Bugzilla – Bug 555660
cyberjack cardreader is not accessible
Last modified: 2016-04-15 10:31:17 UTC
As with every single new openSUSE distribution a cyberjack reader is not accessible with the included cyberjack drivers again :-( Trying to use it with PC/SC shows up the following in /var/log/messages: Nov 15 20:58:50 Hygiea pcscd: readerfactory.c:1050:RFInitializeReader() Open Port 200000 Failed (usb:0c4b/0300:libhal:/org/freedesktop/H al/devices/usb_device_c4b_300_0970975811_if0) Nov 15 20:58:50 Hygiea pcscd: readerfactory.c:233:RFAddReader() REINER SCT CyberJack pp_a (0970975811) init failed. Nov 15 20:58:50 Hygiea pcscd: readerfactory.c:1050:RFInitializeReader() Open Port 200000 Failed (usb:0c4b/0300:libusb:003:002) Nov 15 20:58:50 Hygiea pcscd: readerfactory.c:233:RFAddReader() REINER SCT CyberJack pp_a (0970975811) init failed. Nov 15 20:58:50 Hygiea pcscd: hotplug_libhal.c:468:HPAddDevice() Failed adding USB device: usb_device_c4b_300_0970975811_if0 Nov 15 20:58:50 Hygiea kernel: [ 35.656558] usb 3-1: usbfs: interface 0 claimed by usbfs while 'pcscd' sets config #1 q And accessing it directly using the ctapi interface is not possible because of permission issues: wolfi@Hygiea:~> ll /dev/bus/usb/003/002 crw-rw-r-- 1 root root 189, 257 15. Nov 20:58 /dev/bus/usb/003/002 wolfi@Hygiea:~> getfacl /dev/bus/usb/003/002 getfacl: Entferne führende '/' von absoluten Pfadnamen # file: dev/bus/usb/003/002 # owner: root # group: root user::rw- group::rw- other::r--
I have the same probleme. I use moneyplex 2007 and I have only access to the chip-drive (Cyberjack Secoder) if I set manualy the permissions of the drive-file to 666 (chmod o+w).
Ok, I've tried to follow what changed again but failed. I know that the HAL fdi which specified that smartcard readers should get acl management does not exist anymore. There is some acl handling in /lib/udev/rules.d/70-acl.rules which also has some reference to smartcard readers but I have absolutely no idea how to debug or fix that with my limited udev/hal/whatever knowledge.
Fixed in security:chipcard (aka devel project): ------------------------------------------------------------------- Mon Dec 21 21:00:23 CET 2009 - wr@rosenauer.org - Updated to version 3.3.3 * compatible with recent libusb - Added udev rules for ACL access (bnc#555660) - Removed support for 10.3 and older Works for me on 11.2. Not sure if this deserves an official update (for me it certainly would). Stanislav, if you have fancy ideas to create the udev file automatically feel free ;-)
I've found out yesterday that Packman has also packages with the cyberjack-driver. So I've tested that packages. I've installed the packages ctapi-cyberjack, ctapi-cyberjack and libctapi-cyberjack. A group called cyberjack has been automatically created. I've added my user to that group and after a relogin all works.
That is basically what the upstream package does as well. It might be easy to implement but having to add a user to a group is considered suboptimal as well. So we went for the "automatic" solution years ago but it's fragile and changing with every openSUSE release. Anyway it's fixed now and every user which is logged in to the local machine can access the cardreader and not only users which are manually added to the group.
@maintenance, is a completely incompatible hardware driver considered to be updated to a working version or do we expect people to find security:chipcard or using third party packages as replacement?
+1 (for an update)
Since it seems the shipping version does not work, +1 for updating
The UDEV rules for ACL access are the right way to solve this. I had hoped the HAL/UDEV maintainers would have fixed all packages, but they did not care about them. No special group creation please. +1 for update.
Well, incomplete migration from HAL to udev is a good reason to update all affected devices. Cyberjack is the worst affected - banking tools use direct access to the USB device, which requires correct privileges. I have encountered just another problem: YaST should automatically pick correct driver packages when the reader is connected. It seems to not work as well. udev rules should follow the same privileges as HAL rules did, i. e. one common UID+GID "scard" for all types of smart card readers.
are there any changes in the version upgrade that could break things? in theory we would just use the needed fixes if possible, but if the version upgrade is safe then I would be fine with it. an sbrabec, NEVER remove NEEDINFO maintenance@opensuse.org, it drops the bug from our radar. I will asign a SWAMPID, please submit the fixed pasckages and tell me the package name
The SWAMPID for this issue is 29837. Please submit the patch and patchinfo file using this ID. (https://swamp.suse.de/webswamp/wf/29837)
(In reply to comment #11) > are there any changes in the version upgrade that could break things? No. Nothing outside of the driver is affected and the shipped version is not compatible with the libusb version in 11.2 so 0% success rate w/o update anyway. (In reply to comment #10) > udev rules should follow the same privileges as HAL rules did, i. e. one common > UID+GID "scard" for all types of smart card readers. udev already has a rule for ID_SMARTCARD_READERS. There just is/was no mapping of any device to ID_SMARTCARD_READERS so the new package adds a new udev rules file which sets ID_SMARTCARD_READERS for every known cyberjack device. I hope it's ok that way but at least it works. Someone should review though.
