search

frankmorgner / OpenSCToken

Use OpenSC in macOS CryptoTokenKit.
GNU General Public License v3.0
75 stars 14 forks source link

Mojave: Fails to compile "--tag" error" #17

Closed mouse07410 closed 4 years ago

mouse07410 commented 5 years ago

MacOS Mojave 10.14.6, Xcode-11.1. Current master of everything.

Same symptoms as in #7: 

. . . . .
  CC       libopensc_la-aux-data.lo
  OBJC     libopensc_la-reader-cryptotokenkit.lo
libtool: compile: unable to infer tagged configuration
libtool:   error: specify a tag with '--tag'
make[3]: *** [libopensc_la-reader-cryptotokenkit.lo] Error 1

Possibly a pilot error - but I don't know what could cause it, or where to look. Would appreciate help!

mouse07410 commented 5 years ago

More info. Setting env vars OBJC=clang -objc, and LIBTOOLFLAGS="--tag OBJC" got me past the above error. Changing signing identity got me past the next hurdle (obviously, I cannot sign using Frank's ID ;). Now, OpenSCToken build tries to re-compile OpenSC as part of OpenSCToken, and it fails to locate OpenSSL include files. Here's the log excerpt (I've disabled silent rules to see what flags are passed to the compiler):

. . . . .
OpenSC has been configured with the following options:

Version:                 0.20.0
Version fix:             0
Version revision:        0
Git revision:            OpenSC-OpenSC-0.20.0-rc3, rev: 01678e8, commit-time: 2019-10-18 14:31:09 +0200

Copyright:               OpenSC Project
Company:                 OpenSC Project
Company URL:             https://github.com/OpenSC
Comments:                Provided under the terms of the GNU Lesser General Public License (LGPLv2.1+).
Product name:            OpenSC smartcard framework
Product updates:         https://github.com/OpenSC/OpenSC/releases
Product URL:             https://github.com/OpenSC/OpenSC

User binaries:           //bin
Configuration files:     /Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex/Contents/Resources
Bash completion:         /Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex/Contents/Resources/bash_completion.d
XSL stylesheets:         no

man support:             no
doc support:             no
thread locking support:  yes
zlib support:            yes
readline support:        yes
OpenSSL support:         yes
OpenSSL secure memory:   1048576
PC/SC support:           no
CryptoTokenKit support:  yes
OpenCT support:          no
CT-API support:          no
minidriver support:      no
SM support:              yes
SM default module:       libsmm-local.so
SM default path:         //lib
DNIe UI support:         no
Notification support:    no

PC/SC default provider:  
PKCS11 default provider: //lib/opensc-pkcs11.so
PKCS11 onepin provider:  //lib/onepin-opensc-pkcs11.so

Host:                    x86_64-apple-darwin18.7.0
Compiler:                clang
Preprocessor flags:      -I/opt/local/include
Compiler flags:          -I/opt/local/include -march=native -Os -Ofast -std=gnu17 -Wall -Wextra -Wno-unused-parameter -Werror
Linker flags:            -L/opt/local/lib -framework CryptoTokenKit -framework Foundation
Libraries:               

READLINE_CFLAGS:         
READLINE_LIBS:           -lreadline 
ZLIB_CFLAGS:             
ZLIB_LIBS:               -lz
OPENSSL_CFLAGS:          -I/opt/local/include
OPENSSL_LIBS:            -L/opt/local/lib -lcrypto -lz
OPENPACE_CFLAGS:         -I/Users/uri/src/OpenSC/OpenSCToken/build/openpace//include -I/Users/uri/src/OpenSC/OpenSCToken/build/openpace/opt/local/include -I/opt/local/include
OPENPACE_LIBS:           -L/Users/uri/src/OpenSC/OpenSCToken/build/openpace//lib -L/Users/uri/src/OpenSC/OpenSCToken/build/openpace/opt/local/lib -leac -lcrypto -lz -L/opt/local/lib -lcrypto -lz
OPENCT_CFLAGS:           
OPENCT_LIBS:             
PCSC_CFLAGS:             
CRYPTOTOKENKIT_CFLAGS:   -framework CryptoTokenKit -framework Foundation
GIO2_CFLAGS:             
GIO2_LIBS:               
FUZZING_LIBS:            

