Package Details: eidklient-native 5.3-4

Git Clone URL: https://aur.archlinux.org/eidklient-native.git (read-only, click to copy)
Package Base: eidklient-native
Description: Slovak eID Client - uses system-provided libraries, supports Wayland, …
Upstream URL: https://www.slovensko.sk/
Keywords: eac_mw_klient
Licenses: LicenseRef-custom
Conflicts: eidklient
Provides: eidklient
Submitter: the-k
Maintainer: the-k
Last Packager: the-k
Votes: 6
Popularity: 0.75
First Submitted: 2023-07-04 11:22 (UTC)
Last Updated: 2026-02-18 01:03 (UTC)

Pinned Comments

the-k commented on 2026-03-10 19:05 (UTC)

@juraj, I'm unaware of that problem, but I recommend you ditching the whole D.* suite, which is a complete trash, and use https://sluzby.slovensko.digital/autogram-v-mobile/ instead.

Latest Comments

1 2 Next › Last »

the-k commented on 2026-04-01 08:08 (UTC) (edited on 2026-04-01 13:30 (UTC) by the-k)

@gofree, @juraj, could you try uncommenting https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=eidklient-native&id=22b0133aabdc38a5d359176ca96543e1d5ff9d2a#n128 (line 128), rebuilding the package and trying again?

gofree commented on 2026-04-01 07:58 (UTC)

I also can login to slovensko.sk but cant sign messages with eid - fails with 

java.security.KeyStoreException: Could not create KeyStore
    at sk.ditec.commons.crypto.manager.Pkcs11CryptoProvider$KeyStoreBuilder.getKeyStore(Pkcs11CryptoProvider.java:200)
    at sk.ditec.commons.crypto.fx.CertificateSelectionDialog.lambda$reloadCertificates$12(CertificateSelectionDialog.java:518)
    at sk.ditec.commons.core.javafx.FxAsyncUtils$2.call(FxAsyncUtils.java:366)
    at javafx.graphics/javafx.concurrent.Task$TaskCallable.call(Unknown Source)
    at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: javax.security.auth.login.LoginException: Token returned error
    at sk.ditec.commons.crypto.jca.pkcs11.internal.Pkcs11KeyStore.engineLoad(Pkcs11KeyStore.java:191)
    at java.base/java.security.KeyStore.load(Unknown Source)
    at sk.ditec.commons.crypto.manager.Pkcs11CryptoProvider$KeyStoreBuilder.getKeyStore(Pkcs11CryptoProvider.java:196)
    ... 7 more
Caused by: javax.security.auth.login.LoginException: Token returned error
    at sk.ditec.commons.crypto.jca.pkcs11.internal.Pkcs11Token.login(Pkcs11Token.java:459)
    at sk.ditec.commons.crypto.jca.pkcs11.internal.Pkcs11KeyStore.engineLoad(Pkcs11KeyStore.java:120)
    ... 9 more
Caused by: sk.ditec.commons.crypto.jca.exceptions.OperationCancelled
    at sk.ditec.commons.crypto.jca.pkcs11.internal.Pkcs11Utils.handlePKCS11Exception(Pkcs11Utils.java:76)
    at sk.ditec.commons.crypto.jca.pkcs11.internal.Pkcs11Token.login(Pkcs11Token.java:460)
    ... 10 more
Caused by: iaik.pkcs.pkcs11.wrapper.PKCS11Exception: CKR_FUNCTION_CANCELED
    at iaik.pkcs.pkcs11.wrapper.PKCS11Implementation.C_Login(Native Method)
    at sk.ditec.commons.crypto.jca.pkcs11.internal.Pkcs11Session.login(Pkcs11Session.java:116)
    at sk.ditec.commons.crypto.jca.pkcs11.internal.Pkcs11Token.login(Pkcs11Token.java:422)

the-k commented on 2026-03-12 15:33 (UTC) (edited on 2026-03-12 21:30 (UTC) by the-k)

I was investigating why the app doesn't work with https://aur.archlinux.org/packages/botan2. Turns out, it's due to https://github.com/randombit/botan/commit/d003b04f9ff0b2dd71cf8564ba45c164f8e5046c, which not only fixes a side channel vulnerability, it also makes the function reject malformed messages - the ones not starting with a leading zero. So, it'll have to be fixed in the app.

juraj commented on 2026-03-10 19:25 (UTC)

@the-k I will try that, thanks.

