Re: Problems accessing ActivIdentity USB SIM under Gentoo Linux 64 bit on Intel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It appears my 32 bit system is no longer working.
Something seems to be awfully fragile.
It used to work 2 times in a row then fail on the third, quite reliably. :(

Now, it does not seem to work at all.

Find attached "pcscd -f -d -a" output and "-pkcs11_inspect debug" output.


On Mon, Jan 31, 2011 at 10:44 AM, Lyall Pearce <lyall.pearce@xxxxxxxxx> wrote:
Whoops, sorry, wrong files...

Please ignore the previous message.





On Mon, Jan 31, 2011 at 10:41 AM, Lyall Pearce <lyall.pearce@xxxxxxxxx> wrote:
Find attached the pcscd output and pkcs11_inspect output on the 64 bit system.



On Sat, Jan 22, 2011 at 9:55 PM, Lyall Pearce <lyall.pearce@xxxxxxxxx> wrote:
I am afraid you are talking to someone who has no idea about the intracies of the device I am looking at. My understanding is that is a single certificate device.

I sent the logs using pcsd -f -d -a, on the 32 bit system, I will send the logs for the 64 bit system in 48 hours (next working day)

32 bit system, using the USB Hub, works fine, even though the CPU itself is a 64 bit capable system.

32 bit system uname -a : Linux lyalls-pc 2.6.35-gentoo-r12 #5 SMP PREEMPT Sun Dec 19 09:52:32 CST 2010 i686 Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz GenuineIntel GNU/Linux

64 bit system, does not work, it's at work, I am at home right now. It has worked, Once.




On Fri, Jan 21, 2011 at 12:03 PM, Jack Magne <jmagne@xxxxxxxxxx> wrote:
On 01/20/2011 05:27 PM, Robert Relyea wrote:
On 01/20/2011 04:47 PM, Lyall Pearce wrote:
I have been attempting to get an ActivIdentity USB Token working on my Gentoo Linux 64 bit Intel system.

What firmware are you running on your ActivIdentity USB Token?
Coolkey only supports CAC and coolkey applets. Possibly PIV, but I've not gotten my hands on any PIV cards to test.

I have it working just fine on a Gentoo Linux 32 bit Intel system, however, I am unable to pkcs11_inspect the device on the 64 bit system.

I have seen it work just once.
I thought pkcs11_inspect goes directly to pcscd, so that would be before coolkey comes into play, but if that was the case ludovic would not have told you that the problem is likely in libcoolkey.

Basically, I am looking for guidance on what I need to supply, in order to assist with diagnosing this problem.

I have already been through the Muscle Mailing list and have been told, after supplying all sorts of output, that there is no problem with the PC/.SC level and to push back to the libcoolkey maintainers (by Dr Ludovic Rousseau).


Symptoms include
  • Hanging for what appears to be a minute before stating there is no token available
  • Simply stating there is no token available with virtually no delay
What are you running that returns this? pkcs11_instapec.
Curiously, I am unsure if it's coolkey or PC/SC but on the working 32 bit system, reads fail every third time, and I am not the only one to see this.

Hmm I'm running RHEL-6 and Fedora on both 32 bit and 64 bit systems. My guess is that you may be running into some timing issue with the ActivIdentity Token. Do you have access to some other version of linux with the same drivers installed to see if you have the same issues?

I am currently using Gentoo ebuild of coolkey 1.1.0-r3 where the gentoo patches include 9 separate patches, which include
  • cache-dir-move.patch
  • gcc43.patch
  • latest.patch
  • simple-bugs.patch
  • thread-fix.patch
  • cac.patch
  • cac-1.patch
  • pcsc-lite-fix.patch
The individual patches can be found at a  Gentoo distfiles mirror
Those appear to be the latest patches.

I am using kernel 2.6.35-gentoo-r15 and can supply any version info, if required. I am also able to build libraries with -g or any other build flags that may provide additional info, if required.

Any assistance would be greatly appreciated.
--
...Lyall



Also:

You could try running pcscd in the foreground with extra debugging info spewed to the screen:

/usr/sbin/pcscd -f -d -a

At the time when the card goes off, there might be something interesting to the screen.

You can get some logging info out of coolkey by setting this environ variable on the terminal from which you run your program:

export COOL_KEY_LOG_FILE=/tmp/coolkey.txt


_______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel


_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel




--
...Lyall




--
...Lyall




--
...Lyall




--
...Lyall

Attachment: commands.out.gz
Description: GNU Zip compressed data

Attachment: pcscd.out.gz
Description: GNU Zip compressed data

_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux