Tinkering with Linux & OSX

8 January 2017

Belgian eID with Ubuntu

Jan 2017

Works with Firefox

Drivers for smart card reader (OMNI 1032)

Install libraries

sudo apt-get install pcscd libnss3

Install device drivers

./ifdokccid_linux_x86_64-v4.0.5.5/

Configure everything

sudo modutil -dbdir sql:.pki/nssdb/ -add "Belgium eID" -libfile /usr/lib/x86_64-linux-gnu/libbeidpkcs11.so.0

EId software

Download and install archive file from ... to get PGP keys

sudo apt-get install eid-mw

sudo apt-get install eid-viewer

Start firefox

7 November 2016

Wordpress on Ubuntu user edition

(Updated for Ubuntu 13.10)

Install LAMP

sudo apt-get install tasksel
sudo tasksel install lamp-server
You may also want to install phpmyadmin~~, and I needed php-curl too~~
Edit apache.conf to get rid of startup message, i.e.

Add ServerName localhost to apache.conf

(Along the way you'll need to add a root password for MySQL, and check that /etc/hosts has a good entry for your IP address so that Apache will run.)

Enable user directories in Apache

I set up my beta website in a home directory as it avoid lots of permissions issues. To turn on user directories:

sudo a2enmod userdir
Enable php in user directories: edit /etc/apache2/mods-enabled/php5.conf
enable rewrite commands in .htaccess for nice permalinks: sudo a2enmod rewrite
sudo service apache2 restart

Using a non-standard port

My ISP does not allow servers on port 80 but does permit them on other ports. Based on these instructions I

edit /etc/apache2/ports.conf to read:

Listen 80

Listen 6111

create a new file in /etc/apache2/sites-available with the following content

<VirtualHost *:6111>
ServerAdmin webmaster@localhost
DocumentRoot /home/[name]/public_html
<Directory /home/[name]/public_html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
</VirtualHost>
Listen 6111

And link this file to the sites-enabled directory

sudo ln -n sites-available/61112.conf sites-enabled/

(Tweak firewall if necessary, and recreate mysql user names with 'localhost' privileges.)

Additional steps

Configure MySQL: (Re-)Create the database user, import the MySQL backup, and reattach privileges.
Install Ruby via Software Centre
Install compass (which installs Sass)
Install sublime sass highlighting package controller

29 August 2015

TaxOnWeb, OSX and Chrome

Aug 2015 - working

eID viewer leads OSX to try to install Java 6, which is old and a security risk
Sometimes need to reboot (perhaps just login again) to enable Chrome to find my card reader and card

June 2013: working

I believe that the Belgian government website went heavily with Microsoft for its electronic ID cards, and that means Belgian citizens and residents that are not Microsoft slaves have had a much tougher time using eGovernment.

And so it was for several years, but the newest version of the middleware does work with Chrome for OSX (Mountain Lion) and Tax-On-Web can be accessed.

22 April 2014

TaxOnWeb with Ubuntu and Chrome

March 2016 / Ubuntu 15.10 - partially working

Needed to use

modutil -dbdir sql:.pki/nssdb/ -add "Belgium eID" -libfile /usr/lib/x86_64-linux-gnu/libbeidpkcs11.so.0

May 2015 - sometimes works

Ubuntu 15.04

I needed to delete all of .pki/nssb/* and use

modutil -dbdir sql:.pki/nssdb/ -add "Belgium eID" -libfile /usr/lib/x86_64-linux-gnu/libbeidpkcs11.so

to get it working.

April 2014 - Working :-)

Ubuntu 14.10

Smartcard reader - HID Global 1021 (no longer commercialised)

Bud-gets card does not work for me.

Following the instructions from the Wiki, namely:

modutil -dbdir sql:.pki/nssdb/ -add "Belgium eID" -libfile /usr/lib/libbeidpkcs11.so
the driver was loaded and could be detected via

modutil -dbdir sql:.pki/nssdb/ -list
Card recognised by pcsc_scan, and by the eID viewer

Chrome - works, but not always ;-)

My experience is that Chrome can connect if I log out and login, but does not always work once I have been logged into my Linux account for a while (and simply restarting Chrome is not sufficient). The error I receive on the Test site is:

Error code: ERR_SSL_PROTOCOL_ERROR

Notes
An error message as below simply means that the directory .pki/nssdb does not exist and needs to be created manually.

modutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.

