new release?

classic Classic list List threaded Threaded
51 messages Options
123
Reply | Threaded
Open this post in threaded view
|

Re: FOSS development

Jean-Michel Pouré - GOOZE
> Insisting on changing some hosting situation that has been set up is
> nothing but obnoxious protesting and spitting on the already
> established hosting.

Peter, do you mean that moving OpenSC to GIThub and opening
administration to a group of core developers would be "obnoxious" and
"spitting" on established hosting.

Can you elaborate on that and be more precise?

Kind regards,
--
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

smime.p7s (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: FOSS development

Viktor Tarasov-3
In reply to this post by Peter Stuge-4


On Sun, May 27, 2012 at 11:59 PM, Peter Stuge <[hidden email]> wrote:
Jean-Michel Pouré - GOOZE wrote:
> What I suggest is that OpenSC should be hosted on GIThub with write
> access to core developers (at least 5/6 people).

Insisting on changing some hosting situation that has been set up is
nothing but obnoxious protesting and spitting on the already
established hosting.


Peter, probably it useless, but may I bring once more to your attention the fact
that github is set into the center for Development Policy by Martin himself.


Centering development around github.com brings no benefits whatsoever
over opensc-project.org. The latter allows the project to do nice
integration and customization of all tools. Github not so much.

What integration do you mean? On opensc-project.org the tarball, MSI and DMG are built.
No RPMs, DEB, no automated tests, ...

'Customization of all tools' -- what tools do you mean ?

Effectively, it would be nice to build and publish Linux packages, connect automated tests, include other OpenSC sub-projects, ...
But who will do all this on opensc-project.org? Martin have no time, no one else can/allowed to do something.
Beside the necessity of the perfect commits, can you propose something else?


Kind regards,
Viktor.


//Peter
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Viktor Tarasov-3
In reply to this post by Kalev Lember-2
Hello,


I would like to start preparation of the new release based on the 'staging' branch of GitHub OpenSC .
Your suggestions proposals are heartily welcome.

As far as I see all 'essential' proposals,
that have be committed into the 'staging' branch of OpenSC git repository hosted in opensc-project.org (git://www.opensc-project.org/OpenSC.git),
are present in github OpenSC.

Unfortunately there is no access to the code review service (gerrit) of opensc-project.org and it's not currently possible to pick-up the 'interesting' requests.
So, if anybody interested to see these proposals in the next release,
please, do pull request to 'staging' branch of GitHub OpenSC (git://github.com/OpenSC/OpenSC.git) .

Kind regards,
Viktor.

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Peter Stuge-4
Viktor Tarasov wrote:
> I would like to start preparation of the new release based on the
> 'staging' branch of GitHub OpenSC .
> Your suggestions proposals are heartily welcome.

I suggest, as always, to not release anything without good review.


//Peter
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Jean-Michel Pouré - GOOZE
In reply to this post by Viktor Tarasov-3
Le dimanche 22 juillet 2012 à 17:44 +0200, Viktor Tarasov a écrit :
> So, if anybody interested to see these proposals in the next release,
> please, do pull request to 'staging' branch of GitHub OpenSC
> (git://github.com/OpenSC/OpenSC.git) .

Dear Viktor,

Thank you very much for handling this new release, these are great
news.

As we now have most smartcards on the regression test server, I will try
to organize automatic testing. But I am quite busy and I will try to do
my best in this way.

On the ePass2003 driver, it seems that the number of left tries is not
displayed. And there may be several issues with other cards that we may
discover using automatic testing.

Kind regards,
--
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

smime.p7s (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Douglas E. Engert
In reply to this post by Viktor Tarasov-3
OK, sent pull request to fix a regression where some code in piv-tool.c was inadvertently remove
in 2011.


On 7/22/2012 10:44 AM, Viktor Tarasov wrote:

> Hello,
>
>
> I would like to start preparation of the new release based on the 'staging' branch of GitHub OpenSC .
> Your suggestions proposals are heartily welcome.
>
> As far as I see all 'essential' proposals,
> that have be committed into the 'staging' branch of OpenSC git repository hosted in opensc-project.org (git://www.opensc-project.org/OpenSC.git),
> are present in github OpenSC.
>
> Unfortunately there is no access to the code review service (gerrit) of opensc-project.org and it's not currently possible to pick-up the 'interesting' requests.
> So, if anybody interested to see these proposals in the next release,
> please, do pull request to 'staging' branch of GitHub OpenSC (git://github.com/OpenSC/OpenSC.git) .



>
> Kind regards,
> Viktor.
>
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Viktor Tarasov-3
In reply to this post by Viktor Tarasov-3
Hello,

Le 22/07/2012 17:44, Viktor Tarasov a écrit :

> I would like to start preparation of the new release based on the 'staging' branch of GitHub OpenSC .
> Your suggestions proposals are heartily welcome.
>
> As far as I see all 'essential' proposals,
> that have be committed into the 'staging' branch of OpenSC git repository hosted in opensc-project.org (git://www.opensc-project.org/OpenSC.git),
> are present in github OpenSC.
>
> Unfortunately there is no access to the code review service (gerrit) of opensc-project.org and it's not currently possible to pick-up the 'interesting' requests.
> So, if anybody interested to see these proposals in the next release,
> please, do pull request to 'staging' branch of GitHub OpenSC (git://github.com/OpenSC/OpenSC.git) .

If anyone has more or less significant proposals, especially the ones that touch the common framework,
please, create the pull requests for github OpenSC.git/staging until the next weekend .
Don't worry if you will not arrive until this term -- I hope to make automatic the essential part of release process and so,
to make releases more frequents.

The next weekend I hope to start the advanced non-regression tests of the current 'staging' and to tag the candidate for release.

Look also if something essential is missing in the current 'NEWS' of 'staging'.
Sorry, 'NEWS' do not reflects in details all the contributions that have been made during the last year -- they are too numerous.

'Codereview' service of opensc-project.org is still not accessible and so there is no possibility to pick-up
the 'useful' proposals that have been made there.

Kind regards,
Viktor.
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Ludovic Rousseau
Hello,

2012/8/5 Viktor Tarasov <[hidden email]>:
> If anyone has more or less significant proposals, especially the ones that touch the common framework,
> please, create the pull requests for github OpenSC.git/staging until the next weekend .
> Don't worry if you will not arrive until this term -- I hope to make automatic the essential part of release process and so,
> to make releases more frequents.

Someone just reported [1] a crash on Mountain Lion (OS X 10.8).
I don't think I will have time to work on it.

> The next weekend I hope to start the advanced non-regression tests of the current 'staging' and to tag the candidate for release.
>
> Look also if something essential is missing in the current 'NEWS' of 'staging'.
> Sorry, 'NEWS' do not reflects in details all the contributions that have been made during the last year -- they are too numerous.

I fixed some typos in the NEWS file. Available as a pull-request on github.

> 'Codereview' service of opensc-project.org is still not accessible and so there is no possibility to pick-up
> the 'useful' proposals that have been made there.

I asked Martin to restart it. The Codereview service is now up and running.

Bye

[1] http://ludovicrousseau.blogspot.com/2012/08/mac-os-x-mountain-lion-and-smart-card.html?showComment=1344198899128#c8343187550094818437

--
 Dr. Ludovic Rousseau
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Jean-Michel Pouré - GOOZE
In reply to this post by Viktor Tarasov-3
Le dimanche 05 août 2012 à 19:48 +0200, Viktor Tarasov a écrit :
> The next weekend I hope to start the advanced non-regression tests of
> the current 'staging' and to tag the candidate for release.

I will open access to the development server and regression test server
tonight. I was quite busy and failed to do any work these last days.
Sorry!

Kind regards,
--
                  Jean-Michel Pouré - Gooze - http://www.gooze.eu

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

smime.p7s (8K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Douglas E. Engert
In reply to this post by Viktor Tarasov-3
I am going to send shortly, under a different subject, a problem dealing with user_consent,
CK_ALWAYS_AUTHENTICATE, OpenSC and Thunderbird. I would like to see it addressed in
the next release.


