Friday, October 15, 2021

What happened 20 years ago?

The 14th of October 2001 I became a Debian Developer (or DD).

You can get some more details from https://nm.debian.org/person/rousseau/

History of my Debian packages

Unsurprisingly I mostly maintain smart card related packages.

2001

  • pcsc-perl Perl interface to the PC/SC smart card library
  • pcsc-tools Some tools to use with smart cards and PC/SC

2002

  • ifd-gempc
    • libgempc410 - PC/SC driver for the GemPC 410, 412, 413 and 415 smart card readers
    • libgempc430 - PC/SC driver for the GemPC 430, 432, 435 smart card readers
  • pcsc-lite
    • pcscd - Middleware to access a smart card using PC/SC (daemon side) 
    • libpcsclite1 - Middleware to access a smart card using PC/SC (library) 
    • libpcsclite-dev - Middleware to access a smart card using PC/SC (development files)

2003

  • ccid PC/SC driver for USB CCID smart card readers
  • pilot-link
    • libpisock9 - library for communicating with a PalmOS PDA
    • libpisync1 - synchronization library for PalmOS devices
    • pilot-link - tools to communicate with a PalmOS PDA
    • python-pisock - Python module to communicate with PalmOS PDA
    • libpisock-dev - development files for communicating with a PalmOS PDA
    • python-pisock-dbg - Python module to communicate with PalmOS PDA (debug extension)

    • I will stoped maintaining pilot-link in 2019 because I do not have a Palm pilot any more.

2004

  • jpilot 
    • jpilot - graphical app. to modify the contents of your Palm Pilot's DBs
    • jpilot-plugins - plugins for jpilot (Palm Pilot desktop)
       
    • I will stoped maintaining jpilot in 2019 for the same reason I stopped maintaining pilot-link

2005

  • asedriveiiie
    • libasedrive-serial - PC/SC driver for the Athena ASEDrive IIIe serial smart card reader
    • libasedrive-usb - PC/SC driver for the Athena ASEDrive IIIe USB smart card reader  

2007

  • coolkey
    • coolkey - Smart Card PKCS #11 cryptographic module
    • libckyapplet1 - Smart Card Coolkey applet
    • libckyapplet1-dev - Smart Card Coolkey applet development files 

2008

  • pykcs11 - PKCS#11 wrapper for Python
  • pyscard - Python3 wrapper above PC/SC API

2009

  • pam-pkcs11 - Fully featured PAM module for using PKCS#11 smart cards
  • colormake - simple wrapper around make to colorize output

2013

  • vgrabbj - grabs an image from a camera and puts it in jpg/png format
  • acsccid - PC/SC driver for ACS USB CCID smart card readers
    • I just sponsor this package because the package maintainer is not a Debian Developer

2016

  • grisbi - personal finance management program

2017

  • 0ad - Real-time strategy game of ancient warfare
  • 0ad-data - Real-time strategy game of ancient warfare (data files)

2020

  • libnfc
    • libnfc-bin - Near Field Communication (NFC) binaries
    • libnfc-dev - Near Field Communication (NFC) library (development files)
    • libnfc-examples - Near Field Communication (NFC) examples
    • libnfc-pn53x-examples - Near Field Communication (NFC) examples for PN53x chips only
    • libnfc6 - Near Field Communication (NFC) library 

You can have a list of my packages and their status at my Debian QA page.


Why?

I maintain Debian packages for different reasons.

  • I maintain the package upstream.
    • For example I am the author and maintainer of the CCID driver. And I also maintain the Debian package for this software.
  • I use the package and it has been orphaned. It may have been orphaned in Debian or also orphaned upstream.
    • For example I am not the original author of pcsc-lite. I first started providing bug reports, then patches. I got a write access on the source code repository. I made new releases. And eventually I am on the only maintainer of pcsc-lite.


Conclusion

I think Debian is a very nice project. I do plan to continue maintaining my packages for the next 10 or 20 years. Maybe more :-)

Tuesday, October 12, 2021

No more error logs when a USB reader is removed

When a USB reader was removed you got error logs from the CCID driver. Something like:

00000000 [140295925790464] ccid_usb.c:871:WriteUSB() write failed (1/22): -4 LIBUSB_ERROR_NO_DEVICE
00000506 [140295934183168] ccid_usb.c:871:WriteUSB() write failed (1/22): -4 LIBUSB_ERROR_NO_DEVICE

 

Why?

The first error is because IFDHICCPresence() sends the CCID command PC_to_RDR_GetSlotStatus to know if a card is present.

The second error is because IFDHCloseChannel() sends the CCID command PC_to_RDR_IccPowerOff to power off the card.

But since the USB device has been removed these 2 CCID commands fails and logs the error.  

 

Solution

I had to modify both pcsc-lite (the middleware) and libccid (the smart card reader driver) so they both cooperate to fix the problem.

Now when pcscd detects that a reader has been removed it uses IFDHSetCapabilities() with the new tag TAG_IFD_DEVICE_REMOVED to indicate to the driver that the reader has been removed and that there is no point in trying to send commands to a no more connected reader.