++ make V=1
/Applications/Xcode.app/Contents/Developer/usr/bin/make  all-recursive
Making all in etc
Making all in src
. . . . .
+ xcodebuild -target OpenSCTokenApp -configuration Debug -project OpenSCTokenApp.xcodeproj install DSTROOT=/Users/uri/src/OpenSC/OpenSCToken/build
Build settings from command line:
    DSTROOT = /Users/uri/src/OpenSC/OpenSCToken/build

note: Using new build system
note: Planning build
note: Constructing build description
CreateBuildDirectory /Users/uri/src/OpenSC/OpenSCToken/build (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/uri/src/OpenSC/OpenSCToken
    builtin-create-build-directory /Users/uri/src/OpenSC/OpenSCToken/build

SymLink /Users/uri/src/OpenSC/OpenSCToken/build/Debug/opensc-pkcs11.dylib.bundle /Users/uri/src/OpenSC/OpenSCToken/build/UninstalledProducts/macosx/opensc-pkcs11.dylib.bundle (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/uri/src/OpenSC/OpenSCToken
    /bin/ln -sfh /Users/uri/src/OpenSC/OpenSCToken/build/UninstalledProducts/macosx/opensc-pkcs11.dylib.bundle /Users/uri/src/OpenSC/OpenSCToken/build/Debug/opensc-pkcs11.dylib.bundle

. . . . .
    cd /Users/uri/src/OpenSC/OpenSCToken
    write-file /Users/uri/src/OpenSC/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/DerivedSources/Entitlements.plist

ProcessProductPackaging "" /Users/uri/src/OpenSC/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/opensc-pkcs11.dylib.bundle.xcent (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/uri/src/OpenSC/OpenSCToken

Entitlements:

{
    "com.apple.security.app-sandbox" = 1;
    "com.apple.security.smartcard" = 1;
}

    builtin-productPackagingUtility -entitlements -format xml -o /Users/uri/src/OpenSC/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/opensc-pkcs11.dylib.bundle.xcent

WriteAuxiliaryFile /Users/uri/src/OpenSC/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/opensc-pkcs11.dylib.hmap (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/uri/src/OpenSC/OpenSCToken
    write-file /Users/uri/src/OpenSC/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/opensc-pkcs11.dylib.hmap

. . . . .
    cd /Users/uri/src/OpenSC/OpenSCToken
    builtin-infoPlistUtility /Users/uri/src/OpenSC/OpenSCToken/opensc-pkcs11/Info.plist -producttype com.apple.product-type.bundle -expandbuildsettings -platform macosx -o /Users/uri/src/OpenSC/OpenSCToken/build/UninstalledProducts/macosx/opensc-pkcs11.dylib.bundle/Contents/Info.plist

