Bug 559552
| Summary: | Review Request: qca-pkcs11 - Smartcard integration for QCA | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Juha Tuomala <tuju> |
| Component: | Package Review | Assignee: | Rex Dieter <rdieter> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | rawhide | CC: | alon.barlev, fedora-package-review, notting, rdieter, supercyper1 |
| Target Milestone: | --- | Flags: | rdieter:
fedora-review+
gwync: fedora-cvs+ |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://delta.affinix.com/qca/ | ||
| Whiteboard: | |||
| Fixed In Version: | qca-pkcs11-2.0.0-0.1.fc15.beta2 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-07-23 01:55:38 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Juha Tuomala
2010-01-28 13:06:35 UTC
Cleaned rpmlint warning, same urls as above and new build: f11: http://koji.fedoraproject.org/koji/taskinfo?taskID=1949779 Note that this is somewhat pre-emptive packaging in light of this kde entry: https://bugs.kde.org/show_bug.cgi?id=116201 thou i'm not sure what the status for it is atm. MUST: naming, should follow pre-release naming guidelines, and use something like
Release: 0.1.beta2
MUST: %build, use -no-separate-debug-info build option, so that the usual -debuginfo pkg makes sense
SHOULD: add runtime dependency,
%{?_qt4_version:Requires: qt4%{?_isa} >= %{_qt4_version}}
licensing: should be License: LGPLv2+
$ rpmlint *.rpm x86_64/*.rpm
qca-pkcs11.src: W: spelling-error Summary(en_US) Smartcard -> Smart card, Smart-card, Smartness
qca-pkcs11.src: W: spelling-error %description -l en_US pkcs -> pecs, pics, pk cs
qca-pkcs11.src: W: spelling-error %description -l en_US smartcard -> smart card, smart-card, smartness
qca-pkcs11.src: W: spelling-error %description -l en_US decryption -> encryption, deception, description
qca-pkcs11.src:36: W: configure-without-libdir-spec
qca-pkcs11.x86_64: W: spelling-error Summary(en_US) Smartcard -> Smart card, Smart-card, Smartness
qca-pkcs11.x86_64: W: spelling-error %description -l en_US pkcs -> pecs, pics, pk cs
qca-pkcs11.x86_64: W: spelling-error %description -l en_US smartcard -> smart card, smart-card, smartness
qca-pkcs11.x86_64: W: spelling-error %description -l en_US decryption -> encryption, deception, description
qca-pkcs11-debuginfo.x86_64: W: spelling-error Summary(en_US) pkcs -> pecs, pics, pk cs
qca-pkcs11-debuginfo.x86_64: W: spelling-error %description -l en_US pkcs -> pecs, pics, pk cs
3 packages and 0 specfiles checked; 0 errors, 11 warnings.
patches: please document the need for qca-pkcs11.cpp.vsnprintf.patch , and please consult upstream.
The rest looks pretty simple and clean. address these items, and I think we have a winner.
> patches: please document the need for qca-pkcs11.cpp.vsnprintf.patch , and
> please consult upstream.
Where can I find the patch?
it's in the src.rpm, posted here for convenience too: http://rdieter.fedorapeople.org/rpms/pca-pkcs11/ Thanks!
Are you sure that the Qt developers solved the bug of vsprintf("%s", NULL) with all Qt version this package depends?
