Difference between revisions of "Chroot32Luxtrust"

From LiluxWiki
Jump to navigationJump to search
(bcVtDhff)
Line 1: Line 1:
This wiki page describes how to set up a 32 bit chroot'ed environment for running Luxtrust on a 64 bit system.
+
Good to see a tanlet at work. I can't match that.
 
 
== Setting up the host system ==
 
 
 
Install the needed packages:
 
 
 
<code>
 
apt-get install pcscd
 
apt-get install schroot
 
useradd -s /bin/bash -m user32
 
</code>
 
 
 
Edit /etc/schroot/schroot.conf , adding the following paragraph:
 
<code>
 
[lucid32]
 
description=32 bit Lucid
 
location=/chroot32/
 
priority=3
 
users=user32
 
aliases=32
 
persona=linux32
 
</code>
 
 
 
== Setting up /etc/fstab ==
 
 
 
Add the following to your <code>/etc/fstab</code>:
 
<code>
 
/home  /chroot32/home      none    bind    0      0
 
/tmp    /chroot32/tmp      none    bind    0      0
 
/proc  /chroot32/proc      none    bind    0      0
 
/var/run/pcscd  /chroot32/var/run/pcscd    none    user,noauto,bind      0      0
 
</code>
 
 
 
== Setting up the 32 bit environment ==
 
 
 
You need approximatively 856 Megs free on your root partition for this.
 
 
 
<code>
 
mkdir /chroot32
 
debootstrap --arch i386 lucid /chroot32/ http://archive.ubuntu.com/ubuntu
 
egrep '^user32:' /etc/passwd >>/chroot32/etc/passwd
 
egrep '^user32:' /etc/shadow >>/chroot32/etc/shadow
 
mount -a
 
schroot -pc 32
 
for i in universe multiverse ; do
 
  echo deb http://archive.ubuntu.com/ubuntu lucid $i >>/etc/apt/sources.list
 
done
 
apt-get update
 
apt-get install firefox openjdk-6-jdk icedtea6-plugin libpcsclite1 wget
 
wget https://www.luxtrust.lu/cmsContent/File/middleware/libgemsafe0_5.1.0-02_i386_v2.deb
 
dpkg -i libgemsafe0_5.1.0-02_i386_v2.deb
 
mkdir /var/run/pcscd
 
</code>
 
 
 
If there is sufficient demand, we may set up a downloadable image of the resulting 32 bit system (for use on a non-Debian environment).
 
 
 
== Script to clean up Gemalto's IPC resources ==
 
 
 
Often, when there is some problem (signing stick not found, pcscd not running, ...), the Gemalto software does not properly clean up its IPC (InterProcess communication) resources, and these then get into the way of a further attempt.
 
 
 
The following script may help here. Theoretically this could even be useful on a 32 bit system.
 
Just put it into <code>/usr/local/bin/resetLuxtrust.sh</code> and make it executable.
 
 
 
<code>
 
#!/bin/sh
 
 
for i in 0x114d7529 0x35333724 \
 
    0x51207419 0x47383622 0x62354216 0x5f54286b ; do
 
    ipcrm -S $i
 
done >/dev/null 2>/dev/null
 
 
for i in 0x686a5061 0x0b2a4900 0x09174017  ; do ipcrm -M $i ; done  >/dev/null 2>/dev/null
 
for i in 0x7b6c2d35 0x1447313d 0x0b242706  ; do ipcrm -M $i ; done  >/dev/null 2>/dev/null
 
</code>
 
 
 
== Running firefox in 32 bits ==
 
 
 
* Log in a user32 (using <code>ssh -X user32@localhost</code>)
 
* <code>mount /chroot32/var/run/pcscd</code> (Mounting this cannot be done automatically at boot, because the <code>/var/run/pcscd</code> directory is not yet available when boot-time fstab processing happens)
 
* <code>/usr/local/bin/resetLuxtrust.sh</code>
 
* Start firefox in the chroot:  <code>schroot -pc 32 firefox</code>
 
* Connect to your bank, authorize the java-applet the access
 
* java.lang.ArrayIndexOutOfBoundsException can safely be ignored
 

Revision as of 07:12, 17 December 2011

Good to see a tanlet at work. I can't match that.