Arch Linux User Repository

it's not possible to update to 3.8 yet becuase:

• It uses a new version of libcrypto.so.3, provided by openssl-3
• openssl-3 is being built with a different C++ ABI from the binary of tokenadmin built for Ubuntu 22.04

So, in essence, we can't just depend on openssl-3 from AUR, since it will be built with a different ABI and tokenadmin's binary will not work with that lib.

I'll revert the out of date flag.

Hi guys, just trying to get this PJe to install on a Manjaro live-session as a trial run.

So far I've tried to install the safesignidentityclient directly through Pamac and got a bunch of errors regarding openssl098, so I went to google and found out this "guide" from @loliveira but even when I replicate his steps, I got the package to install but when I open the tokenadmin, these messages appears on the terminal and the app crashes a few seconds after: "tokenadmin: /usr/lib/libcrypto.so.0.9.8: no version information available (required by tokenadmin) 10:55:57 PM: Deleted stale lock file '/tmp/{B58139E8-7087-C745-ACBE-5EE8B60C3D32} - manjaro'.

Aborted (core dumped)"

I have these files on the path: /usr/lib/libcrypto.so -> libcrypto.so.1.1 /usr/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so.1.0.0 /usr/lib/libcrypto.so.1.1

Tried running it with sudo and got a new error right before the crash: "terminate called after throwing an instance of 'unsigned long' Aborted"

Can you guys help me figure this one out? Trying to get another user away from Windows!!! :D

Thanks in advance.

--EDIT: Nevermind, guys. Got it to work by installing the drivers for the token first (the package "ccid-morpho" from AUR). Now everything works flawlessly, as expected coming from Linux ;)

@loliveira

Oh, I'm glad it worked! This method of linking to specific versions of libraries is a little problematic on Arch, with rolling release just moving dependencies underneath and we only learn it when the software blows on our faces. That's why I've provided gdbm183 also, so it wouldn't update the underlining library.

Anyway, I'm very happy to help.

Just managed to get it to work!!!

Here is what I did:

sudo yaourt -R safesignidentityclient openssl098 # Removed both safesign and openssl098 package

sudo rm -rf /usr/lib/libssl.so.0.9.8 # This was left even after removing openssl098, so I removed it manually

I cloned the repository for openssl098: https://aur.archlinux.org/openssl098.git/

makepkg # built it locally

sudo pacman -U openssl098-0.9.8.zh-2-x86_64.pkg.tar.xz # installed it

sudo rm -rf /usr/lib/libaet* # remove anything related to libaet

sudo yaourt -Sy safesignidentityclient # installed safesignidentityclient again

tokenadmin # started tokenadmin and installed the firefox integration through it

Launched firefox, and for my surprise, it worked! Now, I have no idea why that fixed my problem to be honest, if you look close enough you will see I didn't do anything that wouldn't have happened with a simple yaourt -Sy safesignidentityclient openssl098, but something certainly got messed up with my shared objects, so hopefully this info here will help someone one day.

I thought I was the only Brazilian trying to pull this off on Arch, only to find you had done all the hard work and shared it, thanks a lot @denisfalqueto!

@loliveira

Hi. You should never symlink for different versions of libraries. If some library or program links to an specific version of another, there's a reason for that and if you symlink to a different version, all hell will break lose. So, don't do that.

According to your ldd output, your version of libaetpkss.so.3 is wrongly linked to libgdbm.so.2. That should be libgdbm.so.3, which is provided by gdbm183. As libaetpkss.so.3 is a binary provided by AET Software (through some hardware vendor), I believe that you should uninstall and reinstall SafeSign again. Make sure that the original source is the same as the source url in this page.

hi @denisfalqueto!

Same thing over here as you can see (I updated the gist): https://gist.github.com/devlucas/79c9e4639a370b51ddef6f00c750d0bb

I don't have the libgdbm.so.2 missing error anymore, as I have fixed it with a symlink to libgdbm.so.3.0.0.

Do you have firefox integrated with libaetpkss (by clicking on tokenadmin's "Integration > Install SafeSign in Firefox")? When I click that, it says the integration has been successfully installed, but when I trigger firefox from my terminal I get:

$ firefox

/usr/lib/firefox/firefox: symbol lookup error: /usr/lib/libaetpkss.so.3.0: undefined symbol: EVP_md2

I am fighting this one now by trying to compile openssl098 with enable-md2, not sure if this will fix the issue though..

@loliveira

I also have a warning for libopenssl, I think that's normal. But I don't have any messages about missing libgdbm.so.2. ldd tokenadmin gave the same results as yours. Could you provide the output for ldd /usr/lib/libaetpkss.so? This is the library that links to libgdbm and here in my box is links to libgdbm.so.3.

