Instalación de DNI electrónico (DNIe) en Debian 10 Buster

Realicé una instalación desde cero de Debian 10 Buster en una de mis máquinas y aún no había instalado el DNI (Documento nacional de Identidad) electrónico para hacer gestiones con las administraciones públicas españolas, así que me he puesto hoy a ello.
Ha sido relativamente sencillo.

1.- Paquetes necesarios para el lector y gestión de la entrada del PIN (tengo instalado KDE Plasma, y ya tenía pinentry-qt instalado)

sudo apt-get install pcscd pcsc-tools opensc

2.- Comprobar que el lector funciona: pinchar el lector USB con el DNI metido, y escribir

pcsc_scan

Esta es la salida que me proporciona:

$ pcsc_scan

Using reader plug'n play mechanism
Scanning present readers...
0: C3PO LTC31 v2 00 00
 
Mon Jun 24 12:35:44 2019
 Reader 0: C3PO LTC31 v2 00 00
  Event number: 0
  Card state: Card inserted, Shared Mode, 
  ATR: 3B 7F 96 00 00 00 6A 44 4E 49 65 10 01 01 55 04 21 03 90 00

ATR: 3B 7F 96 00 00 00 6A 44 4E 49 65 10 01 01 55 04 21 03 90 00
+ TS = 3B --> Direct Convention
+ T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
  TA(1) = 96 --> Fi=512, Di=32, 16 cycles/ETU
    250000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 312500 bits/s
  TB(1) = 00 --> VPP is not electrically connected
  TC(1) = 00 --> Extra guard time: 0
+ Historical bytes: 00 6A 44 4E 49 65 10 01 01 55 04 21 03 90 00
  Category indicator byte: 00 (compact TLV data object)
    Tag: 6, len: A (pre-issuing data)
      Data: 44 4E 49 65 10 01 01 55 04 21
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 03 (Initialisation state)
      SW: 9000 (Normal processing.)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B 7F 96 00 00 00 6A 44 4E 49 65 10 01 01 55 04 21 03 90 00
3B 7F 96 00 00 00 6A 44 4E 49 65 10 01 01 55 04 .. 03 90 00
        DNIE Spain (eID)
        http://www.dnielectronico.es/PortalDNIe/

Salgo con Ctrl+C y desconecto el lector de DNI.

3.- Instalar el paquete de DNI electrónico, para Debian: vamos a usar los de Debian Stretch, porque aún no hay paquetes para Buster disponibles.

$ wget https://www.dnielectronico.es/descargas/distribuciones_linux/libpkcs11-dnie_1.5.0_amd64.deb

Compruebo que la suma de comprobación es correcta:

$ md5sum libpkcs11-dnie_1.5.0_amd64.deb 
526cb7761f312f2beb97344cc74f3dcc  libpkcs11-dnie_1.5.0_amd64.deb

Instalo

$ sudo dpkg -i libpkcs11-dnie_1.5.0_amd64.deb

Aquí se instala el paquete pero luego da un error porque intenta abrir Firefox como root, cosa que el sistema no deja.

He mirado los contenidos del paquete y realmente lo que se hace es llamar a un script en Perl que es el que lanza Firefox, así que lo llamo como usuario normal:

$ /usr/share/libpkcs11-dnietif/launch.pl

Se abre Firefox y hay que seguir las instrucciones de la página web que aparece (file:///usr/share/libpkcs11-dnietif/launch.html) para cargar el módulo de seguridad de DNIe, y la autoridad de certificación FNMT (yo he cargado solamente el módulo de seguridad, porque creo que la FNMT ya la incorpora Firefox). Si veo que algo falla volveré aquí, terminaré las instrucciones, y actualizaré este artículo.

Una vez hecho esto, cierro Firefox, lo vuelvo a abrir, entro en una web que me pida el DNIelectrónico, y compruebo que funciona.

Advertisements

MiniDebConf Marseille 2019

I’ve attended the MiniDebConf Marseille (France) during this weekend (25–26 May 2019).

I’m very happy that I could meet new Debian and free software friends and meet again other Debian friends.

I gave a talk about the Welcome team and some examples of non-packaging contributions to Debian. You can see the slides in the Welcome team wiki page and the video will be linked there when it is available (probably soon, thanks to our awesome Debian Video Team!).

I could also talk face to face with some Debian mates about the publicity team and other things. Everybody was very welcoming, a day full of good moments.

