Bug 369031 - ESC incompatible with OS X Leopard
ESC incompatible with OS X Leopard
Status: CLOSED ERRATA
Product: Red Hat Certificate System
Classification: Red Hat
Component: ESC (Show other bugs)
7.3
All Mac OS
urgent Severity high
: ---
: ---
Assigned To: Jack Magne
Chandrasekar Kannan
:
Depends On:
Blocks: 445047 512842
  Show dependency treegraph
 
Reported: 2007-11-06 16:57 EST by Timothy J. Miller
Modified: 2015-01-04 18:29 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-06-01 15:43:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to get ESC working on Leopard. (8.51 KB, patch)
2010-03-05 18:33 EST, Jack Magne
no flags Details | Diff
Patch to improve installer (3.44 KB, patch)
2010-04-01 16:40 EDT, Jack Magne
no flags Details | Diff
Latest installer screen shots (119.67 KB, image/png)
2010-04-07 14:25 EDT, Jack Magne
no flags Details
Upgraded installer screen shots. (141.94 KB, image/png)
2010-04-07 14:26 EDT, Jack Magne
no flags Details
Upgraded installer screen shots. (95.65 KB, image/png)
2010-04-07 14:27 EDT, Jack Magne
no flags Details

  None (edit)
Description Timothy J. Miller 2007-11-06 16:57:30 EST
Description of problem:
1. ESC launches and occasionally crashes (xulrunner-bin throws a memory exception).
2. When it runs, cards need to be inserted twice before recognized.
3. When card is recognized, ESC doesn't see the card removal.

We haven't yet tried formatting and enrolling but I'm not holding out high hopes.

Version-Release number of selected component (if applicable):
SmartCardManager 1.15, coolkey 1.1.0

How reproducible:
Always.

Steps to Reproduce:
1.  Install Leopard.
2.  Install SmartCardManager.
3.  Try to work.
  
Actual results:
See above.

Expected results:
Functional software.  :)

Additional info:
Can we use this as a placeholder for Leopard incompatibilities or do you want to track them all 
separately?
Comment 1 Jack Magne 2007-11-26 17:05:36 EST
Did a quick test with Leopard 10.5.1.

The issues with the egate smart cards remain, but I was not seeing ESC go down.
I also tried the Gemalto 64K cards and was seeing an issue where CoolKey could
not easily connect to the card. This behavior is unlike what we see on Tiger but
it is possible this issue can be massaged at the CoolKey level. Further
investigation required.
Comment 3 Jack Magne 2010-03-05 18:33:13 EST
Created attachment 398160 [details]
Patch to get ESC working on Leopard.
Comment 4 Matthew Harmsen 2010-03-15 20:43:33 EDT
attachment (id=398160) +mharmsen
Comment 5 Jack Magne 2010-03-16 19:14:33 EDT
cvs -d $CVSROOT  commit -m "Bug 369031 - ESC incompatible with OS X Leopard." 