Firefox - works :-)

March 24 - not working

Status: #fail
Chrome 26 (beta); Ubuntu 12.10

Either

Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

Or I run - based on the official Wiki:

modutil -dbdir sql:.pki/nssdb/ -add "Belgium eID" -libfile /usr/lib/libbeidpkcs11.so
modutil -dbdir sql:.pki/nssdb/ -add "Belgium eID" -libfile /usr/lib/libbeidpkcs11.so -mechanisms FRIENDLY -force

and then Chrome segfaults on launch, and can only be started again after deleting ~/.pki/nssdb

This is what I have in ~/.pki/nssdb/pkcs11.txt when it will not start:

library=/usr/lib/libbeidpkcs11.so
name=Belgium eID
NSS=slotParams={0x00000000=[slotFlags=PublicCerts rootFlags=hasRootTrust] }

And, another error seems to be:

~$ certutil -L -d .pki/nssdb/
certutil: function failed: The certificate/key database is in an old, unsupported format.

June 2013 - working

There are (at least) three versions of the software on the Internet:

From the official site (dutch)- version 4.0.2 - download the ubuntu(32bit) deb and install in the usual manner

Firefox - working
The official FAQ on Firefox is farcical - in short, Tax-on-Web is not available in Firefox 4 and above because this browser does not support the SSL connection that the Belgian state acknowledges it is is using, because it is relatively insecure (this has also received press attention)!

And it's true, when you try to connect with Firefox 4+ you get an error:

Error code: ssl_error_renegotiation_not_allowed

There is a way of forcing Firefox to work with this insecure connection method - see here or here. Taxonweb further enforces its restrictions via a user-agent sniff, so you need a switching add-on - use any Microsoft user-agent - to be permitted to pay taxes!

Then all you need to do accept the certificate and permit access to card dialogues, and enter your PIN code.

Chrome - working

Follow http://code.google.com/p/eid-mw/wiki/ChromeLinux
Install a user-agent switcher from the Chrome store, and switch to Firefox (IE does not work)

28 March 2014

TaxOnWeb with Linux - bud-gets card reader

May 2014 - card reader is not being detected

Budgets USB card reader from FNAC not working with Linux, despite Linux being listed as a supported OS on the packaging!

The device is nominally detected by the USB bus:

$ lsusb
Bus 002 Device 014: ID 048d:1365 Integrated Technology Express, Inc.

And in full detail

$ lsusb -s 002 -v
Bus 002 Device 002: ID 048d:1365 Integrated Technology Express, Inc.
Couldn't open device, some information will be missing
Device Descriptor:
bLength 18
bDescriptorType 1
bcdUSB 2.00
bDeviceClass 0 (Defined at Interface level)
bDeviceSubClass 0
bDeviceProtocol 0
bMaxPacketSize0 64
idVendor 0x048d Integrated Technology Express, Inc.
idProduct 0x1365
bcdDevice 1.00
iManufacturer 1
iProduct 2
iSerial 3
bNumConfigurations 1
Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength 93
bNumInterfaces 1
bConfigurationValue 1
iConfiguration 4
bmAttributes 0x80
(Bus Powered)
MaxPower 500mA
Interface Descriptor:
bLength 9
bDescriptorType 4
bInterfaceNumber 0
bAlternateSetting 0
bNumEndpoints 3
bInterfaceClass 11 Chip/SmartCard
bInterfaceSubClass 0
bInterfaceProtocol 0
iInterface 6
ChipCard Interface Descriptor:
bLength 54
bDescriptorType 33
bcdCCID 1.10 (Warning: Only accurate for version 1.0)
nMaxSlotIndex 0
bVoltageSupport 7 5.0V 3.0V 1.8V
dwProtocols 3 T=0 T=1
dwDefaultClock 3750
dwMaxiumumClock 7500
bNumClockSupported 0
dwDataRate 10080 bps
dwMaxDataRate 312500 bps
bNumDataRatesSupp. 0
dwMaxIFSD 254
dwSyncProtocols 00000000
dwMechanical 00000000
dwFeatures 00010030
Auto clock change
Auto baud rate change
TPDU level exchange
dwMaxCCIDMsgLen 271
bClassGetResponse 00
bClassEnvelope 00
wlcdLayout none
bPINSupport 0
bMaxCCIDBusySlots 1
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81 EP 1 IN
bmAttributes 3
Transfer Type Interrupt
Synch Type None
Usage Type Data
wMaxPacketSize 0x0040 1x 64 bytes
bInterval 16
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x02 EP 2 OUT
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 16
Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x83 EP 3 IN
bmAttributes 2
Transfer Type Bulk
Synch Type None
Usage Type Data
wMaxPacketSize 0x0200 1x 512 bytes
bInterval 16

