Smartcard drivers manual installation

Revision as of 15:26, 13 April 2015 by WikiFreak (talk | contribs) (PCSC as a service)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)


The PCSC library shipped with most distributions is a bit old. Sometimes you might need something more recent.

... In such cases you need to:

  • Compile and install PCSC + its dependencies manually
  • Register a specific smart-card driver, if any is available
  • Manage the start/stop script of PCSC as a service
  • Create the missing symlinks like the apt-get official package does


Requirements

Packages

sudo apt-get install build-essential
sudo apt-get install libudev-dev
sudo apt-get install libusb-1.0.0 libusb-dev
sudo apt-get install usbutils


user/group

Create new user & group

sudo adduser --system --no-create-home pcsc
sudo groupadd --system pcscd


Register existing users to the new group

vim /etc/group

Add PCSC user to the group

pcscd:x:999:pcsc


HID Driver (step 1)

This step is specific to HID hardware.


Try to install HID driver

tar xzvf ifdokccid_linux_x86_64-v4.0.5.5.tar.gz
cd ifdokccid_linux_x86_64-v4.0.5.5/
sudo ./install

This step should be a failure... But specifics PCSC libs are now in /usr/lib/pcsc/drivers/ifdokccid_linux_x86_64-v4.0.5.5.bundle


PCSC-lite (Linux driver)

PCSC lite is the reference Open Source driver on all *nux platforms.



Install

Unzip and prepare compilation

unzip pcsclite-latest.zip
tar xjvf pcsc-lite-1.8.13.tar.bz2
cd pcsc-lite-1.8.13/
chmod +x configure


♦ NETBOOT trick ♦ You need to perform the following extra-operations in your chroot environment

apt-get install -f
apt-get install pkg-config libusb-dev
dpkg --configure -a
apt-get install -f
export LD_LIBRARY_PATH=/usr/local/lib


Configure, compile and install the driver:

./configure --enable-usbdropdir=/usr/lib/pcsc/drivers
make
sudo make install
sudo make fix-rights


Create symlinks

The manual installation does not create the same symlinks as the Debian official package.

You must create the missing links if you'd like to use PCSC_SCAN and the JAVA smartcard I/O.

# Find the library (binary)
find / -name libpcsclite.so.1.0.0
 
# Create symlinks
ln -s /usr/local/lib/libpcsclite.so.1.0.0 /lib/x86_64-linux-gnu/libpcsclite.so.1
ln -s /usr/local/lib/libpcsclite.so.1.0.0 /lib/x86_64-linux-gnu/libpcsclite.so.1.0.0


Start/Stop script

Create a new daemon manager, the file must be name pcscd!

vim /etc/init.d/pcscd


Put the following content:

#! /bin/sh
### BEGIN INIT INFO
# Provides: pcscd
# Required-Start:    $local_fs $remote_fs $syslog
# Required-Stop:     $local_fs $remote_fs $syslog
# Should-Start:      udev
# Should-Stop:       udev
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Daemon to access a smart card using PC/SC
# Description:       The PC/SC daemon is used to dynamically
#                    allocate/deallocate reader drivers at runtime and manage
#                    connections to the readers.
### END INIT INFO

# Authors: 
#   Carlos Prados Bocos <cprados@debian.org>
#   Ludovic Rousseau <rousseau@debian.org>

# Do NOT "set -e"

# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/lib/pcsc/
DESC="PCSC Lite resource manager"
NAME=pcscd
DAEMON=/usr/local/sbin/$NAME
IPCDIR=/var/run/pcscd
PIDFILE=$IPCDIR/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME

# if you need to pass arguments to pcscd you should edit the file
# /etc/default/pcscd and add a line 
# DAEMON_ARGS="--your-option"

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions

# get LANG variable (code from /etc/init.d/keymap.sh)
ENV_FILE="none"
[ -r /etc/environment ] && ENV_FILE="/etc/environment"
[ -r /etc/default/locale ] && ENV_FILE="/etc/default/locale"

value=$(egrep "^[^#]*LANG=" $ENV_FILE | tail -n1 | cut -d= -f2)
eval LANG=$value

#
# Function that starts the daemon/service
#
do_start()
{
	# create $IPCDIR with correct access rights
	if [ ! -d $IPCDIR ]
	then
		rm -rf $IPCDIR
		mkdir $IPCDIR
	fi
	chmod 0755 $IPCDIR

	# Return
	#   0 if daemon has been started
	#   1 if daemon was already running
	#   2 if daemon could not be started
	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
		|| return 1
	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
		$DAEMON_ARGS \
		|| return 2
	# Add code here, if necessary, that waits for the process to be ready
	# to handle requests from services started subsequently which depend
	# on this one.  As a last resort, sleep for some time.
}

#
# Function that stops the daemon/service
#
do_stop()
{
	# Return
	#   0 if daemon has been stopped
	#   1 if daemon was already stopped
	#   2 if daemon could not be stopped
	#   other if a failure occurred
	start-stop-daemon --stop --quiet --retry=3 --pidfile $PIDFILE --name $NAME
	RETVAL="$?"
	[ "$RETVAL" = 2 ] && return 2
}

case "$1" in
  start)
	[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
	do_start
	case "$?" in
		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
	esac
	;;
  stop)
	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
	do_stop
	case "$?" in
		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
	esac
	;;
  status)
	  status_of_proc -p "$PIDFILE" "$DAEMON" "$NAME" && exit 0 || exit $?
	  ;;
  restart|force-reload)
	#
	# If the "reload" option is implemented then remove the
	# 'force-reload' alias
	#
	log_daemon_msg "Restarting $DESC" "$NAME"
	do_stop
	case "$?" in
	  0|1)
		do_start
		case "$?" in
			0) log_end_msg 0 ;;
			1) log_end_msg 1 ;; # Old process is still running
			*) log_end_msg 1 ;; # Failed to start
		esac
		;;
	  *)
	  	# Failed to stop
		log_end_msg 1
		;;
	esac
	;;
  *)
	echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
	exit 3
	;;
esac

:


PCSC as a service

Now you can register PCSC as a service.

cd /etc/init.d
chmod 755 pcscd
update-rc.d pcscd defaults

CCID

CCID is a mandatory dependency of PCSC.


Install

unzip ccid-latest.zip
tar xjvf ccid-1.4.18.tar.bz2 
cd ccid-1.4.18/
chmod +x configure
./configure
make
sudo make install


Setup verification

Now you can try to start the PCSC daemon manually:

sudo pcscd -v
  • pcsc-lite version 1.8.13
  • usbdropdir=/usr/lib/pcsc/drivers


HID driver (step 2)

cd ifdokccid_linux_x86_64-v4.0.5.5/
sudo ./install

This time everything should be OK! :)


PCSC_SCAN

PCSC_SCAN is small scan utility, very useful to check your configuration / reader status / cards properties...

tar xzvf pcsc-tools-1.4.23.tar.gz
make
sudo make install


-- At this point you must REBOOT your computer for the changes to apply on the whole system. --


Test your setup

Proceed to the following tests to ensure your environment is OK.

# Start the PCSC daemon manually
sudo pcscd -fd

# Run the test
pcsc_scan


Sources