Live CD with smart card tools

Hi,

Is there someone who has already set up a Linux Live CD with
all the 
tools to support the smart card and to develop/load/test
Java Card applets:
- pcsc-lite
- generic ccid driver
- other drivers for other readers
- GlobalPlatform library and GPShell
- pcsc-perl
- pcsc-tools
- Muscle
- openSC
- jdk and java card toolkit
- etc

Best regards,
-- 
Damien Sauveron
http://damien.sauvero
n.free.fr/
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel

On 28/12/06, Damien Sauveron <sauveronlabri.fr> wrote:
> Hi,

Hello Damien,

> Is there someone who has already set up a Linux Live CD
with all the
> tools to support the smart card and to
develop/load/test Java Card applets:
> - pcsc-lite
> - generic ccid driver
> - other drivers for other readers
> - GlobalPlatform library and GPShell
> - pcsc-perl
> - pcsc-tools
> - Muscle
> - openSC
> - jdk and java card toolkit
> - etc

No but that would be nice to have.

I made a custom Knoppix CD with pam_pkcs11, mozilla
configure with a
smart card PKCS11, etc. It required a lot of manpower to
setup.

It may be a better idea to use something like live-package
[1] to
automate the build and update with newer package versions
(but would
require the softwares are available as Debian packages).

Bye,

[1] http://packages.debian.org/unstable/misc/live-package

-- 
  Dr. Ludovic Rousseau
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel

On Thu, Dec 28, 2006 at 08:42:03PM +0100, Ludovic Rousseau
wrote:
> I made a custom Knoppix CD with pam_pkcs11, mozilla
configure with a
> smart card PKCS11, etc. It required a lot of manpower
to setup.
> 
> It may be a better idea to use something like
live-package [1] to
> automate the build and update with newer package
versions (but
> would require the softwares are available as Debian
packages).

The Gentoo tool catalyst is similarly useful for making
livecds, and
many of the packages mentioned are already available in
Gentoo.

I'd be happy to write spec files but a build system would be
nice
since my laptop isn't really a computing monster.

The build system would need to run Gentoo and have
>=catalyst-2
installed.


//Peter
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel

Dear Peter,

Peter Stuge a écrit :
> On Thu, Dec 28, 2006 at 08:42:03PM +0100, Ludovic
Rousseau wrote:
> 
>>I made a custom Knoppix CD with pam_pkcs11, mozilla
configure with a
>>smart card PKCS11, etc. It required a lot of
manpower to setup.
>>
>>It may be a better idea to use something like
live-package [1] to
>>automate the build and update with newer package
versions (but
>>would require the softwares are available as Debian
packages).
> 
> 
> The Gentoo tool catalyst is similarly useful for making
livecds, and
> many of the packages mentioned are already available in
Gentoo.
> 
> I'd be happy to write spec files but a build system
would be nice
> since my laptop isn't really a computing monster.
> 
> The build system would need to run Gentoo and have
>=catalyst-2
> installed.

I will ask to the system administrator of my laboratory if
he can build 
the system. If I remember well, he uses Gentoo to install
the operating 
systems for the computers in the classrooms.

If you can write the spec files it would be great.
Is it possible to customize the live CD with packages that
are not 
available in Gentoo? For example:
- Globalplatform, GPShell
http:
//sourceforge.net/projects/globalplatform/
- Sun Java SDK, Sun Java Card Tool Kit ...

I do not know the requirements of the other interested
persons by a Live 
CD with smart card tools. Mine were in the previous mail.

I am sure such a Live CD would be useful for lot of us.
Nevertheless, 
who will accept to maintain it? I cannot due to a big
workload.

