Spec: http://tuju.fi/fedora/11/qca-pkcs11.spec SRPM: http://tuju.fi/fedora/11/qca-pkcs11-2.0.0-1.fc11.src.rpm F11: http://tuju.fi/fedora/11/qca-pkcs11-2.0.0-1.fc11.src.rpm Description: qca-pkcs11 enables QCA smartcard integration. The following features are supported: - Multiple providers. - Multiple tokens. - Private key signature and decryption. - Keystore objects serialization. - Keystore update notifications. - Asker integration for token and PIN. I wonder should this be named as qca2-pkcs11 since main packages are evading conflicts with 1.x packages with version naming. (even thou they conflict anyway). Apparently at some point the 2 will be dropped from names and thus I'm more inclined to keep it as it is.
Cleaned rpmlint warning, same urls as above and new build: f11: http://koji.fedoraproject.org/koji/taskinfo?taskID=1949779
Note that this is somewhat pre-emptive packaging in light of this kde entry: https://bugs.kde.org/show_bug.cgi?id=116201 thou i'm not sure what the status for it is atm.
MUST: naming, should follow pre-release naming guidelines, and use something like Release: 0.1.beta2 MUST: %build, use -no-separate-debug-info build option, so that the usual -debuginfo pkg makes sense SHOULD: add runtime dependency, %{?_qt4_version:Requires: qt4%{?_isa} >= %{_qt4_version}} licensing: should be License: LGPLv2+ $ rpmlint *.rpm x86_64/*.rpm qca-pkcs11.src: W: spelling-error Summary(en_US) Smartcard -> Smart card, Smart-card, Smartness qca-pkcs11.src: W: spelling-error %description -l en_US pkcs -> pecs, pics, pk cs qca-pkcs11.src: W: spelling-error %description -l en_US smartcard -> smart card, smart-card, smartness qca-pkcs11.src: W: spelling-error %description -l en_US decryption -> encryption, deception, description qca-pkcs11.src:36: W: configure-without-libdir-spec qca-pkcs11.x86_64: W: spelling-error Summary(en_US) Smartcard -> Smart card, Smart-card, Smartness qca-pkcs11.x86_64: W: spelling-error %description -l en_US pkcs -> pecs, pics, pk cs qca-pkcs11.x86_64: W: spelling-error %description -l en_US smartcard -> smart card, smart-card, smartness qca-pkcs11.x86_64: W: spelling-error %description -l en_US decryption -> encryption, deception, description qca-pkcs11-debuginfo.x86_64: W: spelling-error Summary(en_US) pkcs -> pecs, pics, pk cs qca-pkcs11-debuginfo.x86_64: W: spelling-error %description -l en_US pkcs -> pecs, pics, pk cs 3 packages and 0 specfiles checked; 0 errors, 11 warnings. patches: please document the need for qca-pkcs11.cpp.vsnprintf.patch , and please consult upstream. The rest looks pretty simple and clean. address these items, and I think we have a winner.
> patches: please document the need for qca-pkcs11.cpp.vsnprintf.patch , and > please consult upstream. Where can I find the patch?
it's in the src.rpm, posted here for convenience too: http://rdieter.fedorapeople.org/rpms/pca-pkcs11/
Thanks! Are you sure that the Qt developers solved the bug of vsprintf("%s", NULL) with all Qt version this package depends?
No idea, Juha?
All qca plugin seems merged to qca in svn. See http://websvn.kde.org/trunk/kdesupport/qca/plugins/
ack, i become active with this asap, i'm loaded with work right now but that shoulnd't take long.
ping? re: comment #9 ?
