Bug 5846 - Upgrade pcsc-lite version in cenbuild
Summary: Upgrade pcsc-lite version in cenbuild
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Smart card (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.14.0
Assignee: Pierre Ossman
Keywords: prosaic, wilsj_tester
Depends on:
Reported: 2016-04-19 13:05 CEST by Peter Åstrand
Modified: 2022-06-13 07:21 CEST (History)
2 users (show)

See Also:
Acceptance Criteria:

Patch to build pcsctun with both old and new versions of pcsc-lite (3.39 KB, patch)
2019-02-26 10:12 CET, Peter Åstrand

Description Peter Åstrand cendio 2016-04-19 13:05:03 CEST
Our build system uses pcsc-lite-1.5.5, which was released 2009-07-28. That's almost 7 years old. Even Debian uses a more modern version: 1.8.4, from 2012. 

Apparently we are only using the header files, but even so, IMHO it's not a good thing to build with header files which are very different from the runtime system. Another problem is that we will not detect when our code does not build with more modern versions. This affects the case of building, say, the ThinLinc client outside cenbuild, but also upstream projects such as rdesktop. 

If we do not want to / cannot upgrade to the latest version (which is 1.8.16, released 2016-03-20), we can probably use something that's at least a little bit less ancient.
Comment 2 Peter Åstrand cendio 2019-02-26 10:12:01 CET
Created attachment 904 [details]
Patch to build pcsctun with both old and new versions of pcsc-lite
Comment 3 Pierre Ossman cendio 2021-09-15 12:47:32 CEST
Doing this now together with bug 7764 do get rid of some hacks in OpenSC.
Comment 7 Pierre Ossman cendio 2021-09-16 16:40:17 CEST
Seems to work well. Tested a signature operation using pkcs15-tool with an Ubuntu 20.04 server. Clients were Fedora 34, macOS 11 and Windows 10. The card was a MyEID 4.5.5 card with a 4096 bit key.
Comment 8 William Sjöblom cendio 2021-09-22 13:02:09 CEST
From an inspection of the changes made to the relevant PCSC-lite
headers, the ABI seem to have remained stable between 1.5.5 (earlier
version) and 1.9.2 (new version). Since we only use the header-defined
data-structures and do not link with PCSC-lite, this stability is

I tested signing (with pkcs15-tool) and verifying files using the Inera
card (with a 2048 bit key) with the armhf Jenkins client build #2205
running on Ubuntu 13.10 (with PCSC-lite 1.8.6) without any issues. This
was done against a Ubuntu 20.04 server.

Looks good!

Note You need to log in before you can comment on or make changes to this bug.