Best regards,
-- 
Damien Sauveron
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel

On Thu, Dec 28, 2006 at 08:42:03PM +0100, Ludovic Rousseau
wrote:
> On 28/12/06, Damien Sauveron <sauveronlabri.fr> wrote:
> >- pcsc-lite
> >- generic ccid driver
> >- other drivers for other readers
> >- GlobalPlatform library and GPShell
> >- pcsc-perl
> >- pcsc-tools
> >- Muscle
> >- openSC
> >- jdk and java card toolkit
> >- etc
> 
> No but that would be nice to have.
> 
> I made a custom Knoppix CD with pam_pkcs11, mozilla
configure with a
> smart card PKCS11, etc. It required a lot of manpower
to setup.

Exactly, i provide a remastered live-cd for smartcard-use in
our
corporation. Adding drivers that involve compiling
kernel-modules
makes it harder, my remastering-chain involves booting the
topppix-
livecd in vmware, editing and remastering, burning it on
cdrw an
testing on a laptop.

> It may be a better idea to use something like
live-package [1] to
> automate the build and update with newer package
versions (but would
> require the softwares are available as Debian
packages).
When i.e. packages with card-drivers add proper rules to
udev for 
driverloading it could work to provide no complete
remastered livecd
but just addon-packages that have to be installed after
booting up
the livecd, but obviously this destroys the 'everything on
one cd'
idea.

There could also be license-issues when delivering sun-java
etc. on
the livecd.

Christian
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel

I'm interested in creating a custom (k)ubuntu install cd/dvd
that can setup encrypted root and swap partition, comes with
all smart card software (including openssh with smart card
support) and can maybe even protect the encrypted root and
swap
with smart cards.

but I also guess - as usual - I won't find time to hack on
that :(
so everyone with free time: go wild! 

Regards, Andrea
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel

I'm interested in creating a custom (k)ubuntu install cd/dvd
that can setup encrypted root and swap partition, comes with
all smart card software (including openssh with smart card
support) and can maybe even protect the encrypted root and
swap
with smart cards.

but I also guess - as usual - I won't find time to hack on
that :(
so everyone with free time: go wild! 

Regards, Andreas
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel

Hello,

sounds great. But I am interested in every Distribution
supporting all the
smartcard-stuff and complete encryption right away.
But maybe it needs a community-made adopted dsitri/DVD, to
make the
distributors move...

Kind regards
Cornelius

On Fr, 29.12.2006, 12:58, Andreas Jellinghaus wrote:
> I'm interested in creating a custom (k)ubuntu install
cd/dvd
> that can setup encrypted root and swap partition, comes
with
> all smart card software (including openssh with smart
card
> support) and can maybe even protect the encrypted root
and swap
> with smart cards.
>
> but I also guess - as usual - I won't find time to hack
on that :(
> so everyone with free time: go wild! 
>
> Regards, Andreas
> _______________________________________________
> opensc-devel mailing list
> opensc-devellists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc
-devel
>


_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel

Hello,

On Fri, Dec 29, 2006 at 11:41:05AM +0100, Damien Sauveron
wrote:
> >The Gentoo tool catalyst is similarly useful for
making livecds,
> >and many of the packages mentioned are already
available in
> >Gentoo.
> >
> >I'd be happy to write spec files but a build system
would be nice
> >since my laptop isn't really a computing monster.
> >
> >The build system would need to run Gentoo and have
>=catalyst-2
> >installed.
> 
> I will ask to the system administrator of my laboratory
if he can
> build the system. If I remember well, he uses Gentoo to
install the
> operating systems for the computers in the classrooms.

Cool.


> If you can write the spec files it would be great.

I'll give it a shot.


> Is it possible to customize the live CD with packages
that are not
> available in Gentoo? For example:
> - Globalplatform, GPShell
> http:
//sourceforge.net/projects/globalplatform/
> - Sun Java SDK, Sun Java Card Tool Kit ...

Sure, by adding ebuild files for the packages. Depending on
how each
package is built, the difficulty of doing so varies from
trivial to a
bit complex.


> I do not know the requirements of the other interested
persons by a
> Live CD with smart card tools. Mine were in the
previous mail.