CompileC /Users/uri/src/OpenSC/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/Objects-normal/x86_64/pkcs11-global.o /Users/uri/src/OpenSC/OpenSCToken/OpenSC/src/pkcs11/pkcs11-global.c normal x86_64 c com.apple.compilers.llvm.clang.1_0.compiler (in target 'opensc-pkcs11' from project 'OpenSCTokenApp')
    cd /Users/uri/src/OpenSC/OpenSCToken
    export LANG=en_US.US-ASCII
    clang -x c -target x86_64-apple-macos10.12 -fmessage-length=119 -fdiagnostics-show-note-include-stack -fmacro-backtrace-limit=0 -fcolor-diagnostics -std=gnu99 -fmodules -gmodules -fmodules-prune-interval=86400 -fmodules-prune-after=345600 -fbuild-session-file=/var/folders/pd/mxn5kp_55jg23x7jjd10gtwm0000gn/C/org.llvm.clang/ModuleCache.noindex/Session.modulevalidation -fmodules-validate-once-per-build-session -Wnon-modular-include-in-framework-module -Werror=non-modular-include-in-framework-module -Wno-trigraphs -fpascal-strings -O0 -fno-common -Werror -Wno-missing-field-initializers -Wno-missing-prototypes -Wno-return-type -Wno-missing-braces -Wparentheses -Wswitch -Wno-unused-function -Wno-unused-label -Wno-unused-parameter -Wno-unused-variable -Wunused-value -Wno-empty-body -Wno-uninitialized -Wno-unknown-pragmas -Wno-shadow -Wno-four-char-constants -Wno-conversion -Wno-constant-conversion -Wno-int-conversion -Wno-bool-conversion -Wno-enum-conversion -Wno-float-conversion -Wno-non-literal-null-conversion -Wno-objc-literal-conversion -Wno-shorten-64-to-32 -Wpointer-sign -Wno-newline-eof -DDEBUG=1 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk -fasm-blocks -fstrict-aliasing -Wdeprecated-declarations -g -Wno-sign-conversion -Wno-infinite-recursion -Wno-comma -Wno-block-capture-autoreleasing -Wno-strict-prototypes -Wno-semicolon-before-method-body -iquote /Users/uri/src/OpenSC/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/opensc-pkcs11.dylib-generated-files.hmap -I/Users/uri/src/OpenSC/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/opensc-pkcs11.dylib-own-target-headers.hmap -I/Users/uri/src/OpenSC/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/opensc-pkcs11.dylib-all-target-headers.hmap -iquote /Users/uri/src/OpenSC/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/opensc-pkcs11.dylib-project-headers.hmap -I/Users/uri/src/OpenSC/OpenSCToken/build/Debug/include -I/Users/uri/src/OpenSC/OpenSCToken/OpenSC -I/Users/uri/src/OpenSC/OpenSCToken/OpenSC/src -I/Users/uri/src/OpenSC/OpenSCToken/build/openpace/include -I/Users/uri/src/OpenSC/OpenSCToken/build/openssl/include -I/Users/uri/src/OpenSC/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/DerivedSources-normal/x86_64 -I/Users/uri/src/OpenSC/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/DerivedSources/x86_64 -I/Users/uri/src/OpenSC/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/DerivedSources -F/Users/uri/src/OpenSC/OpenSCToken/build/Debug -MMD -MT dependencies -MF /Users/uri/src/OpenSC/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/Objects-normal/x86_64/pkcs11-global.d --serialize-diagnostics /Users/uri/src/OpenSC/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/Objects-normal/x86_64/pkcs11-global.dia -c /Users/uri/src/OpenSC/OpenSCToken/OpenSC/src/pkcs11/pkcs11-global.c -o /Users/uri/src/OpenSC/OpenSCToken/build/OpenSCTokenApp.build/Debug/opensc-pkcs11.build/Objects-normal/x86_64/pkcs11-global.o
In file included from /Users/uri/src/OpenSC/OpenSCToken/OpenSC/src/pkcs11/pkcs11-global.c:40:
/Users/uri/src/OpenSC/OpenSCToken/OpenSC/src/libopensc/sc-ossl-compat.h:30:10: fatal error: 'openssl/opensslv.h' file
      not found
#include <openssl/opensslv.h>
         ^~~~~~~~~~~~~~~~~~~~
1 error generated.

It appears that even though the correct compiler flags were noticed during the OpenSC configuration (within the OpenSCToken build), they were not passed to/used in the actual OpenSC build. Surprisingly, OpenSC itself (outside of OpenSCToken directory) builds just fine, and locates correctly everything OpenSSL-related. How can I remedy this?

mouse07410 commented 5 years ago

Update

The cause of this problem seems to be how OpenSSL and OpenSC are discovered and configured by OpenSCToken.

If I try to build OpenSCToken from within a working OpenSC source directory - it fails, and (at least on my machine) appears hopeless.

