OpenCT reader (detached) # reinsert token 08:46:03 root@silviu:~# opensc-tool --list-readers winscard_clnt.c:3420:SCardCheckDaemonAvailability() PCSC Not Running Readers known about: Nr. Driver Name 0 openct OpenCT reader (detached) 1 openct OpenCT reader (detached) 2 openct OpenCT reader (detached) 3 openct OpenCT reader (detached) 4 openct OpenCT reader (detached) 08:46:11 root@silviu:~# cat /tmp/hald-addon-openct.log cat: /tmp/hald-addon-openct.log: No such file or directory 08:46:26 root@silviu:~# rcopenct restart Stopping smart card terminals0 processes killed. done Starting smart card terminals done 08:46:38 roopensc-tool --list-readers winscard_clnt.c:3420:SCardCheckDaemonAvailability() PCSC Not Running Readers known about: Nr. Driver Name 0 openct Aladdin eToken PRO 1 openct OpenCT reader (detached) 2 openct OpenCT reader (detached) 3 openct OpenCT reader (detached) 4 openct OpenCT reader (detached) 08:46:41 rocat /tmp/hald-addon-openct.log cat: /tmp/hald-addon-openct.log: No such file or directory 08:46:44 root@silviu:~# stat /usr/lib64/hal/hald-addon-openct File: `/usr/lib64/hal/hald-addon-openct' Size: 550 Blocks: 8 IO Block: 4096 regular file Device: 804h/2052d Inode: 2251972 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2007-09-12 08:44:39.000000000 +0300 Modify: 2007-09-12 08:44:39.000000000 +0300 Change: 2007-09-12 08:44:39.000000000 +0300 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149#c11 --- Comment #11 from Silviu Marin-Caea <silviu_marin-caea@otpbank.ro> 2007-09-12 04:46:11 MST --- Wait a minute! /usr/lib64/hal/hald-addon-openct was not executable! This is the problem. I have reinstalled openct-0.6.13-4.x86_64.rpm from Factory, and this file does not have the execute bit. chmod a+x solves the problem with the token not being seen after reinsert. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149#c12 Silviu Marin-Caea <silviu_marin-caea@otpbank.ro> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED Info Provider|silviu_marin-caea@otpbank.ro | --- Comment #12 from Silviu Marin-Caea <silviu_marin-caea@otpbank.ro> 2007-09-12 07:23:59 MST --- Since this bug appears for version 10.1 final, I think something should be done so it gets fixed in time for 10.3. Change the version here or reopen https://bugzilla.novell.com/show_bug.cgi?id=284583 ? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149#c13 --- Comment #13 from Stanislav Brabec <sbrabec@novell.com> 2007-09-12 07:53:01 MST --- Submitted for Factory. Keeping this bug opened for SLE10. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149#c14 --- Comment #14 from Silviu Marin-Caea <silviu_marin-caea@otpbank.ro> 2007-09-24 05:25:47 MST --- In RC1 the bug appears to be fixed (the script is executable now). The token is detected properly, each time. I would close the bug for Factory, but I don't know the bug # There is just one more cosmetic thing: the "status" of the /etc/init.d/openct script is not working properly. It displays "running" even if the service is stopped. I guess I should open another bug for that, with the lowest severity. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149#c15 Carl Linden <clinden@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |clinden@novell.com --- Comment #15 from Carl Linden <clinden@novell.com> 2007-10-25 03:32:40 MST --- Will this defect be looked at for SLED10 aswell, I currently have seen this at customer when I been testing openct. //Carl -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149#c17 Stanislav Brabec <sbrabec@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |dkukawka@novell.com --- Comment #17 from Stanislav Brabec <sbrabec@novell.com> 2007-12-03 09:00:11 MST --- SLES10 uses custom openct fdi files, but it seems, that hal addon location is incorrect. openct uses: /usr/sbin correct seems to be: %{_libdir}/hal Danny, what is the correct match for a generic USB device for SLES10? <match key="info.bus" string="usb_device"> (as used by 10-wireless-mice.fdi and 10-usb-openct.fdi) or <match key="info.bus" string="usb"> (as used by 10-usb-music-players.fdi and 10-camera-ptp.fdi) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149 User dkukawka@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=304149#c18 Danny Kukawka <dkukawka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dkukawka@novell.com Status|NEEDINFO |ASSIGNED Info Provider|dkukawka@novell.com | --- Comment #18 from Danny Kukawka <dkukawka@novell.com> 2007-12-07 07:44:08 MST --- The correct path for addons would be /usr/lib/hal/ or /usr/lib64/hal/ on 64bit, but not /usr/sbin. The spec says about 'usb_device': "For device objects representing USB devices the property info.subsystem will be usb_device, and the following properties will be available. Note that the corresponding USB interfaces are represented by separate device objects as children." This are all devices which have a ':' in the last part of the sysfs path (the part behind the last '/'). And about 'usb': "Device objects that represent USB interfaces, ie. when info.subsystem assumes usb, are represented by the properties below. In addition all the usb_device.* properties from the parent USB device is available in this namespace but only with the usb prefix instead of usb_device." You have to check lshal to find out, what you need. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149 User sbrabec@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=304149#c19 --- Comment #19 from Stanislav Brabec <sbrabec@novell.com> 2008-10-31 08:54:53 MDT --- I just fixed more opect packaging issues for openSUSE 11.1 and it seems to work both with hotplug and coldplug. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149 User sbrabec@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=304149#c20 Stanislav Brabec <sbrabec@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO Info Provider| |ptesarik@novell.com --- Comment #20 from Stanislav Brabec <sbrabec@novell.com> 2009-03-23 11:23:49 MST --- SLES11 is out and mentioned issues should be fixed there. Should I backport these fixes for the next SP of SLES10? Note: Smart Cards probably never worked correctly in SLES10 and this fix is probably only one part to make them working there. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149 User silviu_marin-caea@otpbank.ro added comment https://bugzilla.novell.com/show_bug.cgi?id=304149#c21 --- Comment #21 from Silviu Marin-Caea <silviu_marin-caea@otpbank.ro> 2009-03-24 00:58:04 MST --- I'm using openSUSE Factory right now and I still see one annoying bug. After booting the computer it's necessary to restart the openct service to get it to work. I don't remember any version of openSUSE that openct worked flawlessly since I've started using a token of my computer. :-( I'll try to provide some details, so it's not just useless whining. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149 User silviu_marin-caea@otpbank.ro added comment https://bugzilla.novell.com/show_bug.cgi?id=304149#c22 --- Comment #22 from Silviu Marin-Caea <silviu_marin-caea@otpbank.ro> 2009-03-24 09:25:16 MST --- Ok, this is embarrassing. The openct service is not enabled by default, that's why it "needed restart". Sorry. However, a mechanism that would enable the service the first time the user inserts a token would be a nice usability feature. Isn't that possible with hal scripts? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=304149 User sbrabec@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=304149#c23 --- Comment #23 from Stanislav Brabec <sbrabec@novell.com> 2009-03-24 09:54:15 MST --- Yes, comment 21 is a known issue. The whole smart cart infrastructure was installed by default in past, as it was introduced by dependencies of ssh and other packages. It was not a good idea to start all these daemons for all users, especially if 99.9% of them has no smart card reader. To fix this issue completely (see also bug 466430), we need: - Split smart card packages according to shared library policy (not applicable for openct). - Remove smart card infrastructure from the default installation. - Provide auto-installation support when smart card readed is available (hardware supplements for ZYPP; not possible for serial readers). - Then we can start daemon by default or ensure that HAL addon does it automatically. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com