I'll read it again.


> I am sure such a Live CD would be useful for lot of us.
> Nevertheless, who will accept to maintain it? I cannot
due to a big
> workload.

The spec files are really pretty simple, the CD may not even
need a
separate maintainer, we'll just help each other. Attached
are spec
files for another livecd I've built, just to show an
example.


//Peter
subarch: x86
version_stamp: mycd.0
target: livecd-stage1
rel_type: default
profile: default-linux/x86/2006.0
snapshot: 20060726
source_subpath: default/stage3-x86-2005.1-r1
portage_confdir: /etc/catalyst/portage.mycd
chost: i686-pc-linux-gnu
cflags: -march=pentium-4 -Os -pipe -fomit-frame-pointer

livecd/use: -* iproute2 crypto ethereal ftp imap mime mmx
ncurses readline samba snmp soap sockets socks5 sqlite ssl
tcpd threads unicode wifi xml xml2
livecd/packages: joe diffutils vim-core setserial lilo ntp
syslog-ng djbdns dnsmasq daemontools stunnel rp-pppoe screen
pptpclient dhcpcd dhcp iputils iproute2 ethtool
wireless-tools pciutils usbutils less openssl openvpn strace
mtr bridge-utils ebtables iptables vconfig tcpdump ngrep
telnet-bsd lsof ucspi-tcp ucspi-proxy
=sys-kernel/vanilla-sources-2.6.17.6
subarch: x86
version_stamp: mycd.0
target: livecd-stage2
rel_type: default
profile: default-linux/x86/2005.1-r1
snapshot: 20060726
source_subpath: default/livecd-stage1-x86-2005.1-r1
portage_confdir: /etc/catalyst/portage.mycd

livecd/fstype: normal
livecd/cdtar:
/usr/lib/catalyst/livecd/cdtar/isolinux-3.09-memtest86+-cdta
r.tar.bz2
livecd/iso: /tmp/mycd-x86-network.iso
livecd/fsscript: fsscript.mycd.sh
livecd/bootargs: docache
livecd/type: generic-livecd
livecd/root_overlay: root_overlay.mycd
livecd/devmanager: udev

boot/kernel: lix26176
boot/kernel/lix26176/sources:
=sys-kernel/vanilla-sources-2.6.17.6
boot/kernel/lix26176/config:
/etc/catalyst/kernel-2.6.17.6-mycd.config
boot/kernel/lix26176/packages:
=net-wireless/madwifi-ng-tools-0.9.1
=net-wireless/madwifi-ng-0.9.1