On 8/5/2012 12:48 PM, Viktor Tarasov wrote:

> Hello,
>
> Le 22/07/2012 17:44, Viktor Tarasov a écrit :
>> I would like to start preparation of the new release based on the 'staging' branch of GitHub OpenSC .
>> Your suggestions proposals are heartily welcome.
>>
>> As far as I see all 'essential' proposals,
>> that have be committed into the 'staging' branch of OpenSC git repository hosted in opensc-project.org (git://www.opensc-project.org/OpenSC.git),
>> are present in github OpenSC.
>>
>> Unfortunately there is no access to the code review service (gerrit) of opensc-project.org and it's not currently possible to pick-up the 'interesting' requests.
>> So, if anybody interested to see these proposals in the next release,
>> please, do pull request to 'staging' branch of GitHub OpenSC (git://github.com/OpenSC/OpenSC.git) .
>
> If anyone has more or less significant proposals, especially the ones that touch the common framework,
> please, create the pull requests for github OpenSC.git/staging until the next weekend .
> Don't worry if you will not arrive until this term -- I hope to make automatic the essential part of release process and so,
> to make releases more frequents.
>
> The next weekend I hope to start the advanced non-regression tests of the current 'staging' and to tag the candidate for release.
>
> Look also if something essential is missing in the current 'NEWS' of 'staging'.
> Sorry, 'NEWS' do not reflects in details all the contributions that have been made during the last year -- they are too numerous.
>
> 'Codereview' service of opensc-project.org is still not accessible and so there is no possibility to pick-up
> the 'useful' proposals that have been made there.
>
> Kind regards,
> Viktor.
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

OpenSC, CK_ALWAYS_AUTHENTICATE and Thunderbird

Douglas E. Engert
In reply to this post by Viktor Tarasov-3

This past week, a situation has arising where the combination of OpenSC,
Thunderbird and some newer cards have combined to make a signature operation fail.

SITUATION:

   (1) Card enforces pin verify to be the last command to card before
       a crypto command to do signature for some keys on the card.
       (NIST-800-73-3 part 1 Section 3.2.3 "PIN Always")

   (2) OpenSC card driver sets user_consent bit for these keys.

   (3) OpenSC supports CK_ALWAYS_AUTHENTICATE attribute on private key
       objects to tell caller PIN is required before a crypto operation.

   (3) OpenSC sc_pkcs15_pincache* routines will not cache a PIN that is used
       for any object that has user_consent.

   (4) On some systems if the user does not have privileges or the rlimit_memlock
       is to small, PIN caching will not be done.

       Solaris: requires PRIV_PROC_LOCK_MEMORY privilege, normal users don't have it.
       Ubuntu:  CAP_IPC_LOCK privilege or rlimit_memlock is large enough. 64k default?


   (5) Productions versions of Thunderbird with NSS do not implement
       CK_ALWAYS_AUTHENTICATE and don't ask for the attribute.
             https://bugzilla.mozilla.org/show_bug.cgi?id=357025
       is scheduled for NSS 3.14.

   (6) Thunderbird may send request to card between PIN and crypto even with the
       above patch.
             https://bugzilla.mozilla.org/show_bug.cgi?id=613507
       is scheduled for NSS 3.1.4

SOFTWARE VERSIONS OUT OF SYNC:

OpenSC is running as expected supporting cards that enforce
"PIN Always"/user_consent/CK_ALWAYS_AUTHENTICATE, and will not cache PINs
in this case.

But the  PKCS#11 caller must send the PIN just before a crypto opertation
The PIN could have been from the initial C_Login or from C_Login
with the CKU_CONTEXT_SPECIFIC flag.

If the caller does not support CK_ALWAYS_AUTHENTICATE, a signature
operation might work if the initial PIN was sent and no other operations
were sent to the card before the crypto operation. (It would only work
once.) The PIN is not being cached so sc_pkcs15_pincache_revalidate
does not work.

WHAT CAN WE DO?

(1) Wait till NSS 3.14 is implemented in Thunderbird, and distributed
     by vendors. This is a timing issue, which is out of our control.

(2) Modify OpenSC to back off and allow pin caching even for user_consent
     pins. (But mlock might get in the way, minor problem, as admin can allow it.)

(3) Modify OpenSC to add pin_cache_user_consent as a parameter
     that would be off by default.

(4) Create a opensc-pkcs11.tb.hack.so much like the opensc-pkcs11-onepin.so

(5) Modify OpenSC to recognize NSS and if it supports CK_ALWAYS_AUTHENTICATE
     and allow user_concert pin caching.