Checking in src/app/xpcom/Makefile.sdk;
/cvs/dirsec/esc/src/app/xpcom/Makefile.sdk,v  <--  Makefile.sdk
new revision: 1.4.2.2; previous revision: 1.4.2.1
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in src/app/xpcom/tray/Makefile.sdk;
/cvs/dirsec/esc/src/app/xpcom/tray/Makefile.sdk,v  <--  Makefile.sdk
new revision: 1.2.2.1; previous revision: 1.2
done
Checking in src/app/xpcom/tray/rhMacTray.cpp;
/cvs/dirsec/esc/src/app/xpcom/tray/rhMacTray.cpp,v  <--  rhMacTray.cpp
new revision: 1.5.6.1; previous revision: 1.5
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in src/app/xul/esc/application.ini;
/cvs/dirsec/esc/src/app/xul/esc/application.ini,v  <--  application.ini
new revision: 1.9.2.3; previous revision: 1.9.2.2
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in src/app/xul/esc/chrome/content/esc/ESC.js;
/cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc/ESC.js,v  <--  ESC.js
new revision: 1.24.2.3; previous revision: 1.24.2.2
done
Checking in src/app/xul/esc/chrome/content/esc/GenericAuth.xul;
/cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc/GenericAuth.xul,v  <--  GenericAuth.xul
new revision: 1.6.2.1; previous revision: 1.6
done
Checking in src/app/xul/esc/chrome/content/esc/hiddenWindow.xul;
/cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc/hiddenWindow.xul,v  <--  hiddenWindow.xul
new revision: 1.1.8.1; previous revision: 1.1
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in src/app/xul/esc/chrome/locale/en-US/esc.dtd;
/cvs/dirsec/esc/src/app/xul/esc/chrome/locale/en-US/esc.dtd,v  <--  esc.dtd
new revision: 1.6.2.1; previous revision: 1.6
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in src/app/xul/esc/components/escCLH.js;
/cvs/dirsec/esc/src/app/xul/esc/components/escCLH.js,v  <--  escCLH.js
new revision: 1.4.2.1; previous revision: 1.4
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in src/lib/NssHttpClient/manifest.mn;
/cvs/dirsec/esc/src/lib/NssHttpClient/manifest.mn,v  <--  manifest.mn
new revision: 1.5.2.1; previous revision: 1.5
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in src/lib/coolkey/CoolKey.cpp;
/cvs/dirsec/esc/src/lib/coolkey/CoolKey.cpp,v  <--  CoolKey.cpp
new revision: 1.11.2.1; previous revision: 1.11
done
Checking in src/lib/coolkey/Mac-universal.mk;
/cvs/dirsec/esc/src/lib/coolkey/Mac-universal.mk,v  <--  Mac-universal.mk
new revision: 1.2.8.1; previous revision: 1.2
done
Checking in src/lib/coolkey/SmartCardMonitoringThread.cpp;
/cvs/dirsec/esc/src/lib/coolkey/SmartCardMonitoringThread.cpp,v  <--  SmartCardMonitoringThread.cpp
new revision: 1.5.2.2; previous revision: 1.5.2.1
done
Checking in src/lib/coolkey/common.mk;
/cvs/dirsec/esc/src/lib/coolkey/common.mk,v  <--  common.mk
new revision: 1.2.6.1; previous revision: 1.2
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Comment 6 Jack Magne 2010-03-16 20:53:50 EDT
Trunk:

cvs -d $CVSROOT  commit -m "Bug 369031 - ESC incompatible with OS X Leopard."