Hi, I'm back with this. So rebuilt the package for f14: http://tuju.fi/fedora/14/qca-pkcs11.spec http://tuju.fi/fedora/14/qca-pkcs11.cpp.vsnprintf.patch http://tuju.fi/fedora/14/qca-pkcs11-2.0.0-1.fc14.beta2.src.rpm % rpmlint /home/tuju/PKGS/SRPMS/qca-pkcs11-2.0.0-1.fc14.beta2.src.rpm qca-pkcs11.src: W: spelling-error Summary(en_US) Smartcard -> Smart card, Smart-card, Smartness qca-pkcs11.src: W: spelling-error %description -l en_US smartcard -> smart card, smart-card, smartness qca-pkcs11.src:37: W: configure-without-libdir-spec 1 packages and 0 specfiles checked; 0 errors, 3 warnings. % qcatool2 plugins Qt Library Paths:/ /usr/lib64/qt4/plugins /usr/bin /usr/lib64/kde4/plugins Available Providers: qca-ossl This product includes cryptographic software written by Eric Young (eay) qca-pkcs11 % % qcatool2 keystore list-stores Card 200c [TUOMALA,JUHA *************,**************** (] Sys f1da [System Trusted Certificates] Unknown signature value: 795 Unknown signature value: 795 Unknown signature value: 668 Unknown signature value: 668 Unknown signature value: 668 Unknown signature value: 795 Unknown signature value: 668 Unknown signature value: 795 Unknown signature value: 668 % qcatool2 keystore list 200c Unknown signature value: 795 Unknown signature value: 795 Unknown signature value: 668 Unknown signature value: 668 Unknown signature value: 668 Unknown signature value: 795 Unknown signature value: 668 Unknown signature value: 795 Unknown signature value: 668 Key 1966 [TUOMALA,JUHA *************,****************] % qcatool2 show kb 200c:1966 Unknown signature value: 795 Unknown signature value: 795 Unknown signature value: 668 Unknown signature value: 668 Unknown signature value: 668 Unknown signature value: 795 Unknown signature value: 668 Unknown signature value: 795 Unknown signature value: 668 Keybundle contains 1 certificates. Displaying primary: Serial Number: **************** Subject Common Name (CN): TUOMALA,JUHA ********,************* Email Address: juha.*********.tuomala Organization (O): ESTEID Organizational Unit (OU): authentication Country Code (C): EE Issuer Common Name (CN): ESTEID-SK 2007 Organization (O): AS Sertifitseerimiskeskus Organizational Unit (OU): ESTEID Country Code (C): EE Validity Not before: Wed Sep 1 21:00:00 2010 Not after: Sun Aug 30 21:00:00 2015 Constraints Digital Signature Key Encipherment Data Encipherment Client Authentication Email Protection Policies 1.3.6.1.4.1.10015.1.1.2.2 Issuer Key ID: 4806debe8c875795807863fa9c232b2ba03a1875 Subject Key ID: 2227bb7571563c6a8afc6e6cd1cbb9d6b04bf955 CA: No Signature Algorithm: EMSA3(SHA1) Public Key: -----BEGIN PUBLIC KEY----- MIGgMA0GCSqGSIb3DQEBAQUAA4GOADCBigKBgQDQ1OnqTxu0koh3J0lQjuDBLP1/ kiiCpzy4mTaBfM4+dfVUDr2fy03/Ai9mIdvEOIqgWtQoP9OYiBNy91J4IZCWyQfn +Mdkoud9Xv6EW9rCScaBlhEm3RpfqpEQRrpr9laCP4Dzhd3pC+QGikm4Mx0M3jap PBkqOhJjSzzU/o5OqQIEAK9sGQ== -----END PUBLIC KEY----- SHA1 Fingerprint: a3:57:94:7d:e1:3e:8c:7b:6a:72:f7:06:3e:b2:d9:3c:e1:00:ca:37 MD5 Fingerprint: 83:bb:91:34:a1:21:ac:00:90:21:d6:c9:9b:c2:3e:72 It appears to work. I did not change the name from qca-pkcs11 to qca2-pkcs11, not sure should I. Alon, I dont' recall how that vsprintf("%s", NULL) went, it's been too long already. Do you have any better ideas for that?
Scratch builds: f14: http://koji.fedoraproject.org/koji/taskinfo?taskID=3179505 f15: http://koji.fedoraproject.org/koji/taskinfo?taskID=3179508 raw: http://koji.fedoraproject.org/koji/taskinfo?taskID=3179511
Alon, is there any python bindings for qca? Didn't find anything.
(In reply to comment #13) > Alon, is there any python bindings for qca? Didn't find anything. I don't think so it is pure Qt API.
(In reply to comment #11) > I did not change the name from qca-pkcs11 to qca2-pkcs11, not sure should I. I don't think you should do this as the .so should be installed at qca2 prefix... at least this is how Gentoo installs it. > Alon, I dont' recall how that vsprintf("%s", NULL) went, it's been too long > already. Do you have any better ideas for that? Qt-4 had this bug or feature... so I wish to avoid using Qt's string printf. Anyway this is most for debug purposes so I do not think it is go no-go decision. In Qt-5 I will be recheck assumption... :)
(In reply to comment #15) > I don't think you should do this as the .so should be installed at qca2 > prefix... at least this is how Gentoo installs it. Now it ends up to: /usr/lib64/qt4/plugins/crypto/libqca-pkcs11.so what should be named as qca2 - libqca2-pkcs... ? I don't have gentoo here where to check.
