Ubuntu
firefox package

Bug #1967632
Comment #16

Comment 16 for bug 1967632

Revision history for this message

Luca Ferroni (liuck) wrote on 2022-08-26:

#16

Guys, it works for me!
It's weird but somehow it works :-)

More than my previous not working comment https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1967632/comments/9
I have added:

- the libacsccid1 package
- rw access to the unix socket /run/pcscd/pcscd.comm in the apparmor profile

Summarizing the solution again:

# apt install libacsccid1 pcscd
# mkdir /etc/apparmor.d/abstractions/p11-kit.d/
# echo "/run/user/[0-9]*/** mr," > /etc/apparmor.d/abstractions/p11-kit.d/snap
# echo "/run/pcscd/pcscd.comm rw," >> /etc/apparmor.d/abstractions/p11-kit.d/snap

add "#include <abstractions/p11-kit>" in /var/lib/snapd/apparmor/profiles/snap.firefox.firefox after #include <abstractions/openssl>

# apparmor_parser -v -C -r /var/lib/snapd/apparmor/profiles/snap.firefox.firefox

Then in Firefox -> Settings -> Privacy and Security -> Security devices
Load -> name: ACS ACR38U in my case, but can be anything you want, module: /usr/share/bit4id/x/libbit4xpki.so

That's for my card, my reader and my module. And note: my FF is in Italian, translation may differ a bit in English.

Further weird notes:

1. The first time I try to access after a reboot, I go to the webpage https://dichiarazioneprecompilata.agenziaentrate.gov.it and FF ask me for the PIN (with a system dialog). I insert the PIN and FF ask me again for the PIN in an infinite cycle, I have to kill FF. But the second time and following times I access the page it works like a charm even in Incognito mode. Weird, but I can live with it. I seldom use smart card.

2. Another strange thing that happened while I was trying to isolate the right steps to publish here is that I removed rw access to pcscd.comm socket in apparmor profile and FF kept working! Even after a restart, and even in Incognito mode. So I have rebooted the system in order to be sure that rw access to the socket would be a requirement, and that's it.

3. I don't know why Firefox does not let me load the /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so module. It complains with the message "Unable to add module" :-(
even if I add `/usr/lib/x86_64-linux-gnu/** rm,` in /etc/apparmor.d/abstractions/p11-kit.d/snap apparmor profile.

Differences between opensc-pkcs11.so and libbit4xpki.so

file /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so /usr/lib/bit4id/libbit4xpki.so

/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=de5eb51ea9145d2bfd9428110736825895bb56f4, stripped

/usr/lib/bit4id/libbit4xpki.so: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=825713056df8eb66f78817284b4ec2c7a2d8c26b, not stripped

My environment is:

Ubuntu 22.04.1 LTS
Codename: jammy
Mozilla Firefox 104.0

I think that's all my story, if there is something else or attempts I can make in my environment, please ask, I remain here available.