[Pcsclite-muscle] Compatibility of pcscd and libpcsclite
Andreas Schwier
andreas.schwier at cardcontact.de
Fri Oct 4 06:26:28 PDT 2024
That pretty much sounds like it. So I better mount the libpcsclite from
the host into the container.
Distros are sometimes doing strange things. I'm currently scratching my
head, as AlmaLinux does not seem to include pcsc-lite-devel, which makes
compiling smart card applications a big issue. I already include the
devel and test repos, but the package does not show up.
Thanks.
On 04.10.24 14:44, Ludovic Rousseau wrote:
> Le ven. 4 oct. 2024 à 13:07, Andreas Schwier
> <andreas.schwier at cardcontact.de> a écrit :
>>
>> Hi Ludovic,
>
> Hello Andreas,
>
>> for SmartCard-HSM users that want to use the device in a docker
>> container, we usually recommend to pass the pcscd socket into the
>> container and use libpcsclite in the container to access the daemon.
>> That works quite well.
>>
>> We now wanted to do the same for an EJBCA image, which is based on
>> AlmaLinux (a Redhat derivate). But here we are seeing a compatibility
>> issue between the pcscd daemon running on the host (Debian 12 bookworm)
>> and libpcsclite installed in the container.
>>
>> The artifacts are pretty close regarding version numbers:
>>
>> AlmaLinux release 9.4 (Seafoam Ocelot)
>> pcsc-lite-libs;1.9.4-1.el9;x86_64;baseos
>>
>> Debian 12 Bookworm
>> libpcsclite1/stable,now 1.9.9-2 amd64 [installed,automatic]
>> pcscd/stable,now 1.9.9-2 amd64 [installed]
>>
>> If we copy the libpcsclite from Debian 12 into the AlmaLinux container
>> it works. If we use the libpcsclite from AlmaLinux, the lib hangs
>> immediately after opening the socket:
>>
>> [pid 2216] openat(AT_FDCWD,
>> "/root/tmp/sc-hsm-embedded/pkcs11-2215.log", O_RDWR|O_CREAT|O_APPEND,
>> 0666) = -1 ENOENT (No such file or directory)
>> Can't create: '/root/tmp/sc-hsm-embedded/pkcs11-2215.log'.
>> [pid 2216] readlink("/proc/self/exe",
>> "/usr/lib/jvm/java-11-slim/bin/ja"..., 1023) = 34
>> [pid 2216] newfstatat(AT_FDCWD, "/run/pcscd/pcscd.comm",
>> {st_mode=S_IFSOCK|0666, st_size=0, ...}, 0) = 0
>>
>> The daemon logs:
>>
>> 99999999 [140042913912832] winscard_msg_srv.c:256:ProcessEventsServer()
>> Common channel packet arrival
>> 00000022 [140042913912832] winscard_msg_srv.c:267:ProcessEventsServer()
>> ProcessCommonChannelRequest detects: 12
>> 00000004 [140042913912832] pcscdaemon.c:133:SVCServiceRunLoop() A new
>> context thread creation is requested: 12
>> 00000069 [140042880063168] winscard_svc.c:340:ContextThread() Authorized
>> PC/SC client
>> 00000022 [140042880063168] winscard_svc.c:343:ContextThread() Thread is
>> started: dwClientID=12, threadContext @0x5580cd0f5ca0
>> 00000004 [140042880063168] winscard_svc.c:361:ContextThread() Received
>> command: CMD_VERSION from client 12
>> 00000002 [140042880063168] winscard_svc.c:373:ContextThread() Client is
>> protocol version 4:4
>> 00000001 [140042880063168] winscard_svc.c:396:ContextThread()
>> CMD_VERSION for client 12, rv=SCARD_S_SUCCESS
>> 00000016 [140042880063168] winscard_svc.c:361:ContextThread() Received
>> command: ESTABLISH_CONTEXT from client 12
>> 00000003 [140042880063168] winscard.c:215:SCardEstablishContext()
>> Establishing Context: 0x24AC325B
>> 00000001 [140042880063168] winscard_svc.c:465:ContextThread()
>> ESTABLISH_CONTEXT for client 12, rv=SCARD_S_SUCCESS
>> 00000008 [140042880063168] winscard_svc.c:361:ContextThread() Received
>> command: CMD_GET_READERS_STATE from client 12
>>
>>
>> Is there any statement of compatibility between daemon and library ? Or
>> is this some specific issue with the Redhat compile vs Debian compile ?
>>
>> Is there any way to further diagnose the issue in libpcsclite ?
>
> It looks like the problem described in "Fedora, flatpak and pcsc-lite"
> https://blog.apdu.fr/posts/2022/02/fedora-flatpak-and-pcsc-lite/
>
> Bye
>
--
--------- CardContact Systems GmbH
|.##> <##.| Schülerweg 38
|# #| D-32429 Minden, Germany
|# #| Phone +49 571 56149
|'##> <##'| http://www.cardcontact.de
--------- Registergericht Bad Oeynhausen HRB 14880
Geschäftsführer Andreas Schwier
More information about the pcsclite-muscle
mailing list