Created attachment 217839 [details]
Updated ebuild including support for new upstream patches

Created attachment 217841 [details, diff]
Thread safety fix for correctly interfacing with external apps requiring thread safety

Created attachment 217843 [details, diff]
Misc bugfixes from upstream against coolkey-1.1.0

Created attachment 217845 [details, diff]
Fixes for Safenet 330J and Gemalto 64K cards

As a polite request, could I ask that someone either merge these patches or give an ETA of when this will be done? These fixes are very old (1+ years), to the point where the source URL no longer exists, and it's sort of depressing to see this bug linger.

As a clarification, this bug does cause breakage, specifically with pkcs11 functionality in apps which use net-libs/neon (which calls app-crypt/coolkey through dev-libs/pakchois).

My specific application is  subversion client, which uses pkcs11 (smartcard) authentication. I understand this is a rare situation, marked by the number of CCs and responses on this bug. However, it's sort of unfortunate that all the heavy lifting has already been done, and this report appears to have been summarily ignored.

Comment 6 Steve Arnold 2010-09-21 06:05:24 UTC

This is now completely broken with a new CAC, although these patches get part way there (I'll attach the rest to this bug).  Upstream hasn't done an actual release since 2007, so I'd suggest bundling up all the patches and sticking them on the mirrors (along with an ebuild rev bump).  Tested with a new CAC, and it works...

Comment 7 Steve Arnold 2010-09-21 06:07:08 UTC

Created attachment 248249 [details, diff]
Update for new CAC functionality.

Patch 1 of 3 for coolkey CAC update.

Comment 8 Steve Arnold 2010-09-21 06:08:39 UTC

Created attachment 248250 [details]
Complementary patch for new CAC

Patch 2 of 3 (for CAC update).

Comment 9 Steve Arnold 2010-09-21 06:10:30 UTC

Created attachment 248251 [details]
Minor configure update for new CAC

Patch 3 of 3 (CAC update).

Comment 10 Steve Arnold 2010-09-21 06:12:12 UTC

Created attachment 248252 [details]
Updated ebuild with all the patches included.

Tested with new CAC.

Comment 11 Steve Arnold 2010-09-25 04:08:41 UTC

Patches incorporated in latest rev-bump, along with new CAC support and a couple of other fixes.

This revision bump from 1.1.0-r1 to 1.1.0-r2 has caused a regression for me. I use coolkey to authenticate with an ActiveIdentity USB Crypto device. With version 1.1.0-r1 it works perfectly. But after upgrading to 1.1.0-r2, it fails with 

DEBUGpkcs11_listcerts.c:94: no token available 

Not sure exactly what caused the breakage, but it seems it may be related to what TParys said in comment #5: 

"As a clarification, this bug does cause breakage, specifically with pkcs11
functionality in apps which use net-libs/neon (which calls app-crypt/coolkey
through dev-libs/pakchois)." 

At a minimum, this doesn't seem like a simple revision change from -r1 to -r2 as it involves major behavior changes with known breakages.

Just to be clear, based on my comment #12, coolkey-1.1.0-r2 is totally non-functional for accessing an ActiveIdentity device whereas it works perfectly with coolkey-1.1.0-r1. Not sure if this is an upstream regression or if it's due to the many patches attached to this bug.

