Chroot32Luxtrust

From LiluxWiki
Jump to navigationJump to search

This wiki page describes how to set up a 32 bit chroot'ed environment for running Luxtrust on a 64 bit system.

Setting up the host system

Install the needed packages: 

apt-get install pcscd
apt-get install schroot
useradd -s /bin/bash -m user32

Edit /etc/schroot/schroot.conf , adding the following paragraph: 

[lucid32]
description=32 bit Lucid
location=/chroot32/
priority=3
users=user32
aliases=32
persona=linux32

Setting up /etc/fstab

Add the following to your /etc/fstab: 

/home   /chroot32/home      none    bind    0       0
/tmp    /chroot32/tmp       none    bind    0       0
/proc   /chroot32/proc      none    bind    0       0
/var/run/pcscd  /chroot32/var/run/pcscd     none    user,noauto,bind       0       0

Setting up the 32 bit environment

You need approximatively 856 Megs free on your root partition for this. 

mkdir /chroot32
debootstrap --arch i386 lucid /chroot32/ http://archive.ubuntu.com/ubuntu
egrep '^user32:' /etc/passwd >>/chroot32/etc/passwd
egrep '^user32:' /etc/shadow >>/chroot32/etc/shadow
mount -a
schroot -pc 32
for i in universe multiverse ; do
  echo deb http://archive.ubuntu.com/ubuntu lucid $i >>/etc/apt/sources.list
done
apt-get update
apt-get install firefox openjdk-6-jdk icedtea6-plugin libpcsclite1 wget
wget https://www.luxtrust.lu/cmsContent/File/middleware/libgemsafe0_5.1.0-02_i386_v2.deb
dpkg -i libgemsafe0_5.1.0-02_i386_v2.deb
mkdir /var/run/pcscd

If there is sufficient demand, we may set up a downloadable image of the resulting 32 bit system (for use on a non-Debian environment).

Script to clean up Gemalto's IPC resources

Often, when there is some problem (signing stick not found, pcscd not running, ...), the Gemalto software does not properly clean up its IPC (InterProcess communication) resources, and these then get into the way of a further attempt.

The following script may help here. Theoretically this could even be useful on a 32 bit system. Just put it into /usr/local/bin/resetLuxtrust.sh and make it executable. 

#!/bin/sh

for i in 0x114d7529 0x35333724 \
   0x51207419 0x47383622 0x62354216 0x5f54286b ; do
   ipcrm -S $i
done >/dev/null 2>/dev/null

for i in 0x686a5061 0x0b2a4900 0x09174017  ; do ipcrm -M $i ; done  >/dev/null 2>/dev/null
for i in 0x7b6c2d35 0x1447313d 0x0b242706  ; do ipcrm -M $i ; done  >/dev/null 2>/dev/null

Running firefox in 32 bits

  • Log in a user32 (using ssh -X user32@localhost)
  • mount /chroot32/var/run/pcscd (Mounting this cannot be done automatically at boot, because the /var/run/pcscd directory is not yet available when boot-time fstab processing happens)
  • /usr/local/bin/resetLuxtrust.sh
  • Start firefox in the chroot: schroot -pc 32 firefox
  • Connect to your bank, authorize the java-applet the access
  • java.lang.ArrayIndexOutOfBoundsException can safely be ignored
Retrieved from "https://www.lilux.lu//mediawiki/?title=Chroot32Luxtrust&oldid=938"