If we do nothing that is (1) and eventually things will work as expected.

I don't think (5) can be done as it is too late in the process to cache the
first PIN. A signature operation will fail, but a user might be able to try
it again. (Makes both TB and OpenSC look bad, and is not user friendly.)
(3) would work, but is ugly.

Comment?

Are there cards other then the PIV that have this problem?
























--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Frank Morgner
In reply to this post by Viktor Tarasov-3
With SM enabled, I encountered the following warnings, that could be fixed:

pkcs15-iasecc.c: In function 'iasecc_file_convert_acls':
pkcs15-iasecc.c:327:30: warning: initialization discards 'const' qualifier from pointer target type [enabled by default]
card-jcop.c: In function 'jcop_set_security_env':
card-jcop.c:645:35: warning: passing argument 1 of 'memcpy' discards 'const' qualifier from pointer target type [enabled by default]
In file included from card-jcop.c:23:0:
/usr/include/string.h:44:14: note: expected 'void * __restrict__' but argument is of type 'const struct sc_security_env_t *'
card-authentic.c: In function 'authentic_sm_get_wrapped_apdu':
card-authentic.c:2327:3: warning: passing argument 1 of 'memcpy' discards 'const' qualifier from pointer target type [enabled by default]
In file included from card-authentic.c:29:0:
/usr/include/string.h:44:14: note: expected 'void * __restrict__' but argument is of type 'const u8 *'
card-iasecc.c: In function 'iasecc_keyset_change':
card-iasecc.c:2218:25: warning: assignment discards 'const' qualifier from pointer target type [enabled by default]
card-iasecc.c:2223:25: warning: assignment discards 'const' qualifier from pointer target type [enabled by default]

--
Frank Morgner

Virtual Smart Card Architecture http://vsmartcard.sourceforge.net
OpenPACE                        http://openpace.sourceforge.net
IFD Handler for libnfc Devices  http://sourceforge.net/projects/ifdnfc

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel

attachment0 (501 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Douglas E. Engert
In reply to this post by Douglas E. Engert
I have sent a pull request to github, wich includes 3 different commits
but all listed under the same pull request. (I would have suspected it
let be do 3 pull requests.)

https://github.com/dengert/OpenSC/commit/1542022a6aefb86de95c734bb3923f2b3b59490e
   Needed to get code to compile.


https://github.com/dengert/OpenSC/commit/d36b8fc45e8e77cd620976cb5c21c08baecd0480
  Updates some comments and removes the "PIN Always" from the PIV 9D key.


https://github.com/dengert/OpenSC/commit/8052e2f940810f3010542933619d18b98488e84a
  Implements a solution to the problem described in my message
"[opensc-devel] OpenSC, CK_ALWAYS_AUTHENTICATE and Thunderbird" from 8/6/2012


I would like to see these in 0.13.0 if possible as
there are users with these problems.


On 8/6/2012 9:34 AM, Douglas E. Engert wrote:

> I am going to send shortly, under a different subject, a problem dealing with user_consent,
> CK_ALWAYS_AUTHENTICATE, OpenSC and Thunderbird. I would like to see it addressed in
> the next release.
>
>
> On 8/5/2012 12:48 PM, Viktor Tarasov wrote:
>> Hello,
>>
>> Le 22/07/2012 17:44, Viktor Tarasov a écrit :
>>> I would like to start preparation of the new release based on the 'staging' branch of GitHub OpenSC .
>>> Your suggestions proposals are heartily welcome.
>>>
>>> As far as I see all 'essential' proposals,
>>> that have be committed into the 'staging' branch of OpenSC git repository hosted in opensc-project.org (git://www.opensc-project.org/OpenSC.git),
>>> are present in github OpenSC.
>>>
>>> Unfortunately there is no access to the code review service (gerrit) of opensc-project.org and it's not currently possible to pick-up the 'interesting' requests.
>>> So, if anybody interested to see these proposals in the next release,
>>> please, do pull request to 'staging' branch of GitHub OpenSC (git://github.com/OpenSC/OpenSC.git) .
>>
>> If anyone has more or less significant proposals, especially the ones that touch the common framework,
>> please, create the pull requests for github OpenSC.git/staging until the next weekend .
>> Don't worry if you will not arrive until this term -- I hope to make automatic the essential part of release process and so,
>> to make releases more frequents.
>>
>> The next weekend I hope to start the advanced non-regression tests of the current 'staging' and to tag the candidate for release.
>>
>> Look also if something essential is missing in the current 'NEWS' of 'staging'.
>> Sorry, 'NEWS' do not reflects in details all the contributions that have been made during the last year -- they are too numerous.
>>
>> 'Codereview' service of opensc-project.org is still not accessible and so there is no possibility to pick-up
>> the 'useful' proposals that have been made there.
>>
>> Kind regards,
>> Viktor.
>> _______________________________________________
>> opensc-devel mailing list
>> [hidden email]
>> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>>
>>
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Viktor Tarasov-3
In reply to this post by Viktor Tarasov-3
Hello,