coolkey-1.1.0-r2 does not even compile.
 i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I../.. -O2 -mtune=core2 -march=core2 -fomit-frame-pointer -pipe -DSCARD_LIB_NAME=\"libpcsclite.so.1\" -pthread -I/usr/include/PCSC -O2 -mtune=core2 -march=core2 -fomit-frame-pointer -pipe -MT libckyapplet_la-cky_base.lo -MD -MP -MF .deps/libckyapplet_la-cky_base.Tpo -c cky_base.c -o libckyapplet_la-cky_base.o >/dev/null 2>&1
if /bin/sh ../../libtool --tag=CC --mode=compile i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I../..    -O2 -mtune=core2 -march=core2 -fomit-frame-pointer -pipe -DSCARD_LIB_NAME=\"libpcsclite.so.1\" -pthread -I/usr/include/PCSC   -O2 -mtune=core2 -march=core2 -fomit-frame-pointer -pipe -MT libckyapplet_la-cky_card.lo -MD -MP -MF ".deps/libckyapplet_la-cky_card.Tpo" -c -o libckyapplet_la-cky_card.lo `test -f 'cky_card.c' || echo './'`cky_card.c; \
        then mv -f ".deps/libckyapplet_la-cky_card.Tpo" ".deps/libckyapplet_la-cky_card.Plo"; else rm -f ".deps/libckyapplet_la-cky_card.Tpo"; exit 1; fi
 i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I. -I../.. -O2 -mtune=core2 -march=core2 -fomit-frame-pointer -pipe -DSCARD_LIB_NAME=\"libpcsclite.so.1\" -pthread -I/usr/include/PCSC -O2 -mtune=core2 -march=core2 -fomit-frame-pointer -pipe -MT libckyapplet_la-cky_card.lo -MD -MP -MF .deps/libckyapplet_la-cky_card.Tpo -c cky_card.c  -fPIC -DPIC -o .libs/libckyapplet_la-cky_card.o
cky_card.c:30: error: redefinition of typedef 'LPSCARD_READERSTATE'
/usr/include/PCSC/pcsclite.h:49: note: previous declaration of 'LPSCARD_READERSTATE' was here
make[3]: *** [libckyapplet_la-cky_card.lo] Error 1
make[3]: Leaving directory `/tmp/portage/portage/app-crypt/coolkey-1.1.0-r2/work/coolkey-1.1.0/src/libckyapplet'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/tmp/portage/portage/app-crypt/coolkey-1.1.0-r2/work/coolkey-1.1.0/src/libckyapplet'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/tmp/portage/portage/app-crypt/coolkey-1.1.0-r2/work/coolkey-1.1.0'
make: *** [all] Error 2
 * ERROR: app-crypt/coolkey-1.1.0-r2 failed:
 *   make failed
 * 

# emerge --info
Portage 2.1.8.3 (default/linux/x86/10.0, gcc-4.4.3, glibc-2.11.2-r0, 2.6.34-gentoo-r1 i686)
=================================================================
System uname: Linux-2.6.34-gentoo-r1-i686-Intel-R-_Core-TM-2_Duo_CPU_E6550_@_2.33GHz-with-gentoo-1.12.13
Timestamp of tree: Thu, 21 Oct 2010 23:15:03 +0000
app-shells/bash:     4.1_p7
dev-java/java-config: 2.1.11
dev-lang/python:     2.6.5-r3, 3.1.2-r4
dev-util/cmake:      2.8.1-r2
sys-apps/baselayout: 1.12.13
sys-apps/sandbox:    2.3-r1
sys-devel/autoconf:  2.13, 2.65-r1
sys-devel/automake:  1.9.6-r3, 1.10.3, 1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.3.4, 4.4.3-r2
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.10
sys-devel/make:      3.81-r2
virtual/os-headers:  2.6.30-r1
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE="* -@EULA"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -mtune=core2 -march=core2 -fomit-frame-pointer -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb /usr/share/config /var/lib/hsqldb"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-O2 -mtune=core2 -march=core2 -fomit-frame-pointer -pipe"
DISTDIR="/portage/gentoo/distfiles"
FEATURES="assume-digests autoconfig collision-protect distlocks fixpackages news nostrip parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://linuxcoe.corp.hp.com/LinuxCOE/Gentoo ftp://mirror.internode.on.net/gentoo"
LANG="en_AU.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
MAKEOPTS="-j1"
PKGDIR="/portage/gentoo/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/tmp/portage"
PORTDIR="/portage/gentoo"
PORTDIR_OVERLAY="/portage/layman/pentoo /portage/gentoo/local"
SYNC="rsync://mirror.internode.on.net/gentoo-portage"
USE="X a52 aac acl alsa apache2 avahi berkdb bindist bzip2 cdb cddb cdparanoia cracklib crypt css cups cxx daap dbus dri dts dvb dvd dvdr emacs exif ffmpeg flac fortran gdbm gpm hal iconv ipv6 java javascript joystick jpeg jpeg2k kde latin1 lm_sensors mikmod mmx mmxext modules mp3 mplayer mudflap mysql ncurses nls nptl nptlonly nsplugin nvidia opengl openmp oss pam pcsc-lite perl posix pppd python qt3support qt4 readline rss samba server smp sqlite sse2 sse3 ssl sysfs tcpd threads tiff transcode type1 unicode v4l vcd vorbis wifi wma x86 xcomposite xine xinerama xorg xvid xvmc zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic auth_digest authn_anon authn_dbd authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers ident imagemap include info log_config logio mem_cache mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_http rewrite setenvif so speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" PHP_TARGETS="php5-2" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nvidia vesa fbdev" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS