24.04 and 24.10 Ubuntu Issues

[choman]

There are technically two (2) issues that my team and I are seeing, and would absolutely love to help have these solved. First off, love the updated script and moving to the use of opensc.

Issue 1

On both 24.04 and 24.10, chrome randomly crashes. Currently, using chrome 131.0.6778.264, which as of 2025-01-13 is the latest stable for linux and ubuntu.

Issue 2

On both 24.04 and 24.10, when using the script to de-snapify firefox and move to the deb package of firefox, 134.0 as of 2025-01-13. the cac software does not read the card info. So when visiting things like DoD safe, everyone on the team is a guest.

• verified the in-use profile
• verified the pkcs11.txt looked correct for opensc

Update 2025-01-14

Issue appears that the card reader is not seen. The loading the pkcs modules into the following it worked and the reader was seen. Personal note, it's like the deb packaging is missing a library that the tar'balls contain.

• testing tar'ball from Mozilla, everything appears fine
  - 128.6esr
  - 129.0 standard
  - 134.0 standard
  - 134.0.1 standard
• purged firefox deb (ubuntu version)
• testing firefox deb from Mozilla next

Additional plug for known pkcs11-register issue

During another test with chrome and using the newer cac_setup.sh script, I noticed that there was lines in the pkcs11.txt that
had commented out opensc libraries and already specified cackey lines. In reference to your known issue that pkcs11-regsister does not always run correctly. I have to remove the cackey and the commented opensc lines for it to work correctly. My speculation is that it (pkcs11-register "greps" for opensc and not if it's commented out.

[jdjaxon]

@choman, thank you. It had been on the agenda for a while. @malvidin helped a ton while I was slacking.

I typically only run and test on LTS versions, but I am currently on 22.04. I will try to get a test environment of 24.04 running soon to look into this more, but I will post my initial thoughts.

Issue 1

When I first started working on this project, I always ran into odd issues with Chrome until I started using this PPA:

deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main

However, I'm not sure if it's still necessary since I am on Google Chrome 132.0.6834.110, so you will likely be on the same version as me after an upgrade. Though I am on Ubuntu 22.04, this version of Chrome using this PPA remains stable and functional.

Issue 2

This certainly could be an issue with the deb package that Canonical is using. Like Chrome, I also use a PPA, which may or may not be helpful:

deb https://ppa.launchpadcontent.net/mozillateam/ppa/ubuntu/ jammy main

Canonical runs this PPA, so I can't guarantee that it will be helpful in any way.

I used these PPAs to isolate issues in the initial development of this project. Most folks I work with do not use these, and everything works fine.

WARNING: I don't mean to insult your intelligence if you already know, but please be careful about the PPAs you use, if you choose to, since malicious individuals can host them.

pkcs11-register Issue

Also, I appreciate the insight here:

During another test with chrome and using the newer cac_setup.sh script, I noticed that there was lines in the pkcs11.txt that
had commented out opensc libraries and already specified cackey lines. In reference to your known issue that pkcs11-regsister does not always run correctly. I have to remove the cackey and the commented opensc lines for it to work correctly. My speculation is that it (pkcs11-register "greps" for opensc and not if it's commented out.

I know the register command will write the files if they aren't present, so the nuclear strategy of removing the pkcs11.txt files and running the command would likely solve this if it does effectively grep. I would rather not arbitrarily nuke people's configuration files, so I'll have to find another way around this.