current github 'staging' is tagged as v0.13.0-pre1.

If no objections, I will merge this branch into github 'master' -- it will be base version to test
and to prepare the coming release candidate.

For the future (after this release), I think (and it was already suggested here)
that we don't really need two branches in github.
We could use the unique 'master' branch, tag it as needed by release process,
and to manage all proposals as pull requests to 'master'.

For a while there is no packages (tarbals, MSIs, ...) labeled by tag name,
only the packages automatically built on 'staging' branch and labeled by git version.

I will create the release dedicated jenkins jobs and will put thus prepared packages onto the 'usual' places.


Kind regards,
Viktor.

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Douglas E. Engert
OK with me. I can not do any testing till early next week.


On 9/6/2012 1:06 PM, Viktor Tarasov wrote:

> Hello,
>
> current github 'staging' is tagged as v0.13.0-pre1.
>
> If no objections, I will merge this branch into github 'master' -- it will be base version to test
> and to prepare the coming release candidate.
>
> For the future (after this release), I think (and it was already suggested here)
> that we don't really need two branches in github.
> We could use the unique 'master' branch, tag it as needed by release process,
> and to manage all proposals as pull requests to 'master'.
>
> For a while there is no packages (tarbals, MSIs, ...) labeled by tag name,
> only the packages automatically built on 'staging' branch and labeled by git version.
>
> I will create the release dedicated jenkins jobs and will put thus prepared packages onto the 'usual' places.
>
>
> Kind regards,
> Viktor.
>
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Andreas Schwier
In reply to this post by Viktor Tarasov-3
Hi Victor,

I'm fine with that. We still need more time for testing write support in
the SmartCard-HSM driver. So we rather take our time and put that
functionality into a later release.

Andreas

Am 06.09.2012 20:06, schrieb Viktor Tarasov:

> Hello,
>
> current github 'staging' is tagged as v0.13.0-pre1.
>
> If no objections, I will merge this branch into github 'master' -- it will be base version to test
> and to prepare the coming release candidate.
>
> For the future (after this release), I think (and it was already suggested here)
> that we don't really need two branches in github.
> We could use the unique 'master' branch, tag it as needed by release process,
> and to manage all proposals as pull requests to 'master'.
>
> For a while there is no packages (tarbals, MSIs, ...) labeled by tag name,
> only the packages automatically built on 'staging' branch and labeled by git version.
>
> I will create the release dedicated jenkins jobs and will put thus prepared packages onto the 'usual' places.
>
>
> Kind regards,
> Viktor.
>
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel


--

    ---------    CardContact Software & System Consulting
   |.##> <##.|   Andreas Schwier
   |#       #|   Schülerweg 38
   |#       #|   32429 Minden, Germany
   |'##> <##'|   Phone +49 171 8334920
    ---------    http://www.cardcontact.de
                 http://www.tscons.de
                 http://www.openscdp.org

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Kalev Lember-2
In reply to this post by Viktor Tarasov-3
On 09/06/2012 08:06 PM, Viktor Tarasov wrote:
> Hello,
>
> current github 'staging' is tagged as v0.13.0-pre1.
>
> If no objections, I will merge this branch into github 'master' -- it will be base version to test
> and to prepare the coming release candidate.

Very good idea. I think it makes a lot of sense to have just one
'master' branch for development; this is what people coming over from
other projects tend to expect.

--
Kalev
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Viktor Tarasov-3
Hello,

Le 15/09/2012 16:52, Kalev Lember a écrit :

> On 09/06/2012 08:06 PM, Viktor Tarasov wrote:
>> Hello,
>>
>> current github 'staging' is tagged as v0.13.0-pre1.
>>
>> If no objections, I will merge this branch into github 'master' -- it will be base version to test
>> and to prepare the coming release candidate.
> Very good idea. I think it makes a lot of sense to have just one
> 'master' branch for development; this is what people coming over from
> other projects tend to expect.


'Master' and 'staging' are actually synchronized and for the new pull requests I propose to create them relative to the 'master' branch.
Until the end of this release the pull requests to 'staging' are also accepted.

The tag name 'v0.13.0-pre1' has been changed (sorry) to '0.13.0pre1' -- still cannot understand which common set of characters
could be used for the release-version/tag-name to satisfy 'git', 'obs', 'dpkg-build', ...

Commits to 'master' and new tags trigger the jenkins jobs of build, packaging and some rudimentary test of package and unit tests (for Suse).
https://opensc.fr/jenkins/view/Open <https://opensc.fr/jenkins/view/OpenSC-release/>SC-release/ <https://opensc.fr/jenkins/view/OpenSC-release/>

The resulting packages are transfered to 'download' part of the opensc-project.org file server:
 - commits to
    http://www.opensc-project.org/downloads/projects/opensc/nightly/
 - releases to
    http://www.opensc-project.org/downloads/projects/opensc/releases/


For a while there are only source tarballs, MSIs for x32 and x64 and rpm i586 for opensSuSE 12.1 .
Hope that rapidly the building of releases packages for some debian/ubuntu distributions will be connected.

It would be nice if you could look/test the tarball or packages of the release 0.13.0pre1.
Your remarks, proposals, contributions are heartily welcome.

Kind regards,
Viktor.
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Douglas E. Engert
I have been testing 0.13.0-pre1 from tarball listed below.

Builds on Solaris.

works with MIT Kerberos PKINIT and pam_krb5 to login to AD as the KDC.

Can sign Email using thunderbird 13.0.1.

The pkcs11-tool -derive using ECDH works using a PIV test card from NIST
and a card I created. (i.e. using the key frome a card and the cert from
the other card, will produce the same secret key.)

On 9/17/2012 3:00 PM, Viktor Tarasov wrote:

> Hello,
>
> Le 15/09/2012 16:52, Kalev Lember a écrit :
>> On 09/06/2012 08:06 PM, Viktor Tarasov wrote:
>>> Hello,
>>>
>>> current github 'staging' is tagged as v0.13.0-pre1.
>>>
>>> If no objections, I will merge this branch into github 'master' -- it will be base version to test
>>> and to prepare the coming release candidate.
>> Very good idea. I think it makes a lot of sense to have just one
>> 'master' branch for development; this is what people coming over from
>> other projects tend to expect.
>
>
> 'Master' and 'staging' are actually synchronized and for the new pull requests I propose to create them relative to the 'master' branch.
> Until the end of this release the pull requests to 'staging' are also accepted.
>
> The tag name 'v0.13.0-pre1' has been changed (sorry) to '0.13.0pre1' -- still cannot understand which common set of characters
> could be used for the release-version/tag-name to satisfy 'git', 'obs', 'dpkg-build', ...
>
> Commits to 'master' and new tags trigger the jenkins jobs of build, packaging and some rudimentary test of package and unit tests (for Suse).
> https://opensc.fr/jenkins/view/Open <https://opensc.fr/jenkins/view/OpenSC-release/>SC-release/ <https://opensc.fr/jenkins/view/OpenSC-release/>
>
> The resulting packages are transfered to 'download' part of the opensc-project.org file server:
>   - commits to
>      http://www.opensc-project.org/downloads/projects/opensc/nightly/
>   - releases to
>      http://www.opensc-project.org/downloads/projects/opensc/releases/
>
>
> For a while there are only source tarballs, MSIs for x32 and x64 and rpm i586 for opensSuSE 12.1 .
> Hope that rapidly the building of releases packages for some debian/ubuntu distributions will be connected.
>
> It would be nice if you could look/test the tarball or packages of the release 0.13.0pre1.
> Your remarks, proposals, contributions are heartily welcome.
>
> Kind regards,
> Viktor.
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: new release?

