Closed maltfield closed 2 years ago
This extension has nothing to do with signing. Its only purpose is to configure PKCS11 module for Firefox authentication on linux.
Hi @maltfield! Thanks for the report! Do you have time for quick video call to investigate the issue?
@mrts unfortunately my internet connection is not very good. Is there any way I can force the plugin to dump some error logs so that I can provide the info you'd need?
@metsma I'm a bit confused. Could there be anything else installed in firefox that handles the signing?
I checked about:addons
and I only see 1 extension = PKCS11 loader
(and whoose Homepage links to this repo).
I also have these web-eid
and web-eid-firefox
extensions installed
user@estonia:~$ sudo dpkg -l | grep -Ei 'eid|firefox'
ii firefox-esr 91.11.0esr-1~deb10u1 amd64 Mozilla Firefox web browser - Extended Support Release (ESR)
ii firefox-pkcs11-loader 3.13.6.1084-1804 all Firefox PKCS#11 module loader
ii open-eid 22.6.0.1926-1804 all This is eID Software metapackage
ii web-eid 2.0.0.552-1804 all Web eID application suite (metapackage)
ii web-eid-chrome 2.0.2.565-1804 all Web eID browser extension for Chrome
ii web-eid-firefox 2.0.2.565-1804 all Web eID browser extension for Firefox
ii web-eid-native 2.0.2.565-1804 amd64 Web eID browser extension helper application
user@estonia:~$
...but, again, they don't show-up under about:addons
in Firefox. Is it possible that extensions are installed but not shown to the user in about:addons
? If so, that should probably change because users wanting to file bug reports will end-up here (it's how I got here)
There should be web-eid extension also installed. Web-eid-firefox package is installed, which should handle this. Maybe firefox-esr has different paths and settings? We need verify that.
Is the web-eid
extension a requirement in order to authenticate (PIN1) into a website? Because that works fine for me.
Also, I noticed that about:addons
does not list all of the web browser's installed extensions. There's some hidden system extensions that are listed in the "Add-ons" section of about:support
Anyway, I checked about:support
and there's no mention of web-eid
(but PKCS11 loader
is there). However, I do have these files installed on my system
user@estonia:~/.mozilla/firefox$ dpkg-query -L web-eid
/.
/usr
/usr/share
/usr/share/doc
/usr/share/doc/web-eid
/usr/share/doc/web-eid/changelog.Debian.gz
/usr/share/doc/web-eid/copyright
user@estonia:~/.mozilla/firefox$
user@estonia:~/.mozilla/firefox$ dpkg-query -L web-eid-native
/.
/usr
/usr/bin
/usr/bin/web-eid
/usr/share
/usr/share/applications
/usr/share/applications/web-eid.desktop
/usr/share/doc
/usr/share/doc/web-eid-native
/usr/share/doc/web-eid-native/changelog.Debian.gz
/usr/share/doc/web-eid-native/copyright
/usr/share/icons
/usr/share/icons/hicolor
/usr/share/icons/hicolor/128x128
/usr/share/icons/hicolor/128x128/apps
/usr/share/icons/hicolor/128x128/apps/web-eid.png
/usr/share/icons/hicolor/16x16
/usr/share/icons/hicolor/16x16/apps
/usr/share/icons/hicolor/16x16/apps/web-eid.png
/usr/share/icons/hicolor/256x256
/usr/share/icons/hicolor/256x256/apps
/usr/share/icons/hicolor/256x256/apps/web-eid.png
/usr/share/icons/hicolor/32x32
/usr/share/icons/hicolor/32x32/apps
/usr/share/icons/hicolor/32x32/apps/web-eid.png
/usr/share/icons/hicolor/512x512
/usr/share/icons/hicolor/512x512/apps
/usr/share/icons/hicolor/512x512/apps/web-eid.png
user@estonia:~/.mozilla/firefox$
user@estonia:~/.mozilla/firefox$ dpkg-query -L web-eid-firefox
/.
/usr
/usr/lib
/usr/lib/mozilla
/usr/lib/mozilla/native-messaging-hosts
/usr/lib/mozilla/native-messaging-hosts/eu.webeid.json
/usr/share
/usr/share/doc
/usr/share/doc/web-eid-firefox
/usr/share/doc/web-eid-firefox/changelog.Debian.gz
/usr/share/doc/web-eid-firefox/copyright
user@estonia:~/.mozilla/firefox$
Maybe firefox-esr has different paths and settings? We need verify that.
The firefox-esr
may be a red herring. There is no package named firefox
in Debian (only firefox-esr
).
Update: The path does appear to be correct as documented by Mozilla here:
There is also script that adjust FF enterprice policy that instructs to install extension to browser from add-on store https://github.com/web-eid/web-eid-app/blob/main/debian/web-eid-firefox.postinst
Thank you for the feedback! I will close this issue since it has nothing to do with PKCS11 and this issue has now resolved in Web eID project.
Feature request:
Problem
Problem: There is currently no way (at least that's easy to find) to enable verbose debug logging so that a user can figure out what failed when this extension doesn't work as expected.
I needed to sign a document today (PIN2) on an Estonian government website, but it failed. I got a very unhelpful error message displayed in the browser:
I'm 100% sure that the ID software is installed and my smartcard is recognized by my browser (and this extension) because I used it to sign-into the portal (PIN1). I tried it again in another tab and confirmed that, yes, it's still connected and working (again PIN1).
I tried to sign the document again (PIN2), and got the same unhelpful message in the browser.
I checked the browser's debugging console, but nothing was there. I checked the network tab, and all requests were 200.
I tried downloading the document and opening it for signing locally in qdigidoc4, and when I tried to sign the doc, I got a dreaded Segmentation Fault
Is this extension failing for the same reason? Is it also caused by a segfault? Or is it some backend API failing because of the segfault? I have no idea because I cannot view any log messages to see what is going on under the hood.
Solution
This tool needs a way for the user to be able to enable and view very, very detailed debug log messages so that they can pinpoint issues and submit bug reports or pull requests.