If I clone OpenSCToken to a separate directory, from where it can not find local OpenSC or OpenSSL sources correction: I had to force the bootstrap script to clone and build it's own OpenSSL - otherwise no matter what, the other packages involved in the build were unable to locate OpenSSL include files and/or libraries, then it would clone them correctly, and (with a minor correction to the bootstrap script) build OpenSCToken successfully.

frankmorgner commented 5 years ago

What's the difference between the configurations?

mouse07410 commented 5 years ago

Not counting the signing identities,

diff --git a/bootstrap b/bootstrap
index e8e6fcc..ea47c1a 100755
--- a/bootstrap
+++ b/bootstrap
@@ -7,24 +7,25 @@ RESOURCES=/Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex/Co

 set -ex

-if ! pkg-config libcrypto --atleast-version=1.0.1; then
+#if ! pkg-config libcrypto --atleast-version=1.0.1; then
    # OpenSSL is not installed
    if ! test -e $BUILDPATH/openssl/$PREFIX/lib/pkgconfig; then
        # Build OpenSSL manually, because Apple's binaries are deprecated
        if ! test -e openssl; then
-           git clone --depth=1 https://github.com/openssl/openssl.git -b OpenSSL_1_0_2-stable
+           git clone --depth=1 https://github.com/openssl/openssl.git -b OpenSSL_1_1_1-stable
        fi
        cd openssl
        KERNEL_BITS=64 ./config --prefix=$PREFIX
        make update
        make depend
        make
-       make INSTALL_PREFIX=$BUILDPATH/openssl install_sw
+       make INSTALL_PREFIX=$BUILDPATH/openssl DESTDIR=$BUILDPATH/openssl install_sw
        cd ..
    fi
+   export PKG_CONFIG_PATH="$BUILDPATH/openssl/$PREFIX/lib/pkgconfig:$PKG_CONFIG_PATH"
    export OPENSSL_CFLAGS="`env PKG_CONFIG_PATH=$BUILDPATH/openssl/$PREFIX/lib/pkgconfig PKG_CONFIG_SYSROOT_DIR=$BUILDPATH/openssl pkg-config --static --cflags libcrypto`"
    export OPENSSL_LIBS="`  env PKG_CONFIG_PATH=$BUILDPATH/openssl/$PREFIX/lib/pkgconfig PKG_CONFIG_SYSROOT_DIR=$BUILDPATH/openssl pkg-config --static --libs   libcrypto`"
-fi
+#fi

 if ! test -e $BUILDPATH/openpace/$PREFIX/lib/pkgconfig; then
    if ! test -e openpace; then

Also, a question: can I build a working OpenSC with --disable-pcsc --enable-cryptotokenkit? If I don't plan to build/install OpenSCAToken? Would, e.g, OpenSC.tokend work with such a configuration of the library? Would OpenSC (configured with --enable-cryptotokenkit) be able to do everything it can do on Mac when configured with --enable-pcsc?

frankmorgner commented 5 years ago

Hmm, you're instaling OpenSC to DESTDIR, which is what you're forgetting in OPENSSL_CFLAGS/OPENSSL_CFLAGS

Also, a question: can I build a working OpenSC with --disable-pcsc --enable-cryptotokenkit?

sure, just try!

mouse07410 commented 5 years ago

...which is what you're forgetting...

Hmm, not sure why, or where I would add those flags - because we're talking about an unmodified clone of OpenSCToken that failed to build, forcing me to make the above changes to get it to build.

sure, just try!

Great! Just to make it crystal clear (and my apologies for repeating myself): I should be able to clone OpenSC on my Mac, configure it for CryptoTokenKit, build and install (not building OpenSCToken, maybe building OpenSC.tokend), and it should work with all the cards that OpenSC currently supports?

mouse07410 commented 4 years ago

can I build a working OpenSC with --disable-pcsc --enable-cryptotokenkit?

sure, just try!

