Closed Bug 1621691 Opened 2 years ago Closed 2 years ago

Failed to load module / security device /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so

Categories

(Release Engineering :: Release Automation: Other, enhancement)

enhancement
Not set
normal

Tracking

(firefox76 fixed, firefox77 fixed, firefox95 affected)

RESOLVED FIXED
Tracking Status
firefox76 --- fixed
firefox77 --- fixed
firefox95 --- affected

People

(Reporter: mikaela, Assigned: mtabara)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0

Steps to reproduce:

Installed Firefox from Flathub beta repository.
Went to Settings -> Privacy -> Security -> Certificates -> Security devices
Attempted to load Failed to load module / security device /usr/lib/x86_64-linux-gnu/onepin-opensc-pkcs11.so

https://github.com/OpenSC/OpenSC/wiki/Installing-OpenSC-PKCS%2311-Module-in-Firefox,-Step-by-Step

Actual results:

Adding a security device failed

Expected results:

I was hoping the security device to be added and to be able to use a smartcard (FINEID) for electronic authentication. I understand that this may be a feature of Flatpak.

Blocks: flatpak
Assignee: nobody → mtabara
Pushed by mtabara@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/bfdecca44c79
expose pcsc socket for OpenSC support in Flatpaks. r=rail

Comment on attachment 9139455 [details]
Bug 1621691 - expose pcsc socket for OpenSC support in Flatpaks. r=rail

Beta/Release Uplift Approval Request

  • User impact if declined: None, it addressed some flatpak automation glitch
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): None, it addressed some flatpak automation glitch
  • String changes made/needed:
Attachment #9139455 - Flags: approval-mozilla-beta?
Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED

Comment on attachment 9139455 [details]
Bug 1621691 - expose pcsc socket for OpenSC support in Flatpaks. r=rail

Flatpak fix, approved for 76.0b5.

Attachment #9139455 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Component: Release Automation: Flatpak → Release Automation: Other

Hi,

Can we reopen this ticket as the solution does not resolve use of opensc from Firefox Flatpak?

Original post from GitHub:

Specifications:

Linux Distribution: Fedora 33 x86_64
Kernel: 5.11.21-200.fc33.x86_64
DE: KDE
Flatpak version: 1.10.2

FireFox: 88.0.1 (x86_64) from Flathub

pcsc-tools: 1.5.7
Java: openjdk 11.0.11 2021-04-20

Smart Card Reader: SCM Microsystems, Inc. SCR331-LC1 / SCR3310 SmartCard Reader

Description:

I used the following command to run Firefox flatpak:

flatpak run --socket=pcsc --device=all org.mozilla.firefox

I then attempted to add a new Security Device to Firefox using the path, /app/lib/opensc-pkcs11.so. Unfortunately I receive the following text within a dialog:

"Unable to add module"

From another discussion on the flatpak IRC channel, I understand that trying to override file access within /usr (where /usr/lib/opensc-pkcs11.so is located) is not possible right now.

Advice received from GitHub was to reopen this ticket, and request the addition of opensc to the flatpak app. The details for doing so resemble those for Thunderbird.

Would appreciate the support to resolve this issue!

I also tried this and found out the following:

• RPM-Firefox (on Fedora 35) has /usr/lib64/p11-kit-proxy.so loaded as a security module.
• I don’t know what’s the difference between p11-kit-proxy.so and opensc-pkcs11.so (before I used to add the latter in Firefox, but that seems to have changed to the first).
• Firefox-Flatpak loads the runtime org.freedesktop.Platform/x86_64/<VERSION>
• These platforms provide the required module at /var/lib/flatpak/runtime/org.freedesktop.Platform/x86_64/21.08/active/files/lib/x86_64-linux-gnu/p11-kit-proxy.so.

At this point, I wasn’t able to succeed, as I don’t know how to load such a platform library into a flatpak. When I tried to specify the path in the dialog, I get the above mentioned error. Maybe that needs to be done in the metadata file of FF flatpak.

Can anyone provide a hint about how to add this library (and what’s the difference between p11-kit-proxy and opensc-pkcs11)? This sole thing blocks me from using the flatpak versions of Firefox and Evolution!

[Tracking Requested - why for this release]:

You need to log in before you can comment on or make changes to this bug.