Turns out the issue was this:

libgdbm.so.2: cannot open shared object file: No such file or directory

I looked up what .so files I had for libgdbm and I found this:

$ find /usr/lib -type f -name "libgdbm*" | awk '!/compat/'

/usr/lib/libgdbm.so.5.0.0

/usr/lib/libgdbm.so.3.0.0

So I created a symlink for the closest version:

$ sudo ln -s /usr/lib/libgdbm.so.3.0.0 /usr/lib/libgdbm.so.2

Now I am able to run tokenadmin although it crashes as soon as I try to do basically anything, screaming about undefined symbols on libaetpkss.so.3.0 like this:

tokenadmin: symbol lookup error: /usr/lib/libaetpkss.so.3.0: undefined symbol: dbm_open

I believe this has to do with the first error that shows up on my terminal when I run tokenadmin (although it doesn't blow up right there):

tokenadmin: /usr/lib/libcrypto.so.0.9.8: no version information available (required by tokenadmin)

I am able to install the firefox integration though, but when I do it crashes firefox like this:

$ firefox

/usr/lib/firefox/firefox: symbol lookup error: /usr/lib/libaetpkss.so.3.0: undefined symbol: EVP_md2

Digging deeper on google I found this: http://openssl.6102.n7.nabble.com/EVP-md2-error-td24359.html

So tomorrow I am gonna try to recompile openssl098 with enable-md2 and see how it goes, I wonder if anyone is facing these issues as well, but anyway I will keep posting here for the sake of information.

Hi folks!

First, thank you for the amazing effort you have put onto this :)

I got this package installed this week, but when I try to open tokenadmin, I am facing a few issues, some I think are fine, but there is one in particular that prevents me from using the program:

~ » tokenadmin

tokenadmin: /usr/lib/libcrypto.so.0.9.8: no version information available (required by tokenadmin)

01:12:24 AM: Deleted stale lock file '/tmp/{B58139E8-7087-C745ACBE-5EE8B60C3D32} - lucas'.

libgdbm.so.2: cannot open shared object file: No such file or directory

The above shows up on my terminal but doesn't prevent the program from starting up, the thing is that when it starts, I get a GUI titled "Fatal Error" with the following message: "Unable to load libaetpkss.so.3.0"

This is the relevant info I can get about libaetpkss.so.3.0:

~ » ll /usr/lib/libaetpkss.so.3.0

lrwxrwxrwx 1 root root 22 Apr 19 00:55 /usr/lib/libaetpkss.so.3.0 -> libaetpkss.so.3.0.3930

~ » pacman -Qo /usr/lib/libaetpkss.so.3.0 /usr/lib/libaetpkss.so.3.0 is owned by safesignidentityclient 3.0.101-5

You can see the output of "ldd /usr/bin/tokenadmin" on my machine here: https://gist.github.com/devlucas/79c9e4639a370b51ddef6f00c750d0bb

Any chance someone can help me figure out what's going on?

Thanks a lot in advance!

Changelog for 3.0.101-5:

• Remove use of deb2targz
• Make ccid obligatory dependency

Thanks @la-mj for pointing that out.

@la-mj

"fetching binary packages from github makes me sad => who knows how they were REALLY obtained"

This is certainly a valid point, but on the other hand, our providers also don't have a source from where they get it. For example, "Valid AC" can get a version of Safesign different from "Caixa AC". So, that's a moot point.

"deb2targz is a builddep => please add it"

Point taken, I'll change it.

"using wxgtk3 is no good => confirmed"

Also had confirmed it before.

"ccid is not optional for this unit"

Thanks. I'll fix it.

"Warning: Mismatch between the program and library build versions detected. The library used 2.8 (no debug,Unicode,compiler with C++ ABI 1011,wx containers,compatible with 2.6), and your program used 2.8 (no debug,Unicode,compiler with C++ ABI 1002,wx containers,compatible with 2.6)."

This mean your version of wxgtk was built with a different version of toolchain than the one used to build Safesign. That could be fixed by rebuilding wxgtk2.8 with the right options.

"locally available win-only version is 3.0.124 => vendor & provider are grade A holes"

That's true. Unfortunately, we're on their hands for Linux support, which is always an afterthought.

"seems to work kinda..."

Yeah, unfortunately also not under our control.

"firefox picks it up but I am getting SSL_ERROR_UNKNOWN_CA_ALERT on a site that should recognize it"

That problem is related to missing intermediary CA certs known to Firefox. That's nothing Safesign can do about it.

"too bad nothing free handles pdf signing"

Also not related to Safesign.

Thanks for commenting. I'll try to fix what I can as soon as possible.