@frankmorgner indeed I was able to build OpenSC with the above options, but it doesn't work:

$ OPENSC_DEBUG=9 pkcs11-tool -L
P:39006; T:0x4469364160 18:30:05.689 [opensc-pkcs11] ctx.c:720:process_config_file: Used configuration file '/Library/OpenSC/etc/opensc.conf'
Available slots:
No slots.
$ pkcs11-tool --module /Library/OpenSC/lib/pkcs11-spy.dylib -L

*************** OpenSC PKCS#11 spy *****************
Loaded: "/Library/OpenSC/lib/opensc-pkcs11.dylib"

0: C_GetFunctionList
2019-11-14 18:30:10.120
Returned:  0 CKR_OK

1: C_Initialize
2019-11-14 18:30:10.120
[in] pInitArgs = 0x0
Returned:  0 CKR_OK

2: C_GetSlotList
2019-11-14 18:30:10.123
[in] tokenPresent = 0x0
[out] pSlotList: 
Count is 0
[out] *pulCount = 0x0
Returned:  0 CKR_OK

3: C_GetSlotList
2019-11-14 18:30:10.124
[in] tokenPresent = 0x0
[out] pSlotList: 
[out] *pulCount = 0x0
Returned:  0 CKR_OK
Available slots:
No slots.

4: C_Finalize
2019-11-14 18:30:10.124
Returned:  0 CKR_OK
$

This is what I get from OpenSC configured for PCSC:

$ pkcs11-tool -L
Available slots:
Slot 0 (0x0): Yubico Yubikey 4 OTP+U2F+CCID
  token label        : xxxxxxxxx
  token manufacturer : piv_II
  token model        : PKCS#15 emulated
  token flags        : login required, rng, token initialized, PIN initialized
  hardware version   : 0.0
  firmware version   : 0.0
  serial num         : ee7xxxxxxx
  pin min/max        : 4/8
$
mouse07410 commented 4 years ago

@frankmorgner I'm having troubles with --enable-cryptotokenkit on the latest Mojave and the latest Catalina.

When I build OpenSC for PCSC, opensc-tool <whatever command> gives me something like

$ opensc-tool -lian
OpenSC 0.20.0 [gcc  4.2.1 Compatible Apple LLVM 11.0.0 (clang-1100.0.33.17)]
Enabled features: locking zlib readline openssl pcsc(/System/Library/Frameworks/PCSC.framework/PCSC)
# Detected readers (pcsc)
Nr.  Card  Features  Name
0    Yes             Yubico YubiKey OTP+FIDO+CCID
Using reader with a card: Yubico YubiKey OTP+FIDO+CCID
. . . . .

notice the pcsc(/System/Library/Frameworks/PCSC.framework/PCSC) at the end of Enabled features string.

When I build OpenSC with --disable-pcsc --enable-cryptotokenkit, I get this:

$ opensc-tool -lian
OpenSC 0.20.0 [gcc  4.2.1 Compatible Apple LLVM 11.0.0 (clang-1100.0.33.17)]
Enabled features: locking zlib readline openssl
No smart card readers found.
No smart card readers found.
Failed to connect to reader: No readers found

notice that there's nothing referring to CryptoTokenKit at the end of the Enabled features string. And indeed, it doesn't find the inserted token, even though security list-smartcards and security export-smartcard perform as expected.

Also, your releases/latest/OpenSCToken.dmg is still based on 0.19.0, and is almost a year and a half old. Could you please update your release to reflect the current OpenSC level?

I tried to build from the source, but it fails - so your release seems the best bet at this time.

frankmorgner commented 4 years ago

Oh, I think you missed that OpenSC's binaries now contain OpenSCToken. On Catalina and later the CTK token is installed instead of Tokend. Could you check if this works as expected (e.g. Safari or Chrome)?

mouse07410 commented 4 years ago

Oh, I think you missed that OpenSC's binaries now contain OpenSCToken...

Yes, I admit I missed that.

However, I'm trying to track OpenSC master and build it myself. Unfortunately, in my setup (and I haven't figured out why) OpenSCToken refuses to build from within the "main" OpenSC repo.

Actually, I'd love to be able to build OpenSCToken from within the OpenSC "main" build (as all of my machines are now either running Catalina, or preparing to upgrade from Mojave to Catalina).

Could you check if this works as expected (e.g. Safari or Chrome)?

