[Pcsclite-muscle] Compatibility of pcscd and libpcsclite
Andreas Schwier
andreas.schwier at cardcontact.de
Sun Oct 6 06:30:02 PDT 2024
Thanks Marcin for the hint, found that after spending some time figuring
out how the AlmaLinux repos are structured.
We now have an updated integration setup with EJBCA at [1]. That uses a
docker builder to create the PKCS#11 module and have that injected into
the EJBCA image.
I agree on p11-kit, even though I find the URL scheme a little over the top.
[1]
https://github.com/Keyfactor/keyfactorcommunity/tree/main/hsm-integration/hsm-driver-smartcard-hsm
On 05.10.24 15:16, Marcin Cieslak wrote:
> On Fri, 4 Oct 2024, Andreas Schwier wrote:
>
>> That pretty much sounds like it. So I better mount the libpcsclite
>> from the host into the container.
>>
>> Distros are sometimes doing strange things. I'm currently scratching
>> my head, as AlmaLinux does not seem to include pcsc-lite-devel, which
>> makes compiling smart card applications a big issue. I already include
>> the devel and test repos, but the package does not show up.
>
> It does, just enable the "crb" repository:
>
> $ dnf --enablerepo crb list \*pcsc\*
> Last metadata expiration check: 0:00:16 ago on Sat Oct 5 14:56:25 2024.
> Available Packages
> pcsc-cyberjack.x86_64 3.99.5final.SP15-1.el9 epel pcsc-cyberjack-cjflash.x86_64 3.99.5final.SP15-1.el9 epel pcsc-cyberjack-examples.noarch 3.99.5final.SP15-1.el9 epel pcsc-lite.x86_64 1.9.4-1.el9 baseos
> pcsc-lite-ccid.x86_64 1.5.2-1.el9 baseos
> pcsc-lite-devel.i686 1.9.4-1.el9 crb pcsc-lite-devel.x86_64 1.9.4-1.el9 crb pcsc-lite-libs.i686 1.9.4-1.el9 baseos
> pcsc-lite-libs.x86_64 1.9.4-1.el9 baseos
> pcsc-perl.x86_64 1.4.14-24.el9 epel pcsc-tools.x86_64 1.6.2-2.el9 epel pcsc-tools-gscriptor.x86_64 1.6.2-2.el9 epel
>
> In general, I find smartcard integeration work done in the Enterprise
> Linux derivatives
> very good (except maybe some glitches
> https://github.com/alonbl/gnupg-pkcs11-scd/issues/63
>
> The way they try to bring all PKCS#11 drivers under one hut with
> /usr/lib64/p11-kit-proxy.so
> is pretty neat solution in my opinion.
>
> I agree that their approach might be opinionate, but if one sticks to
> stuff they package
> things mostly work. I wonder if the MAX_READERS_CONTEXTS problem can be
> fixed
> without breaking the ABI.
>
> Marcin
--
--------- CardContact Systems GmbH
|.##> <##.| Schülerweg 38
|# #| D-32429 Minden, Germany
|# #| Phone +49 571 56149
|'##> <##'| http://www.cardcontact.de
--------- Registergericht Bad Oeynhausen HRB 14880
Geschäftsführer Andreas Schwier
More information about the pcsclite-muscle
mailing list