To Wolfgang: Please report the comment 13 issue 1 as a separate bug report and assign it to me. It seems to be a libusb-compat issue that should be fixed even if new version migrates to libusb1. See bug 559697 that may be related. Looking at the security:chipcard update, I see that you disabled support for <= 10.3 (e. g. SLE10). Does it have any special reason? Other packages in this project still support SLE10.
(In reply to comment #14) > Looking at the security:chipcard update, I see that you disabled support for <= > 10.3 (e. g. SLE10). Does it have any special reason? Other packages in this > project still support SLE10. Hmm, no special reason but all the special handling for every single openSUSE/SUSE distribution was quite confusing and I've thought the current package wouldn't be of much interest for SLES10.
I just created a new testing package in security:chipcard. It is based on your update and returns SLE10 support. It introduces one important change: Direct use of libusb1 instead of use of libusb1 through libusb-compat layer in openSUSE 11.2. Please test. If it works, it could be a candidate for openSUSE 11.2 Online Update.
Ping. Is there any owner of this reader who can perform testing of update from http://download.opensuse.org/repositories/security:/chipcard/openSUSE_11.2/
What is the status here? Can you submit the fixed sources against the update-test repo and give me a package list? Then I can write the patchinfo.
Status: I don't have the card reader available. That is why I cannot test the package in comment #17. But I can submit it to Update:Test.
Yes, submit it against update:test ... give it a try ;-)
I tested it, and couldn't get it to work in moneyplex2009. Two things: 1. Please update to latest version 3.3.5 2. Add the cyberjack testing tool (see packman package)
Just for the record. I'm using it with moneyplex almost every day so I think the above is a support issue and no bug. I won't comment on the version upgrade though.
The issue/update is open for a long time. :-( Is there anything that we can push as a maintenance update into the test channel or is it better to wait and cancle the update here?
As I wrote a few times the package in security:chipcard works for me basically. Meanwhile I saw issues which might be related to the 3.3.3 version and today I've updated the version in security:chipcard to most recent 3.3.5. I'll test it as soon as possible in my environment for 11.2 and I think we should get it out if it works. Everyone following this bug might check the recent version once it is available in OBS and report issues here. Leaving NEEDINFO until I can provide more testing feedback.
I've tested the new version yesterday with my cyberjack pinpad reader using cjgeldkarte and moneyplex and both worked for me well. I've just submitreq the version to Factory and propose to update to it for 11.2 as well.
(In reply to comment #25) > I've tested the new version yesterday with my cyberjack pinpad reader using > cjgeldkarte and moneyplex and both worked for me well. nice :-) > I've just submitreq the version to Factory and propose to update to it for 11.2 > as well. Yes. Be so kind and also submit it to 11.2-update. TIA
version 3.3.5-31.1 in obs:security:chipcard works under openSUSE 11.2 64bit with ReinerSCT cyberjack secoder. Tested commandline output "cyberjack" OK and moneyplex (using /usr/lib/readers/libctapi-cyberjack.so). Packages installed: ctapi-cyberjack and ctapi-cyberjack-32bit
created request id 37259 for openSUSE:11.2:Update:Test
Wolfgang, thanks! :-) I added a patchinfo. Update should be available within the next hours in the update channel for testing.
Update released for: ctapi-cyberjack, ctapi-cyberjack-debuginfo, pcsc-cyberjack, pcsc-cyberjack-debuginfo, pcsc-cyberjack-debugsource Products: openSUSE 11.2 (debug, i586, x86_64)
again, with the newly released openSUSE 11.3 the cardreader cannot be used from moneyplex. Cardreader information shows everything ok, except for group which shouldn't be the problem on opensuse as this is handled differently. There is no library file/link found moneyplex is accepting in /usr/lib64/ nor in ./readers/ or ./cyberjack/ as there has been on 11.2
deeny, you hijacked this unfinished bugreport. please try avoid doing so in the future. reassign back to sbrabec
Sorry Marcus, won't happen again. Btw. Moneyplex seemed to require the 32bit driver package (on the 64bit system) in order to work properly. I will add this note on the wiki, but maybe it could be added somewhere else too, like the package description.
I guess that this bug is fixed, and the later breakage was fixed as well as bug 681130. I don't have the needed hardware, so I cannot verify it. If it is not true, feel free to reopen.
This is an autogenerated message for OBS integration: This bug (555660) was mentioned in https://build.opensuse.org/request/show/37259 11.2:Test / pcsc-cyberjack