Checking in mac/mac-build.sh;
/cvs/dirsec/esc/mac/mac-build.sh,v  <--  mac-build.sh
new revision: 1.5; previous revision: 1.4
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in mac/coolkey_package_data/Info.plist;
/cvs/dirsec/esc/mac/coolkey_package_data/Info.plist,v  <--  Info.plist
new revision: 1.2; previous revision: 1.1
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in mac/coolkey_package_data/Resources/postflight;
/cvs/dirsec/esc/mac/coolkey_package_data/Resources/postflight,v  <--  postflight
new revision: 1.2; previous revision: 1.1
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in mac/misc/libtool.coolkey.patch;
/cvs/dirsec/esc/mac/misc/libtool.coolkey.patch,v  <--  libtool.coolkey.patch
new revision: 1.2; previous revision: 1.1
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in src/app/xpcom/Makefile.sdk;
/cvs/dirsec/esc/src/app/xpcom/Makefile.sdk,v  <--  Makefile.sdk
new revision: 1.5; previous revision: 1.4
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in src/app/xpcom/tray/Makefile.sdk;
/cvs/dirsec/esc/src/app/xpcom/tray/Makefile.sdk,v  <--  Makefile.sdk
new revision: 1.3; previous revision: 1.2
done
Checking in src/app/xpcom/tray/rhMacTray.cpp;
/cvs/dirsec/esc/src/app/xpcom/tray/rhMacTray.cpp,v  <--  rhMacTray.cpp
new revision: 1.6; previous revision: 1.5
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in src/app/xul/esc/application.ini;
/cvs/dirsec/esc/src/app/xul/esc/application.ini,v  <--  application.ini
new revision: 1.11; previous revision: 1.10
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in src/app/xul/esc/chrome/content/esc/ESC.js;
/cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc/ESC.js,v  <--  ESC.js
new revision: 1.30; previous revision: 1.29
done
Checking in src/app/xul/esc/chrome/content/esc/GenericAuth.xul;
/cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc/GenericAuth.xul,v  <--  GenericAuth.xul
new revision: 1.7; previous revision: 1.6
cvs diff: [00:43:53] waiting for jmagne's lock in /cvs/dirsec/esc/mac
done
Checking in src/app/xul/esc/chrome/content/esc/hiddenWindow.xul;
/cvs/dirsec/esc/src/app/xul/esc/chrome/content/esc/hiddenWindow.xul,v  <--  hiddenWindow.xul
new revision: 1.2; previous revision: 1.1
cvs diff: [00:43:53] waiting for jmagne's lock in /cvs/dirsec/esc/mac/coolkey_package_data
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in src/app/xul/esc/chrome/locale/en-US/esc.dtd;
/cvs/dirsec/esc/src/app/xul/esc/chrome/locale/en-US/esc.dtd,v  <--  esc.dtd
new revision: 1.7; previous revision: 1.6
cvs diff: [00:43:53] waiting for jmagne's lock in /cvs/dirsec/esc/mac/coolkey_package_data/Resources
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in src/app/xul/esc/components/escCLH.js;
/cvs/dirsec/esc/src/app/xul/esc/components/escCLH.js,v  <--  escCLH.js
new revision: 1.5; previous revision: 1.4
cvs diff: [00:43:54] waiting for jmagne's lock in /cvs/dirsec/esc/mac/misc
done
cvs diff: [00:43:54] waiting for jmagne's lock in /cvs/dirsec/esc/src/app/xpcom
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in src/lib/NssHttpClient/manifest.mn;
/cvs/dirsec/esc/src/lib/NssHttpClient/manifest.mn,v  <--  manifest.mn
new revision: 1.6; previous revision: 1.5
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Checking in src/lib/coolkey/CoolKey.cpp;
/cvs/dirsec/esc/src/lib/coolkey/CoolKey.cpp,v  <--  CoolKey.cpp
new revision: 1.12; previous revision: 1.11
cvs diff: [00:43:54] waiting for jmagne's lock in /cvs/dirsec/esc/src/app/xpcom/tray
done
Checking in src/lib/coolkey/Mac-universal.mk;
/cvs/dirsec/esc/src/lib/coolkey/Mac-universal.mk,v  <--  Mac-universal.mk
new revision: 1.3; previous revision: 1.2
done
Checking in src/lib/coolkey/SmartCardMonitoringThread.cpp;
/cvs/dirsec/esc/src/lib/coolkey/SmartCardMonitoringThread.cpp,v  <--  SmartCardMonitoringThread.cpp
new revision: 1.7; previous revision: 1.6
done
Checking in src/lib/coolkey/common.mk;
/cvs/dirsec/esc/src/lib/coolkey/common.mk,v  <--  common.mk
new revision: 1.3; previous revision: 1.2
cvs diff: [00:43:54] waiting for jmagne's lock in /cvs/dirsec/esc/src/app/xul/esc
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Comment 7 Jack Magne 2010-03-18 18:56:56 EDT
Documentation Text:

For the recent past, ESC and the CoolKey PKCS#11 driver has not operated properly in Mac OS X 10.5 or Leopard. Much of this was due to incorrect interaction with ESC/CoolKey and the SmartCardServices component that is shipped and maintained by Apple.

SmartCardServices consists of crucial smart card systems such as the pcsc-lite smart card daemon and the ccid smart card reader driver.

The events pointing towards a working ESC on OS X 10.5 are a combination of fixes done by Apple to the SmartCardServices package and some tweaks we have performed to ESC.

In order to make sure everything works properly do the following:

1. Make sure that OS X Leopard is upgraded to at least the 10.5.8 level.

2. Install the latest SmartCardManager package for ESC.

Some of the things that now work properly are the following:

1. ESC/CoolKey can now recognize tokens such as the Safenet 330J that use Protocol T1 instead of the previously more common T0 protocol.

2. ESC can now accept an enrolled token and not interfere with the CoolKey TokendD driver and the other TokenD drivers already installed on the system.

