Thanks for the ldd output. libpcsclite.so.1 is the lib to used the pcscd socket, and is used by modules libstpkcs11.so, libeToken.so.10.7.77 and libopensc.so.8 (see below) It is not used in libbit4xpki.so which may be a software pkcs11 or does not use pcscd.
libcrypto.so.1.1 is OpenSSL-1.1 and also used by modules libstpkcs11.so and opensc-pkcs11.so So libstpkcs11.so, libeToken.so.10.7.77 and libstpkcs11.so, libeToken.so.10.7.77 all appear to work as all the libs are available. The difference is opensc-pkcs11.so needs to load libopensc.so.8 and a few others that I have not looked at On a 22.04.1 system running the command `sudo snap run --shell firefox.firefox` will run snap as root to have snap start up a shell with the environment that firefox would run under. The `df` command shows: /dev/sda3 122388080 11202960 104921928 10% /var/lib/snapd/hostfs tmpfs 814036 1272 812764 1% /run tmpfs 5120 4 5116 1% /run/lock tmpfs 814036 100 813936 1% /run/user/1000 /dev/loop0 128 128 0 100% /snap/bare/5 /dev/loop1 63488 63488 0 100% /snap/core20/1587 /dev/loop2 63488 63488 0 100% / /dev/loop3 167296 167296 0 100% /snap/firefox/1635 /dev/loop4 181248 181248 0 100% /snap/firefox/1749 /dev/loop5 410496 410496 0 100% /snap/gnome-3-38-2004/112 /dev/loop7 48128 48128 0 100% /snap/snapd/16292 /dev/loop6 93952 93952 0 100% /snap/gtk-common-themes/1535 /dev/sda2 524252 5364 518888 2% /var/lib/snapd/hostfs/boot/efi Argonne 1952871748 479641924 1473229824 25% /media/sf_Argonne VM-Shared 1952871748 479641924 1473229824 25% /media/sf_VM-Shared /dev/loop8 354688 354688 0 100% /snap/gnome-3-38-2004/115 udev 4034884 0 4034884 0% /dev tmpfs 4070180 0 4070180 0% /dev/shm tmpfs 4070180 0 4070180 0% /snap/firefox/1749/data-dir/icons tmpfs 4070180 0 4070180 0% /snap/firefox/1749/data-dir/sounds tmpfs 4070180 0 4070180 0% /snap/firefox/1749/data-dir/themes tmpfs 4070180 1996 4068184 1% /usr/lib/x86_64-linux-gnu tmpfs 4070180 0 4070180 0% /usr/share and /var/lib/snapd/hostfs is the host's filesystem. I was able to copy libopensc.so.8.0.0 and symlink libopensc.so.8.0.0 to /usr/lib/x86_64-linux-gnu FF will still not load opensc-pkcs11.so and it will be gone on a reboot. snap does set sone environemt variables that could help: LD_PRELOAD=:/snap/firefox/1749/gnome-platform/$LIB/bindtextdomain.so LD_LIBRARY_PATH=/var/lib/snapd/lib/gl:/var/lib/snapd/lib/gl32:/var/lib/snapd/void:/snap/firefox/1749/usr/lib:/snap/firefox/1749/usr/lib/x86_64-linux-gnu:/snap/firefox/1749/gnome-platform/lib/x86_64-linux-gnu:/snap/firefox/1749/gnome-platform/usr/lib/x86_64-linux-gnu:/snap/firefox/1749/gnome-platform/usr/lib:/snap/firefox/1749/gnome-platform/lib:/snap/firefox/1749/gnome-platform/usr/lib/x86_64-linux-gnu/dri:/var/lib/snapd/lib/gl:/snap/firefox/1749/gnome-platform/usr/lib/x86_64-linux-gnu/libunity:/snap/firefox/1749/gnome-platform/usr/lib/x86_64-linux-gnu/pulseaudio So this is where I am at. Firefox-esr from debiaen works with opensc. Forefox from snap does not. It appears the some effort when it to geting p11-kit to start, but all p11-kit does is load other pkcs11 modules, that may have been installed using normal apt-get. It the initial comments of this bug report there were suggestions to copy the single file if a pkcs11 module to a "doc" directory, but no attempt was made to copy dependent libraries that the module needs. These will only work if missing libraries are in the snap base or of firefox snap packages. OpenSC also has a notify capability to tell the user when a card was inserted or removed. This may add additional complications to getting it to work under snap. Not much else I can do. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to firefox in Ubuntu. https://bugs.launchpad.net/bugs/1967632 Title: [snap] apparmor denied when trying to load pkcs11 module for smart card authentication Status in Mozilla Firefox: Unknown Status in firefox package in Ubuntu: Triaged Bug description: I use a smart card to access government sites. I have that working in firefox and chrome on ubuntu impish, and gave jammy a try, but there firefox won't load the library, giving me a generic error. dmesg, however, shows this apparmor denied message: [sáb abr 2 17:32:27 2022] audit: type=1400 audit(1648931547.646:115): apparmor="DENIED" operation="file_mmap" profile="snap.firefox.firefox" name="/run/user/1000/doc/e0bac853/libaetpkss.so.3.5.4112" pid=3680 comm="firefox" requested_mask="m" denied_mask="m" fsuid=1000 ouid=0 Note also the path, that's not what I typed into the firefox dialog box. I have the .so copied to /usr/lib/x86_64-linux-gnu/libaetpkss.so.3.5.4112, and that's what I typed in when prompted for its path by firefox. ProblemType: Bug DistroRelease: Ubuntu 22.04 Package: firefox 1:1snap1-0ubuntu2 ProcVersionSignature: Ubuntu 5.15.0-23.23-generic 5.15.27 Uname: Linux 5.15.0-23-generic x86_64 NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair ApportVersion: 2.20.11-0ubuntu80 Architecture: amd64 CasperMD5CheckResult: pass CurrentDesktop: ubuntu:GNOME Date: Sat Apr 2 17:34:09 2022 InstallationDate: Installed on 2022-03-20 (13 days ago) InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Alpha amd64 (20220319) Snap.Changes: no changes found SourcePackage: firefox UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/firefox/+bug/1967632/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