(In reply to comment #16) > (In reply to comment #15) > > I don't think you should do this as the .so should be installed at qca2 > > prefix... at least this is how Gentoo installs it. > > Now it ends up to: > /usr/lib64/qt4/plugins/crypto/libqca-pkcs11.so > > what should be named as qca2 - libqca2-pkcs... ? I don't have gentoo here where > to check. I don't know redhat standards for side-by-side installations. Go ahead with what you have and what works.
I see that /usr/share/qt4/mkspecs/features/crypto.prf permits to override the include and lib of qca but not of plugins...
Off-band comments in #fedora-devel yielded --no-separate-debug-info option that prevents that debug-stuff. http://tuju.fi/fedora/14/qca-pkcs11.spec http://tuju.fi/fedora/14/qca-pkcs11-2.0.0-1.fc14.beta2.src.rpm f14: http://koji.fedoraproject.org/koji/taskinfo?taskID=3180864 f15: http://koji.fedoraproject.org/koji/taskinfo?taskID=3180860 raw: http://koji.fedoraproject.org/koji/taskinfo?taskID=3180852
Oh, and per my initial comment #3 , those items still seem to be largely un-addressed... to re-iterate: 1. fix release tag usage. 2. runtime dependancy on qt (only a SHOULD though) 3. license tag 4. documenting patches
(In reply to comment #20) > Oh, and per my initial comment #3 , those items still seem to be largely > un-addressed... to re-iterate: > 1. fix release tag usage. Fixed. > 2. runtime dependancy on qt (only a SHOULD though) Fixed. > 3. license tag Fixed. > 4. documenting patches commented. http://tuju.fi/fedora/14/qca-pkcs11.spec http://tuju.fi/fedora/14/qca-pkcs11-2.0.0-1.fc14.beta2.src.rpm f14: http://koji.fedoraproject.org/koji/taskinfo?taskID=3180913 f15: http://koji.fedoraproject.org/koji/taskinfo?taskID=3180911 raw: http://koji.fedoraproject.org/koji/taskinfo?taskID=3180912
Thanks, looks better, APPROVED.
New Package SCM Request ======================= Package Name: qca-pkcs11 Short Description: Smartcard integration for QCA Owners: tuju kalev Branches: f14 f15 InitialCC: tuju
Thanks for everyone who helped.
Git done (by process-git-requests).
qca-pkcs11-2.0.0-0.1.fc14.beta2 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/qca-pkcs11-2.0.0-0.1.fc14.beta2
qca-pkcs11-2.0.0-0.1.fc15.beta2 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/qca-pkcs11-2.0.0-0.1.fc15.beta2
Alon, for some reason qcatool2 to work, i need to 'milk' the underlying system with pkcs15-tool -c couple times to make reader lights to blink. Then qcatool2 starts working too. It could be pcsc-lite or opensc issue I guess, but without 'milking' it with those tools, it's more or less dead. Have you noticed anything similar?
Can you please correlate this behavior with the success of pkcs11-tool --list-objects behavior? I guess you experience same issues with pkcs11-tool, although it has an advantage of loading/unloading the provider each cycle.
% pkcs11-tool --module /usr/lib64/opensc-pkcs11.so --list-objects No slot with a token was found. % qcatool2 show kb 200c:1966 just hangs. (note the mandatory --module these days). % pkcs15-tool -c Using reader with a card: OmniKey CardMan 3121 00 00 PKCS#15 binding failed: Wrong length % pkcs15-tool -c Using reader with a card: OmniKey CardMan 3121 00 00 X.509 Certificate [Isikutuvastus] . . . and then everything works, even the --list-objects, qcatool2 etc.
I think you should take this to OpenSC list... It is not related to other software...
qca-pkcs11-2.0.0-0.1.fc14.beta2 has been pushed to the Fedora 14 testing repository.
qca-pkcs11-2.0.0-0.1.fc14.beta2 has been pushed to the Fedora 14 stable repository.
qca-pkcs11-2.0.0-0.1.fc15.beta2 has been pushed to the Fedora 15 stable repository.