No idea, Juha? All qca plugin seems merged to qca in svn. See http://websvn.kde.org/trunk/kdesupport/qca/plugins/ ack, i become active with this asap, i'm loaded with work right now but that shoulnd't take long. ping? re: comment #9 ? Hi, I'm back with this. So rebuilt the package for f14: http://tuju.fi/fedora/14/qca-pkcs11.spec http://tuju.fi/fedora/14/qca-pkcs11.cpp.vsnprintf.patch http://tuju.fi/fedora/14/qca-pkcs11-2.0.0-1.fc14.beta2.src.rpm % rpmlint /home/tuju/PKGS/SRPMS/qca-pkcs11-2.0.0-1.fc14.beta2.src.rpm qca-pkcs11.src: W: spelling-error Summary(en_US) Smartcard -> Smart card, Smart-card, Smartness qca-pkcs11.src: W: spelling-error %description -l en_US smartcard -> smart card, smart-card, smartness qca-pkcs11.src:37: W: configure-without-libdir-spec 1 packages and 0 specfiles checked; 0 errors, 3 warnings. % qcatool2 plugins Qt Library Paths:/ /usr/lib64/qt4/plugins /usr/bin /usr/lib64/kde4/plugins Available Providers: qca-ossl This product includes cryptographic software written by Eric Young (eay) qca-pkcs11 % % qcatool2 keystore list-stores Card 200c [TUOMALA,JUHA *************,**************** (] Sys f1da [System Trusted Certificates] Unknown signature value: 795 Unknown signature value: 795 Unknown signature value: 668 Unknown signature value: 668 Unknown signature value: 668 Unknown signature value: 795 Unknown signature value: 668 Unknown signature value: 795 Unknown signature value: 668 % qcatool2 keystore list 200c Unknown signature value: 795 Unknown signature value: 795 Unknown signature value: 668 Unknown signature value: 668 Unknown signature value: 668 Unknown signature value: 795 Unknown signature value: 668 Unknown signature value: 795 Unknown signature value: 668 Key 1966 [TUOMALA,JUHA *************,****************] % qcatool2 show kb 200c:1966 Unknown signature value: 795 Unknown signature value: 795 Unknown signature value: 668 Unknown signature value: 668 Unknown signature value: 668 Unknown signature value: 795 Unknown signature value: 668 Unknown signature value: 795 Unknown signature value: 668 Keybundle contains 1 certificates. Displaying primary: Serial Number: **************** Subject Common Name (CN): TUOMALA,JUHA ********,************* Email Address: juha.*********.tuomala Organization (O): ESTEID Organizational Unit (OU): authentication Country Code (C): EE Issuer Common Name (CN): ESTEID-SK 2007 Organization (O): AS Sertifitseerimiskeskus Organizational Unit (OU): ESTEID Country Code (C): EE Validity Not before: Wed Sep 1 21:00:00 2010 Not after: Sun Aug 30 21:00:00 2015 Constraints Digital Signature Key Encipherment Data Encipherment Client Authentication Email Protection Policies 1.3.6.1.4.1.10015.1.1.2.2 Issuer Key ID: 4806debe8c875795807863fa9c232b2ba03a1875 Subject Key ID: 2227bb7571563c6a8afc6e6cd1cbb9d6b04bf955 CA: No Signature Algorithm: EMSA3(SHA1) Public Key: -----BEGIN PUBLIC KEY----- MIGgMA0GCSqGSIb3DQEBAQUAA4GOADCBigKBgQDQ1OnqTxu0koh3J0lQjuDBLP1/ kiiCpzy4mTaBfM4+dfVUDr2fy03/Ai9mIdvEOIqgWtQoP9OYiBNy91J4IZCWyQfn +Mdkoud9Xv6EW9rCScaBlhEm3RpfqpEQRrpr9laCP4Dzhd3pC+QGikm4Mx0M3jap PBkqOhJjSzzU/o5OqQIEAK9sGQ== -----END PUBLIC KEY----- SHA1 Fingerprint: a3:57:94:7d:e1:3e:8c:7b:6a:72:f7:06:3e:b2:d9:3c:e1:00:ca:37 MD5 Fingerprint: 83:bb:91:34:a1:21:ac:00:90:21:d6:c9:9b:c2:3e:72 It appears to work. I did not change the name from qca-pkcs11 to qca2-pkcs11, not sure should I. Alon, I dont' recall how that vsprintf("%s", NULL) went, it's been too long already. Do you have any better ideas for that? Scratch builds: f14: http://koji.fedoraproject.org/koji/taskinfo?taskID=3179505 f15: http://koji.fedoraproject.org/koji/taskinfo?taskID=3179508 raw: http://koji.fedoraproject.org/koji/taskinfo?taskID=3179511 Alon, is there any python bindings for qca? Didn't find anything. (In reply to comment #13) > Alon, is there any python bindings for qca? Didn't find anything. I don't think so it is pure Qt API. (In reply to comment #11) > I did not change the name from qca-pkcs11 to qca2-pkcs11, not sure should I. I don't think you should do this as the .so should be installed at qca2 prefix... at least this is how Gentoo installs it. > Alon, I dont' recall how that vsprintf("%s", NULL) went, it's been too long > already. Do you have any better ideas for that? Qt-4 had this bug or feature... so I wish to avoid using Qt's string printf. Anyway this is most for debug purposes so I do not think it is go no-go decision. In Qt-5 I will be recheck assumption... :) (In reply to comment #15) > I don't think you should do this as the .so should be installed at qca2 > prefix... at least this is how Gentoo installs it. Now it ends up to: /usr/lib64/qt4/plugins/crypto/libqca-pkcs11.so what should be named as qca2 - libqca2-pkcs... ? I don't have gentoo here where to check. (In reply to comment #16) > (In reply to comment #15) > > I don't think you should do this as the .so should be installed at qca2 > > prefix... at least this is how Gentoo installs it. > > Now it ends up to: > /usr/lib64/qt4/plugins/crypto/libqca-pkcs11.so > > what should be named as qca2 - libqca2-pkcs... ? I don't have gentoo here where > to check. I don't know redhat standards for side-by-side installations. Go ahead with what you have and what works. I see that /usr/share/qt4/mkspecs/features/crypto.prf permits to override the include and lib of qca but not of plugins... Off-band comments in #fedora-devel yielded --no-separate-debug-info option that prevents that debug-stuff. http://tuju.fi/fedora/14/qca-pkcs11.spec http://tuju.fi/fedora/14/qca-pkcs11-2.0.0-1.fc14.beta2.src.rpm f14: http://koji.fedoraproject.org/koji/taskinfo?taskID=3180864 f15: http://koji.fedoraproject.org/koji/taskinfo?taskID=3180860 raw: http://koji.fedoraproject.org/koji/taskinfo?taskID=3180852 Oh, and per my initial comment #3 , those items still seem to be largely un-addressed... to re-iterate: 1. fix release tag usage. 2. runtime dependancy on qt (only a SHOULD though) 3. license tag 4. documenting patches (In reply to comment #20) > Oh, and per my initial comment #3 , those items still seem to be largely > un-addressed... to re-iterate: > 1. fix release tag usage. Fixed. > 2. runtime dependancy on qt (only a SHOULD though) Fixed. > 3. license tag Fixed. > 4. documenting patches commented. http://tuju.fi/fedora/14/qca-pkcs11.spec http://tuju.fi/fedora/14/qca-pkcs11-2.0.0-1.fc14.beta2.src.rpm f14: http://koji.fedoraproject.org/koji/taskinfo?taskID=3180913 f15: http://koji.fedoraproject.org/koji/taskinfo?taskID=3180911 raw: http://koji.fedoraproject.org/koji/taskinfo?taskID=3180912 Thanks, looks better, APPROVED. New Package SCM Request ======================= Package Name: qca-pkcs11 Short Description: Smartcard integration for QCA Owners: tuju kalev Branches: f14 f15 InitialCC: tuju Thanks for everyone who helped. Git done (by process-git-requests). qca-pkcs11-2.0.0-0.1.fc14.beta2 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/qca-pkcs11-2.0.0-0.1.fc14.beta2 qca-pkcs11-2.0.0-0.1.fc15.beta2 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/qca-pkcs11-2.0.0-0.1.fc15.beta2 Alon, for some reason qcatool2 to work, i need to 'milk' the underlying system with pkcs15-tool -c couple times to make reader lights to blink. Then qcatool2 starts working too. It could be pcsc-lite or opensc issue I guess, but without 'milking' it with those tools, it's more or less dead. Have you noticed anything similar? Can you please correlate this behavior with the success of pkcs11-tool --list-objects behavior? I guess you experience same issues with pkcs11-tool, although it has an advantage of loading/unloading the provider each cycle. % pkcs11-tool --module /usr/lib64/opensc-pkcs11.so --list-objects No slot with a token was found. % qcatool2 show kb 200c:1966 just hangs. (note the mandatory --module these days). % pkcs15-tool -c Using reader with a card: OmniKey CardMan 3121 00 00 PKCS#15 binding failed: Wrong length % pkcs15-tool -c Using reader with a card: OmniKey CardMan 3121 00 00 X.509 Certificate [Isikutuvastus] . . . and then everything works, even the --list-objects, qcatool2 etc. I think you should take this to OpenSC list... It is not related to other software... qca-pkcs11-2.0.0-0.1.fc14.beta2 has been pushed to the Fedora 14 testing repository. qca-pkcs11-2.0.0-0.1.fc14.beta2 has been pushed to the Fedora 14 stable repository. qca-pkcs11-2.0.0-0.1.fc15.beta2 has been pushed to the Fedora 15 stable repository. |