Package Base Details: sac-core

Git Clone URL: https://aur.archlinux.org/sac-core.git (read-only, click to copy)
Keywords: etoken sac safenet
Submitter: s3rj1k
Maintainer: grawity
Last Packager: grawity
Votes: 10
Popularity: 0.37
First Submitted: 2015-08-10 09:03 (UTC)
Last Updated: 2023-08-23 18:07 (UTC)

Latest Comments

1 2 3 4 5 6 7 Next › Last »

grawity commented on 2023-10-23 19:07 (UTC)

Try again with hkps://.

GnuPG internally remaps keys.gnupg.net to keyserver.ubuntu.com (which should usually be a reliable server), so try directly using hkps://keyserver.ubuntu.com or visiting https://keyserver.ubuntu.com.

benibilme commented on 2023-10-23 12:34 (UTC) (edited on 2023-10-23 12:35 (UTC) by benibilme)

Hello,

I am not familiar with internals of arch linux package installations and keys, I am receiving following error while trying to install sac-core with yay.

yay -S sac-core
:: Checking for conflicts...
:: Checking for inner conflicts...
[Repo:1]  ccid-1.5.2-1
[Aur:1]  sac-core-10.8.1050-1

:: PKGBUILD up to date, Skipping (1/0): sac-core
:: (1/1) Parsing SRCINFO: sac-core

:: PGP keys need importing:
 -> B37EBA84D2EB0C786F91EEF77F8AA801285DEE57, required by: sac-core
:: Import? [Y/n] Y
:: Importing keys with gpg...
gpg: keyserver receive failed: Server indicated a failure
 -> problem importing keys

I tried

gpg --verbose --keyserver hkp://keys.gnupg.net --recv B37EBA84D2EB0C786F91EEF77F8AA801285DEE57
gpg: enabled compatibility flags:
gpg: keyserver receive failed: Server indicated a failure

ihavetried commented on 2023-10-12 14:54 (UTC)

Yes, that was the problem and now it works! Thank you very much.

grawity commented on 2023-10-12 14:40 (UTC) (edited on 2023-10-12 14:47 (UTC) by grawity)

You need access to the pcscd service that talks to card readers. Recent builds of the pcsclite package enable polkit authorization and the default settings have a "local session" requirement – a lot like many other GUI features like mounting external disks (since USB smartcard access is a lot like USB stick access after all).

So if you're working in X11 try following the general instructions for getting polkit working per archwiki (loginctl session check, polkit agent running).

If you're working remotely via SSH or some other reason, create a custom polkit rule that gives you access by traditional group membership (or just make it free-for-all if you want):

# cat 90-local-pcsc.rules
/* 2023-03-09 grawity: Allow SSH clients to access eToken, as pcscd now uses
 * polkit authorization. (Use the same "pkcs11" group that OpenCryptoki uses.) 
 */
polkit.addRule(function(action, subject) {            
    if (action.id == "org.debian.pcsc-lite.access_pcsc" ||
        action.id == "org.debian.pcsc-lite.access_card")
    {
        if (subject.isInGroup("pkcs11")) {
            return polkit.Result.YES;
        }
    }
});

ihavetried commented on 2023-10-12 14:22 (UTC)

Hi! I have installed correctly sac-core and p11tool in my system but I can only use it as a root user - I mean getting certificate URLs via p11tool or loading keys to ssh-agent via provider library (libeToken.so). What can I do to use it also as a normal user without root permissions?

eledisez commented on 2023-01-02 13:43 (UTC) (edited on 2023-01-02 13:47 (UTC) by eledisez)

A new version is out (10.8.1050). This version fixes my issues with SafeNet eToken 5100.

I've made a patch, and there is the link to download the Thales package.