I also added some investigation findings and it really seems that DSigner is using wrong keyboard file and cannot be configured otherwise.

the-k commented on 2026-03-10 19:05 (UTC)

@juraj, I'm unaware of that problem, but I recommend you ditching the whole D.* suite, which is a complete trash, and use https://sluzby.slovensko.digital/autogram-v-mobile/ instead.

juraj commented on 2026-03-10 17:48 (UTC) (edited on 2026-03-10 19:23 (UTC) by juraj)

Lately I experience a problem while signing (login to slovensko.sk works fine). Maybe a month or two ago signing worked.

Here is a PasteBin with the DSigner error + VirtualKeyboard crash stack trace: https://pastebin.com/a0nUvJLh

Is anyone else experiencing similar problems?

EDIT: I did a little research and it seems that DSigner invokes /opt/eidklient/VitualKeyboard - which is a bin file.

When I tried to make a wrapper similar to eidklient around it (injecting LD_LIBRARY_PATH=/opt/eidklient/lib/patched:/usr/lib), it started working. However, eid client file signature check then fails. So it's not a permanent solution.

DSigner must be somehow forced to use the /usr/lib/eID_klient/VirtualKeyboard or otherwise inject LD_LIBRARY_PATH.

the-k commented on 2026-02-03 10:30 (UTC)

I've started working on version 5.3 upgrade, but I'm currently stuck on https://gitlab.archlinux.org/archlinux/packaging/packages/qt6-base/-/issues/21.

the-k commented on 2024-07-04 10:37 (UTC) (edited on 2024-07-08 08:19 (UTC) by the-k)

@tukusejssirs It's not the app that doesn't support Wayland, it's the bundled Qt. In order to support Wayland, system Qt has to be used. The executables have runpath set to $ORIGIN/lib, which causes the executables to search for the libraries in lib subdirectory. By setting LD_LIBRARY_PATH=/usr/lib, we instruct the executables to use system libraries instead, if available. If a library isn't available in /usr/lib, then it falls back to lib subdirectory. So, no further LD_LIBRARY_PATH modification is required. I've been using the app in Wayland-only environment with QT_QPA_PLATFORM=wayland just fine. Make sure to follow https://wiki.archlinux.org/title/Wayland#Qt.

/usr/lib/eID_klient is necessary because that's where D.Launcher looks for VirtualKeyboard and the shared objects.

tukusejssirs commented on 2024-07-03 22:04 (UTC) (edited on 2024-07-03 22:07 (UTC) by tukusejssirs)

@the-k, unless you know of a reason to keep it as it is, I think we could remove the following code if we update the wrapper script and set LD_LIBRARY_PATH to include `${pkgdir}/opt/eidklient/lib'.

Therefore, this can be safely removed:

    # Symlink executable
    # It seems this is unnecessary (however it's done like this in the upstream package)
    #ln -s /usr/bin/eID_Client "${pkgdir}/usr/bin/VirtualKeyboard"

    install -dm755 "${pkgdir}/usr/lib/eID_klient"
    ln -s /usr/bin/eID_Client "${pkgdir}/usr/lib/eID_klient/VirtualKeyboard"

    for lib in "${srcdir}"/squashfs-root/lib/lib{CardAPI,botan,pkcs11_,crypto,ssl}*; do
        ln -s "/opt/${_pkgname}/lib/${lib##*/}" "${pkgdir}/usr/lib/eID_klient/"
    done

The following is the wrapper script I use. Note that I have added QT_QPA_PLATFORM='xcb', because the app does not support QT_QPA_PLATFORM='wayland' (my default). I have no idea if it could cause others issues, however, I cannot run the app without it (not sure if it is caused by Wayland or NVIDIA). Maybe someone knows how to check if QT_QPA_PLATFORM='xcb' is required or not.

# Custom wrapper script
cat << EOF > "${pkgdir}/opt/bin/eidklient"
#!/bin/bash

export LD_LIBRARY_PATH='/usr/lib:${pkgdir}/opt/eidklient/lib'
export QT_QPA_PLATFORM_PLUGIN_PATH='/usr/lib/qt/plugins'

QT_QPA_PLATFORM='xcb' ${pkgdir}/opt/eidklient/eID_Client "\$@"
EOF

chmod a+x "${pkgdir}/opt/bin/eidklient"

Thanks for maintaining the package!

MarosK commented on 2024-04-30 19:34 (UTC)

Working fine, thank you

1 2 Next › Last »