3. The CoolKey TokenD driver will no longer get confused with the other installed TokenD drivers when inserting a legal enrolled CoolKey token.
Comment 8 Jack Magne 2010-04-01 16:40:49 EDT
Created attachment 404094 [details]
Patch to improve installer
Comment 9 Matthew Harmsen 2010-04-06 18:47:10 EDT
attachment (id=404094) +mharmsen
Comment 10 Jack Magne 2010-04-06 19:26:22 EDT
Installer improvements:

Branch:

Checking in InstallationCheck;
/cvs/dirsec/esc/mac/coolkey_package_data/Resources/Attic/InstallationCheck,v  <--  InstallationCheck
new revision: 1.1.2.1; previous revision: 1.1
done
RCS file: /cvs/dirsec/esc/mac/coolkey_package_data/Resources/Attic/InstallationCheck.strings,v
done
Checking in InstallationCheck.strings;
/cvs/dirsec/esc/mac/coolkey_package_data/Resources/Attic/InstallationCheck.strings,v  <--  InstallationCheck.strings
new revision: 1.1.2.1; previous revision: 1.1
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.


Trunk:

Checking in InstallationCheck;
/cvs/dirsec/esc/mac/coolkey_package_data/Resources/InstallationCheck,v  <--  InstallationCheck
new revision: 1.2; previous revision: 1.1
done
Checking in InstallationCheck.strings;
/cvs/dirsec/esc/mac/coolkey_package_data/Resources/InstallationCheck.strings,v  <--  InstallationCheck.strings
new revision: 1.2; previous revision: 1.1
done
Running syncmail...
Mailing relnotes@fedoraproject.org...
...syncmail done.
Running syncmail...
Mailing cvsdirsec@fedoraproject.org...
...syncmail done.
Comment 11 Jack Magne 2010-04-07 14:25:11 EDT
Created attachment 405053 [details]
Latest installer screen shots
Comment 12 Jack Magne 2010-04-07 14:26:46 EDT
Created attachment 405054 [details]
Upgraded installer screen shots.
Comment 13 Jack Magne 2010-04-07 14:27:26 EDT
Created attachment 405055 [details]
Upgraded installer screen shots.
Comment 14 Jack Magne 2010-04-16 17:29:20 EDT
How To Test:

1. Run the installer for ESC on Mac named something like:  	SmartCardManager-1.1.0-<build-number>.OSX5.darwin.dmg. Make sure that the software installs properly and the installation does not conflict with the current state of the system.

2. Perform the basic ESC operational tests as usually done on all platforms. These consist of basic operations such as Formatting, Enrolling, and Resetting the PIN on tokens.

3. Make sure the various token insertion and removal events are recognized reasonably.

4. Verify that the CoolKey TokenD launches and operates properly. Detailed instructions for this can be found in the following related bug:

https://bugzilla.redhat.com/show_bug.cgi?id=239891

5. Test out the simple ESC menu choices for the Mac present in both the main menu and the dock icon menu at the bottom.
Comment 15 Jack Magne 2010-04-16 17:32:02 EDT
Test Cont:

6. Make sure the the normal cryptographic tests using the CoolKey PKCS#11 module as imported into the Firefox browser can be done.
Comment 17 Asha Akkiangady 2010-05-20 15:54:37 EDT
On a MAC OS X 10.5.8 desktop installed SmartCardManager-1.1.0-11.OSX5.darwin.dmg. Tried un-install and install few times, no installation issues.

Basic ESC operations such as Formating, Enrolling and Pin Reset works fine.

Token insertion/removal events are recognized reasonably with Safenet 330J with SCR331 reader and Gemalto 64K token.

Tested Coolkey TokenD operations by sending/reading encrypted e-mails in Apple Mail and using Safari browser visit TPS client auth protected web page. Details are in 'How To Test' section of https://bugzilla.redhat.com/show_bug.cgi?id=239891.

Tested simple ESC menu choice for the Mac present in both the main
menu (Hide ESC) and the dock icon menu (Manage Smart Cards, Keep in Dock, Open at Login-Checked, Show in Finder, Hide, Quit, Remove From Dock, Open at Login-Unchecked and Show) which is at the bottom.   

Normal cryptographic tests such as visiting secure websites works fine when the Coolkey PKCS#11 module is imported into Firefox browser. When the Coolkey PKCS#11 module imported into Thunderbird, Sending/Reading encrypted e-mails works fine.

Marking the bug verified.
Comment 18 errata-xmlrpc 2010-06-01 15:43:06 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2010-0448.html

Note You need to log in before you can comment on or make changes to this bug.