Package Details: aksusbd 7.40-2

Git Clone URL: https://aur.archlinux.org/aksusbd.git (read-only)
Package Base: aksusbd
Description: SafeNet Sentinel LDK AKSUSB daemon supporting Sentinel HASP, HASP HL, HASP4 and Hardlock keys.
Upstream URL: https://safenet.gemalto.com/
Keywords: hardlock hasp safenet sentinel
Licenses: custom
Conflicts: ehaspd
Submitter: andre
Maintainer: ido
Last Packager: ido
Votes: 2
Popularity: 0.003385
First Submitted: 2013-06-11 15:07
Last Updated: 2016-08-15 13:56

Dependencies (1)

Required by (0)

Sources (7)

Latest Comments

xwhatsit commented on 2016-08-14 22:15

@ido:

Thanks for that. Although it looks like you've copied the old (v7.32) sha256sum for the "Sentinel_LDK_RedHat_and_SuSE_RPM_Run-time_Installer.tar.gz" file.

The JoinsNamespaceOf might be good enough for the /tmp issue alone, leaving the network thing for the moment? I'll give it a go when I get some time.

In a few use cases PrivateNetwork may be impossible anyway; with network HASPs and the special developer HASP key (which allows compiling new HASP libs and doing the envelope-protection stuff), multiple hasplmds on multiple machines need to communicate with each other over the local network.

I'd be happy to help out where I can. However (I'm hoping) in the near future the software we develop will be able to stop using these damned things entirely :)

ido commented on 2016-08-12 03:52

@xwhatsit:

Thank you for catching that. I tried adding a JoinsNamespaceOf=aksusbd.service directive to the [Unit] section of winehasp.service and hasplmd.service - that solved the detection problem (so the HASP device shows up), but required me to "sudo nsenter -t `pgrep aksusbd` -n -m" (i.e. join the aksusbd process's network and mount namespaces) to use the web admin and to use the LM API's socket in /tmp/.aksusb for communicating with the hardware...which seems like too much of a hassle just for using X-Plane. :-)

For now I've removed PrivateTmp and PrivateNetwork. Update and it should be fixed.

When I have time to, I would like to move these binaries to run as a non-root user, at a minimum, and make the /tmp/.aksusb socket accessible to console users only.

BTW, are you interested in co-maintaining this package?

xwhatsit commented on 2016-08-12 01:48

@ido:

The latest package (7.40-1) doesn't seem to work properly with a HASP HL USB key. My software could not access the license manager. I couldn't access the web config GUI through http://localhost:1947 either (which hasplmd also serves up). Through some experimentation I found commenting out "PrivateNetwork" in hasplmd.service allowed me to access the web service.

I'm a bit puzzled about this because the systemd docs I read seem to say the loopback device isn't affected, but there you go.

I then discovered that the local HASP HL key that was plugged into the system wasn't listed; commenting out "PrivateTmp" in both hasplmd.service *and* aksusbd.service fixed this. This seems to be because a Unix domain socket /tmp/.aksusb is used for communication between aksusbd and hasplmd, perhaps?

It's a shame if we can't have these nice features turned on to try and beef up some security against some binaries that we have no source for. It would seem we can't do without having PrivateTmp disabled, but not sure about PrivateNetwork. This coincided with an upgrade to kernel 4.7.0, but not sure if related.

ido commented on 2016-08-07 03:47

I just rewrote the PKGBUILD, updated to 7.40, fixed the post-install message, and got rid of the PHYSDEVBUS udev errors by removing the redundant legacy udev rules.

If you use this package, please comment here confirming that it works for you and remember to vote for the package!

RazZziel commented on 2016-05-05 10:14

Post-install message says:

systemctrl enable aksusbd
systemctrl start aksusbd

The correct command is `systemctl` instead of `systemctrl`

NoSuck commented on 2015-12-21 20:34

It works, and it lets me work. Thank you.

kale-ru commented on 2015-05-16 17:29

package adopted and updated

andre commented on 2014-08-02 14:06

I really don't care about this package anymore, feel free to adopt

ido commented on 2014-08-02 02:42

I'm trying to use this package with X-Plane (flight simulator) and a hardware license token. There are a number of critical bugs with this package. The first of which is:

- There have been several new versions released. Please update the LDK.

- The .service file is installed into /etc/systemd/system, this is the wrong place. It should be in /usr/lib/systemd/system/.

- The udev rules file (80-hasp.rules) should be installed in /usr/lib/udev/rules.d not /etc/udev/rules.d.

- The .service file has incompatible Type=oneshot and Restart=on-abort.

- The .service file starts 3 daemons, it should be split into 3 .service files that depend on eachother (e.g. using Wants=).

- The .service file kills the daemons via killall, this is not ideal, but permissible in a pinch. These programs seem to be keep several sockets open, maybe there is a control program in the RPM that can be used to kill it? How does the init script in the LDK RPM do it?

Since you haven't updated

cdx commented on 2014-03-16 04:38

aksusbd.service doesn't start by systemd.

This listing for 'aksusbd.service' works for me:

----------------------------------------
[Unit]
Description=AKSUSB Daemon

[Service]
Type=simple
RemainAfterExit=yes
ExecStart=/usr/sbin/aksusbd;/usr/sbin/winehasp;/usr/sbin/hasplmd -s
ExecStop=/usr/bin/killall aksusbd;/usr/bin/killall winehasp;usr/bin/killall hasplmd
Restart=on-abort

[Install]
WantedBy=multi-user.target
----------------------------------------