Viktor Tarasov-3
On Wed, Sep 19, 2012 at 11:54 PM, Douglas E. Engert <[hidden email]> wrote:
I have been testing 0.13.0-pre1 from tarball listed below.

Builds on Solaris.

works with MIT Kerberos PKINIT and pam_krb5 to login to AD as the KDC.

Can sign Email using thunderbird 13.0.1.

The pkcs11-tool -derive using ECDH works using a PIV test card from NIST
and a card I created. (i.e. using the key frome a card and the cert from
the other card, will produce the same secret key.)

Ok, thanks for the testing.

In 0.13.0-pre1 there is the bug that concerns the using of non-initialized OID data.
My non-regression tests were done with the current (d525ca97e3) 'master' version:

For the OpenSC installed on Linux from tarball 
the following tests of the where done using the pkcs15 and pkcs11 tools, 
with the cards 'CardOS v4.3B', 'SetCOS 4.4.1 B', 'Athena', 'Aventra' and 'Feitian':
- erase card (pkcs15-init -E);
- initialize (ex. pkcs15-init -C --label "IDX-SCM" -P --auth-id 53434D --so-pin "12345678" --so-puk "123456" --pin "999999" --puk "888888");
- generate RSA 1024/2048 (depending on card);
- import PKCS#12 with user and CA certificates;
- get public key from imported or generated key;
- sign data using pkcs15-crypt and pkcs11-tool and verify it with openssl;
- decrypt the data encypted by openssl;

Using Firefox 12.0 and Thunderbird 15.0.1, on Vista, with IAS/ECC card and OpenSC installed from MSI:
- generate key and sign certificate request;
- import certificate;
- authenticate to access protected web page.
- import PKCS#12;
- sign mail;
- decrypt mail.

As for me, still to test are minidriver (IE and outlook), smartcard logon (windows) and SM (for the cards that support it).

Do you have other suggestions for the non-regression tests?

Kind regards,
Viktor.

 

On 9/17/2012 3:00 PM, Viktor Tarasov wrote:
> Hello,
>
> Le 15/09/2012 16:52, Kalev Lember a écrit :
>> On 09/06/2012 08:06 PM, Viktor Tarasov wrote:
>>> Hello,
>>>
>>> current github 'staging' is tagged as v0.13.0-pre1.
>>>
>>> If no objections, I will merge this branch into github 'master' -- it will be base version to test
>>> and to prepare the coming release candidate.
>> Very good idea. I think it makes a lot of sense to have just one
>> 'master' branch for development; this is what people coming over from
>> other projects tend to expect.
>
>
> 'Master' and 'staging' are actually synchronized and for the new pull requests I propose to create them relative to the 'master' branch.
> Until the end of this release the pull requests to 'staging' are also accepted.
>
> The tag name 'v0.13.0-pre1' has been changed (sorry) to '0.13.0pre1' -- still cannot understand which common set of characters
> could be used for the release-version/tag-name to satisfy 'git', 'obs', 'dpkg-build', ...
>
> Commits to 'master' and new tags trigger the jenkins jobs of build, packaging and some rudimentary test of package and unit tests (for Suse).
> https://opensc.fr/jenkins/view/Open <https://opensc.fr/jenkins/view/OpenSC-release/>SC-release/ <https://opensc.fr/jenkins/view/OpenSC-release/>
>
> The resulting packages are transfered to 'download' part of the opensc-project.org file server:
>   - commits to
>      http://www.opensc-project.org/downloads/projects/opensc/nightly/
>   - releases to
>      http://www.opensc-project.org/downloads/projects/opensc/releases/
>
>
> For a while there are only source tarballs, MSIs for x32 and x64 and rpm i586 for opensSuSE 12.1 .
> Hope that rapidly the building of releases packages for some debian/ubuntu distributions will be connected.
>
> It would be nice if you could look/test the tarball or packages of the release 0.13.0pre1.
> Your remarks, proposals, contributions are heartily welcome.
>
> Kind regards,
> Viktor.
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  <a href="tel:%28630%29%20252-5444" value="+16302525444">(630) 252-5444


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel


_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
123