search

open-eid / linux-installer

Ubuntu meta package
55 stars 21 forks source link

Ubuntu 22.04 support #97

Closed IndrekHaav closed 2 years ago

IndrekHaav commented 2 years ago

Currently the latest supported Ubuntu version is 21.10. Ubuntu 22.04 LTS was released a month ago, please add support for it as well.

Trying to use the "impish" repo doesn't work:

~ $ lsb_release -ds
Ubuntu 22.04 LTS
~ $ sudo apt install opensc open-eid
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies.
 qdigidoc4 : Depends: libdigidocpp1 but it is not installable
             Depends: libssl1.1 (>= 1.1.0) but it is not installable
 web-eid-native : Depends: libssl1.1 (>= 1.1.0) but it is not installable
E: Unable to correct problems, you have held broken packages.

Apparently Ubuntu doesn't provide libssl1.1 for 22.04, only libssl3. It might be possible to make it work by downloading and installing libssl1.1 manually (e.g. from Debian), but I haven't tried it.

kristelmerilain commented 2 years ago

Ubuntu 22.04 support will come in our next release. We still have some minor improvements and testing to do before we can release new ID-software version but we hope to get new version out in June.

virtual-machinist commented 2 years ago

Any updated ETA on this?

kristelmerilain commented 2 years ago

New ID-software release that supports Ubuntu 22.04 is now available.

Please note that there are two known defects in Ubuntu 22.04:

  1. Some Ubuntu 22.04 users can't use ID-card in the DigiDoc4 Client and Web eID due to an error in the pcscd service. Instructions for restarting the pcscd service can be found here.
  2. In Ubuntu 22.04 Firefox is installed as SNAP, in which the ID-card cannot be used for online authentication and signing. To authenticate and sign with the ID-card on the web you need to install a regular version of Firefox. (Firefox bug report)
jaakristioja commented 2 years ago 
2. In Ubuntu 22.04 Firefox is installed as SNAP, in which the ID-card cannot be used for online authentication and signing. To authenticate and sign with the ID-card on the web you need to install a regular version of Firefox. ([Firefox bug report](https://bugzilla.mozilla.org/show_bug.cgi?id=1734371))

For future reference, a workaround might be to use Firefox from the Mozilla PPA instead. Something along the following lines might do the trick. Don't forget to backup the SNAP versions of your important Firefox profiles, which you might have to restore later.

sudo snap remove firefox
sudo apt-get remove firefox
cat << EOF | sudo tee /etc/apt/preferences.d/mozilla-firefox > /dev/null
Package: *
Pin: release o=LP-PPA-mozillateam
Pin-Priority: 1001

Package: firefox*
Pin: release o=Ubuntu*
Pin-Priority: -1
EOF
sudo add-apt-repository ppa:mozillateam/ppa
sudo apt-get update
sudo apt-get install firefox

I also needed to add the following lines to /etc/apparmor.d/local/usr.bin.firefox to make authentication and signing work in Firefox:

# I don't thoroughly understand what these lines do:
/run/pcscd/pcscd.comm rw,
unix (connect, receive, send)
  type=stream
  peer=(addr="@/run/pcscd/pcscd.comm"),
/usr/bin/web-eid ux,

These might not be the most secure AppArmor profile lines, but at least stuff seems to work with Firefox now. I hope this helps.