livecd/unmerge: nano sharutils perl-cleaner pax-utils perl
pkgconfig hdparm busybox help2man debianutils shadow
diffutils kbd texinfo file man-pages man groff which
autoconf autoconf-wrapper automake automake-wrapper binutils
binutils-config bison flex gcc-config gettext gnuconfig
libperl libtool m4 make patch genkernel vanilla-sources gcc
python-fchksum python
livecd/empty: /tmp /mnt /dev /var
livecd/rm: /tmp/* /mnt/* /dev/* /var/* /usr/bin/libol-config
/usr/share/automake /usr/share/automake-1.4
/usr/share/automake-1.5 /usr/share/automake-1.6
/usr/share/automake-1.7 /usr/share/automake-1.8
/usr/share/automake-1.9 /usr/share/baselayout
/usr/share/binutils-data /usr/share/doc /usr/share/et
/usr/share/gcc-data /usr/share/groff /usr/share/i18n
/usr/share/info /usr/share/libtool /usr/share/locale
/usr/share/lsof /usr/share/man /usr/share/misc/getopt
/usr/share/mtr /usr/share/openssh /usr/share/openvpn
/usr/share/ss /usr/share/vim  /usr/lib/libcrack.a
/usr/lib/liblsof.a /usr/lib/libol.a /usr/lib/libol.la
/usr/lib/locale /usr/include /usr/i586-pc-linux-gnu
/usr/lib/perl5 /etc/make.profile
/etc/modules.autoload.d/kernel-2.4 /etc/env.d/50ncurses
/etc/env.d/99libstdc++  /var/cache /var/log/news
/var/log/emerge.log /var/log/genkernel.log /proc/.keep
/boot/boot  /usr/lib/libsandbox.la /usr/lib/libsandbox.so
/usr/lib/libsandbox.so.0 /usr/lib/libsandbox.so.0.0.0
/usr/bin/sandbox /usr/share/sandbox
/usr/share/doc/sandbox-1.2.12  /var/log/sandbox
/var/db/pkg/sys-apps/sandbox-1.2.12 /etc/etc-update.conf
/etc/dispatch-conf.conf /etc/make.globals
/etc/make.conf.example /etc/portage
/etc/env.d/05portage.envd /usr/lib/python2.4
/usr/lib/portage /usr/share/man/man1/dispatch-conf.1.gz
/usr/share/man/man1/ebuild.1.gz
/usr/share/man/man1/emerge.1.gz
/usr/share/man/man1/env-update.1.gz
/usr/share/man/man1/etc-update.1.gz
/usr/share/man/man1/quickpkg.1.gz
/usr/share/man/man1/repoman.1.gz
/usr/share/man/man5/ebuild.5.gz
/usr/share/man/man5/make.conf.5.gz
/usr/share/man/man5/portage.5.gz
/usr/share/doc/portage-2.0.53 /usr/bin/ebuild
/usr/bin/emerge /usr/bin/portageq /usr/bin/repoman
/usr/bin/tbz2tool /usr/bin/xpak /usr/sbin/archive-conf
/usr/sbin/dispatch-conf /usr/sbin/emaint
/usr/sbin/emerge-webrsync /usr/sbin/env-update
/usr/sbin/etc-update /usr/sbin/fixpackages
/usr/sbin/quickpkg /usr/sbin/regenworld
/var/db/pkg/sys-apps/portage-2.0.53 /usr/local
/etc/lilo.conf.example /etc/conf.d/dolilo.example
/usr/sbin/keytab-lilo.pl /sbin/dolilo /sbin/mkrescue
/etc/env.d/binutils /etc/env.d/gcc /etc/env.d/05binutils
/etc/env.d/05gcc /etc/env.d/05gcc-i686-pc-linux-gnu /etc/opt
/etc/runlevels/nonetwork /etc/runlevels/single
/etc/make.conf /etc/csh.env /etc/hosts.bck
/etc/modprobe.devfs.old /etc/modules.conf.old /etc/kernels
/usr/bin/addr2line /usr/bin/ar /usr/bin/as /usr/bin/c++filt
/usr/bin/c++ /usr/bin/cc /usr/bin/cpp /usr/bin/g++32
/usr/bin/g++ /usr/bin/gcc /usr/bin/gprof