I'd love to - but I've a few questions:

Update

Bit the bullet and installed the 0.20.0 binary. The OpenSC.pkg contained OpenSCToken.app, however it did not get installed, despite me requesting it via "Customize installation". So, at this point I have no working OpenSCToken - it doesn't build properly from the source, and it doesn't install from the binary. And I'd appreciate if you could answer my two questions above.

mouse07410 commented 4 years ago

Also, how to unregister OpenSCToken? While debugging, I need a way to remove it without having to re-image the system.

frankmorgner commented 4 years ago

:question: your comments are inconsistent: If it doesn't get installed, there would be nothing to be unregistered.

mouse07410 commented 4 years ago

your comments are inconsistent...

Well, I'm trying multiple things in parallel (as none of them works 100%):

a. building OpenSCToken as part of the OpenSC build process (mostly broken for me); b. building OpenSCToken "standalone", letting it pull "fresh" OpenSC from GitHub (mostly works - builds and installs); c. trying OpenSC binary build (presumably) by you (doesn't install).

(a) fails. I pushed through several problems, here's where it is now:

. . . . .
openpace 1.1.0 has been configured with following options:

Libraries:               //lib
CVC directory:           /Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex/Contents/Resources
X.509 directory:         /Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex/Contents/Resources

Host:                    x86_64-apple-darwin18.7.0
Compiler:                clang
Preprocessor flags:      
Compiler flags:           -isysroot /Applications/Xcode-9.4.1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.13.sdk -arch x86_64
Linker flags:            
Libraries:               
CRYPTO_CFLAGS:           -I/Users/ur20980/src/OpenSC-test/OpenSCToken/build/openssl//include
CRYPTO_LIBS:             -L/Users/ur20980/src/OpenSC-test/OpenSCToken/build/openssl//lib -lcrypto

HELP2MAN:                /opt/local/bin/help2man
GENGETOPT:               /opt/local/bin/gengetopt

Install patched OpenSSL: no
GIT:                     
OPENSSL_CONFIGURE_FLAGS: 

SWIG:                    
Python Bindings:         no
PYTHON:                  
Java Bindings:           no
JAVA_CFLAGS:             
JAVACFLAGS:              
Ruby Bindings:           no
RUBY:                    
Go Bindings:             no
gccgo:                   
GCCGOFLAGS:              
SWIGGOPARAMS:            

+ make DESTDIR=/Users/ur20980/src/OpenSC-test/OpenSCToken/build/openpace install
Making install in src
/Applications/Xcode.app/Contents/Developer/usr/bin/make  install-recursive
Making install in docs
Making install in _static
make[5]: Nothing to be done for `install-exec-am'.
make[5]: Nothing to be done for `install-data-am'.
make[5]: Nothing to be done for `install-exec-am'.
make[5]: Nothing to be done for `install-data-am'.
Making install in certs
make[4]: Nothing to be done for `install-exec-am'.
/opt/local/bin/gmkdir -p "/Users/ur20980/src/OpenSC-test/OpenSCToken/build/openpace/Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex/Contents/Resources"
for cert in ff3d20d2; do /opt/local/bin/ginstall -c -m 644 ./${cert} "/Users/ur20980/src/OpenSC-test/OpenSCToken/build/openpace/Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex/Contents/Resources"; done
/opt/local/bin/gmkdir -p "/Users/ur20980/src/OpenSC-test/OpenSCToken/build/openpace/Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex/Contents/Resources"
for cert in DECVCAeID00102 DECVCAEPASS00102 DECVCAeSign00102;   do /opt/local/bin/ginstall -c -m 644 ./${cert} "/Users/ur20980/src/OpenSC-test/OpenSCToken/build/openpace/Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex/Contents/Resources";  done
  CC       cvc_print-cvc-print.o
  CC       cvc_print-cvc-print-cmdline.o
  CCLD     cvc-print
  CC       cvc_create-cvc-create.o
  CC       cvc_create-cvc-create-cmdline.o
  CCLD     cvc-create
make -C . cvc-create
make[4]: `cvc-create' is up to date.
/opt/local/bin/help2man \
        --output=cvc-create.1 \
        --no-info \
        --source='OpenPACE 1.1.0' \
        ./cvc-create
sh: line 1: 29593 Abort trap: 6           ./cvc-create --help 2> /dev/null
help2man: can't get `--help' info from ./cvc-create
Try `--no-discard-stderr' if option outputs to stderr
make[3]: *** [cvc-create.1] Error 134
make[2]: *** [install-recursive] Error 1
make[1]: *** [install] Error 2
make: *** [install-recursive] Error 1