But pcsc_scan does not find anything, and thus the card cannot be found with the eID viewer, nor used with a browser.

19 December 2013

Socket.io: some starter examples

There not being much easy to use documentation, and the existing tutorials being out of date, here is some code that works as of today

 <body>  
 <script src="/socket.io/socket.io.js"></script>  
 <script>  
  var socket = io.connect('http://localhost');  
  socket.on('news', function (data) {  
   console.log(data);  
   $("#test").text(data.hello);  
   socket.emit('my other event', { my: 'data' });  
  });  
 </script>  
 <div id="test"></div>  
 </body>

 var app = require('http').createServer(handler)  
  , io = require('socket.io').listen(app)  
  , fs = require('fs')  
  , url = require('url');  
 app.listen(8001);  
 function handler (req, res) {  
  fs.readFile(__dirname + '/index.html',  
  function (err, data) {  
   if (err) {  
    res.writeHead(500);  
    return res.end('Error loading index.html');  
   }  
   res.writeHead(200);  
   res.end(data);  
  });  
 }  
 function handler2(request, response) {  
  console.log('Connection');  
  var path = url.parse(request.url).pathname;  
  switch(path){  
    case '/':  
      response.writeHead(200, {'Content-Type': 'text/html'});   
      response.write('hello world Simon');  
      response.end();   
      break;  
    default:  
      fs.readFile(__dirname + path, function(error, data){  
        if (error){  
          response.writeHead(404);  
          response.write("oops file doesn't exist - 404");  
        }  
        else{  
          response.writeHead(200, {"Content-Type": "text/html"});  
          response.write(data, "utf8");  
        }  
        response.end();   
      });  
      break;  
  };  
 }  
 io.sockets.on('connection', function (socket) {  
  socket.emit('news', { hello: 'world' });  
  socket.on('my other event', function (data) {  
   console.log(data);  
  });  
 });

18 September 2013

Wordpress custom rss feed

I needed to create a custom rss feed so that some of my wordpress data could be syndicated.

Make a copy of wp-includes/feed-rss2 into a /feeds directory for your theme
Edit the file name to replace rss2 in filename and edit the xml as necessary
Copy the following into functions.php

function do_feed_($for_comments) {
load_template(STYLESHEETPATH . '/feeds/feed-.php');
}
add_action('do_feed_', 'do_feed_', 10, 1);

and then load using http://yourblog.com/?feeds=

Behind the scenes wordpress takes the feeds parameter and looks for the function do_feed_, which you have now set to turn to your feed template

Easy!

Tinkering with Linux & OSX

8 January 2017

Belgian eID with Ubuntu

Jan 2017

Drivers for smart card reader (OMNI 1032)

EId software

7 November 2016

Wordpress on Ubuntu user edition

(Updated for Ubuntu 13.10)

Install LAMP

Enable user directories in Apache

Using a non-standard port

Additional steps

29 August 2015

TaxOnWeb, OSX and Chrome

Aug 2015 - working

June 2013: working

22 April 2014

TaxOnWeb with Ubuntu and Chrome

March 2016 / Ubuntu 15.10 - partially working

May 2015 - sometimes works

Ubuntu 15.04

April 2014 - Working :-)

Ubuntu 14.10

Chrome - works, but not always ;-)

Firefox - works :-)

March 24 - not working

Links

June 2013 - working

28 March 2014

TaxOnWeb with Linux - bud-gets card reader

19 December 2013

Socket.io: some starter examples

Socket.io: some starter examples

18 September 2013

Wordpress custom rss feed

Some eID links

Labels