From e254d36236a814f8d64fbc12977ef700212694ee Mon Sep 17 00:00:00 2001
From: Erwan LE DISEZ <arch@groond.net>
Date: Mon, 2 Jan 2023 14:36:03 +0100
Subject: [PATCH] release 10.8.105 R1

---
 PKGBUILD | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/PKGBUILD b/PKGBUILD
index 90e4a54..62860ee 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,30 +1,30 @@
 pkgbase=sac-core
 pkgname=(sac-core sac-gui)
-pkgver=10.8.28
-pkgrel=5
+pkgver=10.8.1050
+pkgrel=1
 pkgdesc='Thales/Gemalto SafeNet Authentication Client for eToken 5110/5300 & IDPrime'
 url='https://cpl.thalesgroup.com/access-management/security-applications/authentication-client-token-management'
 arch=(x86_64)
 depends=(ccid pcsclite)
 optdepends=('sac-core-legacy: Support for eToken 32K/64K (CardOS 4.2)')
 license=(custom)
-source=('https://installer.id.ee/media/etoken/Linux_SAC%2010.8.28%20GA%20Build.zip'
+source=('https://www.dropbox.com/s/q66bhnjoq0xzuas/SAC_Linux_10.8.105_R1_GA.zip?dl=0'
         eToken.conf
         safenetauthenticationclient.service)
-sha256sums=('6e1f9307b6460cc87d1b895c3edbfb99cd1778686609f30caab96ab7218821a0'
+sha256sums=('18ecac33e8a1ddb894c23423074592ffd77a272a7255b519d20992662a5c699e'
             '85b850b820610e029428e577ca0e48f6fb7b4148ae8d702ca20b191963046c6c'
             'eb8b4e105d8b75f11e4b83ca6c4a605f781f50cc0f0405a5d1deccb5580fd055')
 #validpgpkeys=('B37EBA84D2EB0C786F91EEF77F8AA801285DEE57')

-_dir="SAC 10.8.28 GA Build"
-_rn_pdf="007-013841-003-SafeNet Authentication Client_ 10.8_Linux_GA_Release Notes_Rev A.pdf"
-_ag_pdf="007-013842-002_SafeNet Authentication Client_10.8_Linux_GA_Administrator_Guide_Rev A.pdf"
-_ug_pdf="007-013843-002_SafeNet Authentication Client_10.8_Linux_GA_User_Guide_Rev A.pdf"
+_dir="SAC Linux 10.8.1050 R1 GA"
+_rn_pdf="007-013841-004-SafeNet Authentication Client_10.8_R1_Linux_GA_Release_Notes.pdf"
+_ag_pdf="007-013842-002_SafeNet Authentication Client_10.8_R1_Linux_GA_Administrator_Guide_Rev C.pdf"
+_ug_pdf="007-013843-002_SafeNet Authentication Client_10.8_R1_Linux_GA_User_Guide_Rev C.pdf"

 prepare() {
   #ar x "$_dir/Installation/withoutUI/Ubuntu-2004/safenetauthenticationclient-core_${pkgver}_amd64.deb"
-  ar x "$_dir/Installation/Standard/Ubuntu-2004/safenetauthenticationclient_${pkgver}_amd64.deb"
-  bsdtar -xf data.tar.xz
+  ar x "$_dir/Installation/Standard/Ubuntu-2204/safenetauthenticationclient_${pkgver}_amd64.deb"
+  bsdtar -xf data.tar.gz
 }

 _pick() {
-- 
2.39.0

grawity commented on 2022-12-17 13:54 (UTC)

@pirofti: Well, after seeing some updates to pcscd, I just realized that the reason AKS ifdh is no longer bundled with SAC is because all remaining supported USB tokens can be handled by the standard ccid driver. So try that instead of sac-core-legacy.

grawity commented on 2022-12-04 20:01 (UTC)

Yes, pcscd needs to be restarted to reload its IFD drivers. I'm really not sure why they are not included with SAC 10.8 even though it's supposed to support the 5110.

Once pcscd sees the device, either the 10.8 or legacy 10.0 PKCS#11 modules should work identically, even without the SACSrv daemon (I think that's only used by the GUI components).