/usr/bin/i586-pc-linux-gnu-addr2line
/usr/bin/i586-pc-linux-gnu-ar /usr/bin/i586-pc-linux-gnu-as
/usr/bin/i586-pc-linux-gnu-c++filt
/usr/bin/i586-pc-linux-gnu-gprof
/usr/bin/i586-pc-linux-gnu-ld /usr/bin/i586-pc-linux-gnu-nm
/usr/bin/i586-pc-linux-gnu-objcopy
/usr/bin/i586-pc-linux-gnu-objdump
/usr/bin/i586-pc-linux-gnu-ranlib
/usr/bin/i586-pc-linux-gnu-readelf
/usr/bin/i586-pc-linux-gnu-size
/usr/bin/i586-pc-linux-gnu-strings
/usr/bin/i586-pc-linux-gnu-strip /usr/bin/nm
/usr/bin/objcopy /usr/bin/objdump /usr/bin/python
/usr/bin/python2 /usr/bin/ranlib /usr/bin/readelf
/usr/bin/gcc32  /usr/bin/i586-pc-linux-gnu-c++
/usr/bin/i586-pc-linux-gnu-g++
/usr/bin/i586-pc-linux-gnu-g++32
/usr/bin/i586-pc-linux-gnu-gcc
/usr/bin/i586-pc-linux-gnu-gcc32 /usr/bin/ld /usr/bin/size
/usr/bin/strings /usr/bin/strip /usr/bin/yacc
/usr/lib/libperl.so /usr/src /usr/portage /var/lib/misc
/var/lib/portage /var/lib/module-rebuild
/var/run/bootstrap-progress /var/db /usr/bin/c_rehash
/usr/bin/code2color /usr/bin/mtrace /usr/bin/strace-graph
/usr/sbin/pptp_fe.pl /usr/sbin/pptp-command
/usr/bin/vim-tutor /etc/vim /usr/share/ntp
/etc/runlevels/boot/consolefont /etc/runlevels/boot/keymaps
/etc/runlevels/default/netmount /etc/resolv.conf
/boot/initramfs-genkernel-x86-2.6.15-soekris
/boot/initramfs-x86-2.6.15-soekris  /usr/lib/libbsd.a
/usr/lib/libcurses.a /usr/lib/libblkid.a /usr/lib/libanl.a
/usr/lib/libBrokenLocale.a /usr/lib/libbsd-compat.a
/usr/lib/libbz2.a /usr/lib/libc.a /usr/lib/libc_nonshared.a
/usr/lib/libc_stubs.a /usr/lib/libcom_err.a
/usr/lib/libcrypt.a /usr/lib/libcrypto.a /usr/lib/libdl.a
/usr/lib/libe2p.a /usr/lib/libexpat.a /usr/lib/libext2fs.a
/usr/lib/libform.a /usr/lib/libformw.a /usr/lib/libg.a
/usr/lib/libhistory.a /usr/lib/libwrap.a /usr/lib/libieee.a
/usr/lib/libm.a /usr/lib/libmcheck.a /usr/lib/libmenu.a
/usr/lib/libmenuw.a /usr/lib/libpthread_nonshared.a
/usr/lib/libncurses++.a /usr/lib/libncurses++w.a
/usr/lib/libncurses.a /usr/lib/libncursesw.a
/usr/lib/libnsl.a /usr/lib/libpanel.a /usr/lib/libpanelw.a
/usr/lib/libpopt.a /usr/lib/libpthread.a /usr/lib/libpwdb.a
/usr/lib/libreadline.a /usr/lib/libresolv.a
/usr/lib/librpcsvc.a /usr/lib/librt.a /usr/lib/libsocks.a
/usr/lib/libss.a /usr/lib/libssl.a /usr/lib/libutil.a
/usr/lib/libuuid.a /usr/lib/libz.a /usr/lib/libcap.a
/usr/lib/libomapi.a /usr/lib/libdhcpctl.a /usr/lib/libpci.a
/usr/lib/liblzo.a /usr/lib/libbridge.a /usr/lib/libipq.a
/usr/lib/libiptables.a /usr/lib/libiptc.a /usr/lib/libpcap.a
 /usr/sbin/telnetd /usr/sbin/in.telnetd
/usr/sbin/telnetlogin /etc/xinetd.d/telnetd 
/usr/lib/libcrack.la /usr/lib/libdsocks.la
/usr/lib/libexpat.la /usr/lib/libpopt.la
/usr/lib/libsocks.la /usr/lib/libstunnel.la
/usr/lib/liblzo.la /usr/lib/Mcrt1.o /usr/lib/Scrt1.o
/usr/lib/crt1.o /usr/lib/crti.o /usr/lib/crtn.o
/usr/lib/gcrt1.o /usr/lib/pkgconfig
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel