Comment 24 for bug 1967632

Revision history for this message
Douglas E Engert (dengert) wrote :

Thanks for the ldd output.
libpcsclite.so.1 is the lib to used the pcscd socket, and is used by modules libstpkcs11.so, libeToken.so.10.7.77 and libopensc.so.8 (see below) It is not used in libbit4xpki.so which may be a software pkcs11 or does not use pcscd.

libcrypto.so.1.1 is OpenSSL-1.1 and also used by modules libstpkcs11.so and opensc-pkcs11.so

So libstpkcs11.so, libeToken.so.10.7.77 and libstpkcs11.so, libeToken.so.10.7.77 all appear to work as all the libs are available.

The difference is opensc-pkcs11.so needs to load libopensc.so.8 and a few others that I have not looked at

On a 22.04.1 system running the command `sudo snap run --shell firefox.firefox` will run snap as root to have snap start up a shell with the environment that firefox would run under.

The `df` command shows:

/dev/sda3 122388080 11202960 104921928 10% /var/lib/snapd/hostfs
tmpfs 814036 1272 812764 1% /run
tmpfs 5120 4 5116 1% /run/lock
tmpfs 814036 100 813936 1% /run/user/1000
/dev/loop0 128 128 0 100% /snap/bare/5
/dev/loop1 63488 63488 0 100% /snap/core20/1587
/dev/loop2 63488 63488 0 100% /
/dev/loop3 167296 167296 0 100% /snap/firefox/1635
/dev/loop4 181248 181248 0 100% /snap/firefox/1749
/dev/loop5 410496 410496 0 100% /snap/gnome-3-38-2004/112
/dev/loop7 48128 48128 0 100% /snap/snapd/16292
/dev/loop6 93952 93952 0 100% /snap/gtk-common-themes/1535
/dev/sda2 524252 5364 518888 2% /var/lib/snapd/hostfs/boot/efi
Argonne 1952871748 479641924 1473229824 25% /media/sf_Argonne
VM-Shared 1952871748 479641924 1473229824 25% /media/sf_VM-Shared
/dev/loop8 354688 354688 0 100% /snap/gnome-3-38-2004/115
udev 4034884 0 4034884 0% /dev
tmpfs 4070180 0 4070180 0% /dev/shm
tmpfs 4070180 0 4070180 0% /snap/firefox/1749/data-dir/icons
tmpfs 4070180 0 4070180 0% /snap/firefox/1749/data-dir/sounds
tmpfs 4070180 0 4070180 0% /snap/firefox/1749/data-dir/themes
tmpfs 4070180 1996 4068184 1% /usr/lib/x86_64-linux-gnu
tmpfs 4070180 0 4070180 0% /usr/share

and /var/lib/snapd/hostfs is the host's filesystem. I was able to copy libopensc.so.8.0.0 and symlink libopensc.so.8.0.0 to /usr/lib/x86_64-linux-gnu FF will still not load opensc-pkcs11.so and it will be gone on a reboot.

snap does set sone environemt variables that could help:
LD_PRELOAD=:/snap/firefox/1749/gnome-platform/$LIB/bindtextdomain.so
LD_LIBRARY_PATH=/var/lib/snapd/lib/gl:/var/lib/snapd/lib/gl32:/var/lib/snapd/void:/snap/firefox/1749/usr/lib:/snap/firefox/1749/usr/lib/x86_64-linux-gnu:/snap/firefox/1749/gnome-platform/lib/x86_64-linux-gnu:/snap/firefox/1749/gnome-platform/usr/lib/x86_64-linux-gnu:/snap/firefox/1749/gnome-platform/usr/lib:/snap/firefox/1749/gnome-platform/lib:/snap/firefox/1749/gnome-platform/usr/lib/x86_64-linux-gnu/dri:/var/lib/snapd/lib/gl:/snap/firefox/1749/gnome-platform/usr/lib/x86_64-linux-gnu/libunity:/snap/firefox/1749/gnome-platform/usr/lib/x86_64-linux-gnu/pulseaudio

So this is where I am at. Firefox-esr from debiaen works with opensc. Forefox from snap does not. It appears the some effort when it to geting p11-kit to start, but all p11-kit does is load other pkcs11 modules, that may have been installed using normal apt-get. It the initial comments of this bug report there were suggestions to copy the single file if a pkcs11 module to a "doc" directory, but no attempt was made to copy dependent libraries that the module needs.

These will only work if missing libraries are in the snap base or of firefox snap packages.

OpenSC also has a notify capability to tell the user when a card was inserted or removed. This may add additional complications to getting it to work under snap.

Not much else I can do.