 

Bug reports

The problem has been initially reported by a Fedora user at "Bug 2011128 - pcscd spam syslog when the laptop is undocked and the reader is connected through the dock".

Then Jakub Jelen from RedHat forwarded the bug upstream (to me) at "Reader disconnects are noisy in journal/logs #110" so I am aware of the problem.

The problem was then fixed 5 days later in "Use TAG_IFD_DEVICE_REMOVED when the reader is removed" for pcsc-lite and "Avoid logging errors when a reader is removed" for libccid.

Report upstream

The important point here is that users must reports bugs to their distribution. And distributions must report the problems upstream. It works well (in general).

What does not work is if you know of a problem and the problem does not come to me. For example this bug "Memory leak in pcscd" has been reported to pfSense 3 months ago and no one from pfSense took the time to report the bug upstream (to me). They just discussed about how to remove/disable pcsc-lite from pfSense instead.

I don't have a pfSense account so I can't comment on their bug tracker. I can't create an account on the bug trackers of every project that use my software. That is not how it is supposed to work. Distributors should forward bugs to the upstream projects.

I don't know if the problem is because pfSense is a commercial product or if it is because it uses FreeBSD. (be careful, a troll may be hidden in the previous sentence).


Conclusion

Don't be shy, report bugs.

Don't be shy, forward bugs upstream.

Friday, October 1, 2021

New version of pcsc-lite: 1.9.4

I just released a new version of pcsc-lite 1.9.4.
pcsc-lite is a Free Software implementation of the PC/SC (or WinSCard) API for Unix systems.

This version fixes a memory leak when libusb is used for the hotplug mechanism. GNU/Linux systems should use libudev instead of libusb for hotplug so they should not be concerned. FreeBSD systems and other non-Linux systems had the problem.

The memory leak problem was also reported on the pfSense project at https://redmine.pfsense.org/issues/12095.

Changes:

1.9.4: Ludovic Rousseau
1 October 2021

  •  fix a memory leak when libusb is used for hotplug (i.e. non-Linux systems)

Wednesday, September 22, 2021

PySCard 2.0.2 released

I just released a new version 2.0.2 of pyscard. PySCard is a python module adding smart cards support (PC/SC) to Python.

The PySCard project is available at:

This version is a bug fix release.

Changes:

  • Fix an issue in ReaderMonitor() that failed to enumerate readers on macOS
  • getReaderNames(): handle SCARD_E_SERVICE_STOPPED on Windows generated on last reader removal
  • Restrict MAX_BUFFER_SIZE_EXTENDED to 65535 and fix an issue on Lenovo laptops with NXP NFC readers
  • SmartcardException: display a positive PCSC error code

Monday, August 30, 2021

New version of libccid: 1.4.36

I just released version 1.4.36 of libccid the Free Software CCID class smart card reader driver.

Changes:

1.4.36 - 30 August 2021, Ludovic Rousseau

  • Add support of
    • Lenovo Lenovo Smartcard Wired Keyboard II
    • REINER SCT tanJack USB
    • SafeNet eToken 5110+ FIPS
    • SafeNet eToken 5300 C
    • jSolutions s.r.o. Multi SIM card reader 4/8
  • parse: fix check when bNumDataRatesSupported = 0

Friday, August 6, 2021

New version of pcsc-lite: 1.9.3

I just released a new version of pcsc-lite 1.9.3.
pcsc-lite is a Free Software implementation of the PC/SC (or WinSCard) API for Unix systems.

Please do not use or deploy version 1.9.2 (the previous and bogus version) if you depend on systemd to start the pcscd process.


Changes:

1.9.3: Ludovic Rousseau
6 August 2021

  •  fix a stupid regression with systemd introduced in the previous version

Wednesday, August 4, 2021

pcsc-lite: configuration using /etc/default/pcscd

Version 1.9.2 of pcsc-lite adds a new configuration possibility: systemd EnvironmentFile

 

systemd EnvironmentFile

With systemd it is possible to configure a file that will contain definitions for the process started by systemd. In our case the started process is the daemon pcscd.

The file name is defined in pcscd.service and is, by default, /etc/default/pcscd. You can change the path using --sysconfdir= argument for ./configure.


pcscd environment variables

A first use case is to define environment variables to change the behaviour of pcscd.

For example you can add in this file:

PCSCLITE_FILTER_IGNORE_READER_NAMES="Twin"

so that readers with "Twin" in the name will be ignored.

See "Remove and/or customize PC/SC reader names" for more details and use cases.

You can also define other variables like:

 

pcscd arguments

pcscd is started with the extra parameter $PCSCD_ARGS. By default this variable is empty. But you can define PCSCD_ARGS in /etc/default/pcscd to add more arguments to pcscd.

For example you can use:

PCSCD_ARGS=--debug

to get debug messages in the systemd journal.

To see the pcscd logs in live use:

$ journalctl --unit pcscd --follow


Conclusion

/etc/default/pcscd is a user file so you can edit it as you like. It should not prevent a package upgrade for example.

It is also much simpler and safer than editing systemd files directly.