Note, that it fails only when OpenSCToken tries to rebuild it in its own directory. As a part of OpenSC, it builds just fine.

(b) Requires intervention to work. Observed problems:

  1. Path to OpenSSL include files and libraries is hard-coded in the OpenSCTokenApp.xcodeproj/project.pbxproj. It means that when the installed OpenSSL version is acceptable (aka, no need to pull and build one from the source), the OpenSCToken build fails, as it cannot find OpenSSL include files, and $SRCROOT/openssl/lib/libcrypto.a. To get past this, I had to force rebuilding OpenSSL from the source (ugly, but it works).
  2. Signing identity for the build is yours, so to rebuild one has to change it in OpenSCTokenApp.xcodeproj/project.pbxproj.

After addressing these, I built OpenSCTokenApp.app successfully (I think) on Mojave. It installs, and runs. After I run it, Safari prompts me with three copies of each certificate on the CAC. Connection to the web site failed, possibly for non-OpenSCToken-related reasons (as I cannot connect to it with Safari even without OpenSCToken). In case it matters, Firefox connects to it fine.

(c) As I said, OpenSCToken.app seems present in the OpenSC.pkg in OpenSC-0.20.0.dmg, but it did not install, despite checking the "Install" box in the customization.

Update

You uninstall OpenSCToken by removing the app. ust use opensc-uninstall as usual. When Apple checks for tokens the next time, it should get removed from the pluginkit output

Unfortunately, not true. I ran opensc-uninstall, made sure there's no OpenSCTokenApp.app in /Applications/, then installed "plain" OpenSC that I built myself without OpenSCToken. Still, upon inserting a token, macOS found in my source directory and invoked the OpenSCToken:

$ ifrun OpenSC
1638356520 64416 77786   0  5:20PM ??         0:00.00 (opensc-notify)
1638356520 64417     1   0  5:20PM ??         0:00.03 /Users/ur20980/src/OpenSCToken/build/Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex/Contents/MacOS/OpenSCToken
1638356520 77786     1   0 10:52AM ??         0:00.32 /Library/OpenSC/bin/opensc-notify
$

I installed from the OpenSCToken.dmg.

To actually remove, I had to 

pluginkit -r /Users/ur20980/src/OpenSCToken/build/Applications/OpenSCTokenApp.app/Contents/PlugIns/OpenSCToken.appex

and kill the running process, because it did not exit when I removed the card.

frankmorgner commented 4 years ago

I agree, that we could probably be a bit smarter in opensc-uninstall, but I need to have a deeper look.

Anyway, I'm loosing track of all the strings... please open a new issue for each problem you encountered, otherwise this conversation will go back and forth forever.

mouse07410 commented 4 years ago

please open a new issue for each problem you encountered, otherwise this conversation will go back and forth forever

Understood. You're right. Will do.

frankmorgner commented 4 years ago 
./bootstrap
./build-package

works as expected on Catalina. So I guess I'll close this issue since I cannot reproduce the original problem, right?

frankmorgner commented 4 years ago

(used xcode 11.3)

mouse07410 commented 4 years ago

Yes, it looks like with Xcode-11.3.1 this problem doesn't manifest on either Mojave or Catalina.

Still, there are older Xcode versions (and 11.3 doesn't install on macOS older than Mojave, AFAIK). So, I'd probably still merge the fix - add the following lines to bootstrap file somewhere near the top:

export OBJC=clang
export OBJCXX=clang++
export CC=clang
export CXX=clang++