The conference is still going on today, but I’m already on my way home (I couldn’t attend on Sunday).

I’ve also paid attention to learn about the organisation, maybe I can find the opportunity and the resources to host a Debian event in my area in the future.

I gave away some Debian/free software stickers and got some more made by Debian France, to ensure I always have some, for future Debian contributors 😉

A weekend for the Debian website and friends

Last weekend (15-17 March 2019) some members of the Debian web team have met at my place in Madrid to advance work together in what we call a Debian Sprint. A report will be published in the following days, but I want to say thank you to everybody that made possible this meeting happen.

We have shared 2-3 very nice days, we have agreed in many topics and started to design an new homepage focused in newcomers (since a Debianite usually just go to the subpage they need) and showing that Debian the operating system is made by a community of people. We are committed to simplify the content of and the structure of www.debian.org, we have fixed some bugs already, and talked about many other aspects. We shared some time to know each other, and I think all of us became motivated to continue working on the website (because there is still a lot of work to do!) and make easy for new contributors to get involved too.

For me, a person who rarely finds the way to attend Debian events, it was amazing to meet in person with people who I have shared work and mails and IRC chats since years in some cases, and to offer my place for the meeting. I have enjoyed a lot preparing all the logistics and I’m very happy that it went very well. Now I walk through my neighbourhood for my daily commute and every place is full of small memories of these days. Thanks, friends!

Debian is back in the Mastodon/GNU Social fediverse, follow fosstodon.org/@debian

The GNU Social instance where the @debian account was hosted (quitter.se) shut down last May. Thanks to the Quitter.se admins for all this time!

Long overdue, I’ve setup the @debian account with the feed of micronews.debian.org in other place (I still cannot selfhost properly, due to time constraints mostly). This time I chose a Mastodon instance, fosstodon.org. Thanks to the Fosstodon admins for hosting, and Carl Chenet for feed2toot.

If you are in the GNU Social/Mastodon fediverse (or other network compatible with ActivityPub I guess), you can follow https://fosstodon.org/@debian to get the news (the official source will always be https://micronews.debian.org, though).

I will try to follow back and answer mentions/replies as time allows. Ping (my contact info is in https://wiki.debian.org/LauraArjona) if something goes wrong (I’m learning this new platform) and I’ll do my best to get things back to normal.

Happy Solstice!

Handling an old Digital Photo Frame (AX203) with Debian (and gphoto2)

Some days ago I found an key chain at home that was a small digital photo frame, and it seems that was not used since 2009 (old times when I was not using Debian at home yet). The photo frame was still working (I connected it with an USB cable and after some seconds, it turned on), and showed 37 photos from 2009 indeed.

When I connected it with USB cable to the computer, it was asking “Connect USB? Yes/No” I pressed the button saying “yes” and nothing happened in the computer (I was expecting an USB drive to be shown in Dolphin, but no).

I looked at “dmesg” output and it was shown as a CDROM:

[ 1620.497536] usb 3-2: new full-speed USB device number 4 using xhci_hcd
[ 1620.639507] usb 3-2: New USB device found, idVendor=1908, idProduct=1320
[ 1620.639513] usb 3-2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[ 1620.639515] usb 3-2: Product: Photo Frame
[ 1620.639518] usb 3-2: Manufacturer: BUILDWIN
[ 1620.640549] usb-storage 3-2:1.0: USB Mass Storage device detected
[ 1620.640770] usb-storage 3-2:1.0: Quirks match for vid 1908 pid 1320: 20000
[ 1620.640807] scsi host7: usb-storage 3-2:1.0
[ 1621.713594] scsi 7:0:0:0: CD-ROM buildwin Photo Frame 1.01 PQ: 0 ANSI: 2
[ 1621.715400] sr 7:0:0:0: [sr1] scsi3-mmc drive: 40x/40x writer cd/rw xa/form2 cdda tray
[ 1621.715745] sr 7:0:0:0: Attached scsi CD-ROM sr1
[ 1621.715932] sr 7:0:0:0: Attached scsi generic sg1 type 5

But not automounted.
I mounted it and then looked at the files, but I couldn’t find photos there, only these files:

Autorun.inf FEnCodeUnicode.dll LanguageUnicode.ini
DPFMate.exe flashlib.dat StartInfoUnicode.ini

The Autorun.inf file was pointing to the DPFMate.exe file.

I connected the device to a Windows computer and then I could run the DPFMate.exe program, and it was a program to manage the photos in the device.

I was wondering if I could manage the device from Debian and then searched for «dpf “digital photo frame” linux dpfmate» and found this page:

http://www.penguin.cz/~utx/hardware/Abeyerr_Digital_Photo_Frame/

Yes, that one was my key chain!

I looked for gphoto in Debian, going to https://packages.debian.org/gphoto and then learned that the program I need to install was gphoto2.
I installed it and then went to its Quick Start Guide to learn how to access the device, get the photos etc. In particular, I used these commands:

gphoto2 --auto-detect

Model Port 
----------------------------------------------------------
AX203 USB picture frame firmware ver 3.4.x usbscsi:/dev/sg1

gphoto2 --get-all-files

(it copied all the pictures that were in the photo frame, to the current folder in my computer)

gphoto2 --upload-file=name_of_file

(to put some file in the photo frame)

gphoto2 --delete-file=1-38

(to delete the file 1 to 38 in the photo frame).

Debian and free software personal misc news

Many of them probably are worth a blog post each, but it seems I cannot find the time or motivation to craft nice blog posts for now, so here’s a quick update of some of the things that happened and happen in my digital life:

• Debian Jessie became LTS and I still didn’t upgrade my home server to stable. Well, I could say myself that now I have 2 more years to try to find the time (thanks LTS team!) and that the machine just works (and that’s probably the reason for not finding the motivation to upgrade it or to put time on it (thanks Debian and the software projects of the services I run there!)) but I have to find the way to give some love to my home server during this summer, otherwise I won’t be able to do it probably until the next summer.

 

• Quitter.se is down since several weeks, and I’m afraid it probably won’t come back. This means my personal account larjona@quitter.se in GNU Social is not working, and the Debian one (debian@quitter.se) is not working either. I would like to find another good instance where to create both accounts (I would like to selfhost but it’s not realistic, e.g. see above point). Considering both GNU Social and Mastodon networks, but I still need to do some research on uptimes, number of users, workforce behind the instances, who’s there, etc. Meanwhile, my few social network updates are posted in larjona@identi.ca as always, and for Debian news you can follow https://micronews.debian.org (it provides RSS feed), or debian@identi.ca. When I resurrect @debian in the fediverse I’ll publicise it and I hope followers find us again.

 

• We recently migrated the Debian website from CVS to git: https://salsa.debian.org/webmaster-team/webwml/ I am very happy and thankful to all the people that helped to make it possible. I think that most of the contributors adapted well to the changes (also because keeping the used workflows was a priority), but if you feel lost or want to comment on anything, just tell. We don’t want to loose anybody, and we’re happy to welcome and help anybody who wants to get involved.

 

• Alioth’s shutdown and the Debian website migration triggered a lot of reviews in the website content (updating links and paragraphs, updating translations…) and scripts. Please be patient and help if you can (e.g. contact your language team, or have a look at the list of bugs: tagged or the bulk list). I will try to do remote “DebCamp18” work and attack some of them, but I’m also considering organising or attending a BSP in September/October. We’ll see.

 

• In the Spanish translation team, I am very happy that we have several regular contributors, translating and/or reviewing. In the last months I did less translation work than what I would like, but I try not to loose pace and I hope to put more time on translations and reviews during this summer, at least in the website and in package descriptions.

 

• One more year, I’m not coming to DebConf. This year my schedule/situation was clear from long ago, so it’s been easier to just accept that I cannot go, and continue being involved somehow. It’s sad not being able to celebrate the migration with web team mates, but I hope they celebrate anyway! I am a bit behind with DebConf publicity work but I will try to catch up soon, and for DebConf itself I will try to do the microblogging coverage as former years, and also participate in the IRC and watching the streaming, thanks timezones and siesta, I guess 😉

 

• Since January I am enjoying my new phone (the Galaxy S III broke, and I bought a BQ Aquaris U+) with Lineage OS 14.x and F-Droid. I keep on having a look each several days to the F-Droid tab that shows the news and updated apps and it’s amazing the activity and life of the projects. A non exhaustive list of the free software apps that I use: AdAway, Number Guesser (I play with my son to this), Conversations, Daily Dozen, DavDroid, F-Droid, Fennec F-Droid, Hacker’s Keyboard, K-9 Mail, KDE Connect, Kontalk, LabCoat, Document Reader, LibreOffice Viewer (old but it works), Memetastic, NewPipe, OSMAnd~, PassAndroid, Periodical, Puma, Quasseldroid, QuickDic, RadioDroid, Reader for Pepper and Carrot, Red Moon, RedReader, Ring, Slight Backup, Termux. Some other apps that I don’t use them all the time but I find it’s nice to have them are AFWall+, Atomic (for when my Quassel server is down), Call Recorder, Pain Diary, Yalp Store. My son decided not to play games in phones/tablets so we removed Anuto TD, Apple Finger, Seafood Berserker, Shattered Pixel Dungeon and Turo (I appreciate the games but I only play some times, if another person plays too, just to share the game). My only non-free apps: the one that gives me the time I need to wait at the bus stop, Wallapop (second hand, person to person buy/sell app), and Whatsapp. I have no Google services in the phone and no Location services available for those apps, but I give the bus stop number or the Postal code number by hand, and they work.

 

• I am very very happy with my Lenovo X230 laptop, its keyboard and everything. It runs Debian stable for now, and Plasma Desktop. I only have 2 issues with it: (1) hibernation, and (2) smart card reader. About the hibernation: sometimes, when on battery, I close the lid and it seems it does not hibernate well because when I open the lid again it does not come back, the power button blinks slowly, and pressing it, typing something or moving the touchpad, have no effect. The only ‘solution’ is to long-press the power button so it abruptly shuts down (or take the battery off, with the same effect). After that, I turn on again and the filesystem complains about the unexpected shut down but it boots correctly. About the smart card reader: I have a C3PO LTC31 smart card reader and when I connect it via USB to use my GPG smart card, I need to restart pcsc service manually to be able to use it. If I don’t do that, the smart card is not recognised (Thunderbird or whatever program asks me repeatedly to insert the card). I’m not sure why is that, and if it’s related to my setup, or to this particular reader. I have another reader (other model) at work, but always forget to switch them to make tests. Anyway I can live with it until I find time to research more.

There are probably more things that I forget, but this post became too long already. Bye!

 

Kubb 2018 season has just begun

Since last year I play kubb with my son. It’s a sport/game of marksmanship and patience. It’s a quite inclusive game and it’s played outside, in a grass or sand field.

It happens that the Spanish association of Kubb is in the town where I live (even, in my neighbourhood!) so several family gatherings with tournaments happen in the parks near my house. Last year we attended for first time and learned how to play, and since then, we participated in 2 or 3 events more.

As kubb is played in open air, season starts in March/April, when the weather is good enough to have a nice morning in the park. I got surprised that being a so minority game, about 50-100 people gather in each local tournament, grouped in teams of any kind: individuals, couples or up to 6 persons-teams, mothers and daughters, only kids-teams, teams formed by people of 3 different generations… as strenght or speed (or even experience) are not relevant to win this game, almost anybody can play with anybody.

Enjoying playing kubb makes me also think about how communities around a non-mainstream topic are formed and maintained, and how to foster diversity and good relationships among participants. I’ve noted down some ideas that I think the kubb association does well:

•  No matter how big or small you are, always take into account the possible newcomers: setting a slot at the start of the event to welcome them and explain “how the day will work” makes those newcomers feel less stressed.
• Designing events where the whole family can participate (or at least “be together”, not only “events with childcare”) but it’s not mandatory that all of them participate, helps people to get involved more long-term.
• The format of the event has to be kept simple to avoid organisers to get burned out. If the organisers are so overwhelmed taking care of things that they cannot taste the result of their work, that means that the organisation team should grow and balance the load.
• Having a “break” during the year so everybody can rest and do other things also helps people get more motivated when the next season/event starts.

Thinking about kubb, particularly together/versus with the other sport that my kid plays (football), I find similarities and contrasts with another “couple” of activities that we also experience in our family: the “free software way of life” versus the “mainstream use” of computers/devices nowadays. It’s good to know both (not to be “apart of the world in our warm bubble”), and it’s good to have the humble, but creative and more human-focused and good-values-loaded one as big reference for the type of future that we want to live and we build everyday with our small actions.

Comments?

You can comment on this post using this pump.io thread.

WordPress for Android and short blog posts

I use pump.io for my social network interactions and from time to time I post short thoughts there.

I usually reserve my blog for longer posts including links etc.

That means that it’s harder for me to publish in my blog.

OTOH my daily commute time may be enough to craft short posts. I bring my laptop with me but it’s common that I
open kate, begin to write, and arrive my destination with my post almost finished but unpublished. Or, second variant, I cannot sit so I cannot type in the metro and pass the time reading or thinking.

I’ve just installed WordPress for Android and hopefully that helps me to write short posts in my commute time and publish quicker. Let’s try and see what happens 🙂

Comments?

Comment about this post in this pump.io thread.

It’s 2018, where’s my traditional New Year Plans post?

I closed my eyes, opened them again, a new year began, and we’re even almost finishing January. Time flies.

In this article I’ll post some updates about my life with computer, software and free software communities. It’s more a “what I’ve been doing” than a “new year plans” post… it seems that I’m learning to not to make so much plans (life comes to break them anyways!).

At home

My home server is still running Debian Jessie. I’m happy that it just works and my services are up, but I’m sad that I couldn’t find time for an upgrade to Debian stable (which is now Debian 9 Stretch) and maybe reinstall it with another config. I have lots of photos and videos to upload in my GNU MediaGoblin instances, but also couldn’t find time to do it (nor to print some of them, which was a plan for 2017, and the files still sleep in external harddrives or DVDs). So, this is a TODO item that crossed the year (yay! now I have almost 12 months ahead to try to complete it!). I’ll try to get this done before summer. I am considering installing my own pump.io instance but I’m not sure it’s good to place it in the same machine as the other services. We’ll see.

I bought a new laptop (well, second hand, but in a very good condition), a Lenovo X230, and this is now my main computer. It’s an i5 with 8 GB RAM. Wow, modern computer at home!
I’m very very happy with it, with its screen, keyboard, and everything. It’s running a clean install of Debian 9 stable with KDE Plasma Desktop and works great. It is not heavy at all so I carry it to work and use it in the public transport (when I can sit) for my contributions to free software.

My phone (Galaxy S III with Lineage OS 14 which is Android 7) fell down and the touchscreen broke (I can see the image but it is unresponsive to touch). When normal boot, the phone is recognized by the PC as storage, and thus I could recover most of the data on it, but it’s not recognized by adb (as when USB debugging is disabled). It is recognized by adb when booted into Recovery (TWRP), though. I tried to enable USB debugging in several ways from adb while in Recovery, but couldn’t. I could switch off the wifi, though, so when I booted the phone it does not receive new messages, etc. I bought an OTG cable but I have no wireless mouse at home and couldn’t make it work with a normal USB mouse. I’ve given up for now until I find a wireless mouse or I have more time, and temporarily returned to use my old Galaxy Ace (with CyanogenMod 7 which is Android 2.3.7). I’ve looked at new phones but I don’t like that all of them have integrated battery, the screens are too big, all of them are very expensive (I know they are hi-tech machines, but don’t want to carry so valuable stuff all the time in my pocket) and other things. I still need to find time to go shopping with the list of phones where I can install Lineage OS (I already visited some stores but didn’t get convinced by the price, or they had no suitable models).

My glasses broke (in a different incident than the phone) and I used old ones for two weeks, because in the middle of the new ones preparation I had some family issues to care about. So putting time in reading or writing in front of the computer has been a bit uncomfortable and I tried to avoid it in the last weeks. Now I have new glasses and I can see very well 🙂 so I’m returning to my computer TODO.

I’ve given up the battle against iThings at home (I lost). I don’t touch them but other members of the family use them. I’m considering contributing to Debian info about testing things or maintaining some wiki pages about accessing iThings from Debian etc, but will leave that for summer, maybe later. Now I just try not to get depressed about this.

At work

We still have servers running Debian Wheezy which is in LTS support until May. I’m confident that we’ll upgrade before Wheezy reaches end of life, but frankly looking at my work plan, I’m not sure when. Every month seems packed with other stuff. I’ve taken some weeks leave to attend my family and I have no clear mind about when and how do things. We’ll see.

I gave a course about free software (in Spanish) for University staff last October. It was 20 hours, and 20 attendants, mostly administrative staff, librarians, and some IT assistants. It went pretty well, we talked about the definition of free software, history, free culture, licenses, free software tools for the office, for Android, and free software as a service (“cloud” stuff). They liked it very much. Many of them didn’t know that our Uni uses free software for our webmail (RoundCube), Cloud services (OwnCloud), and other important areas. I requested promotional material from the FSFE and I gave away many stickers. I also gave away all the Debian stickers that I had, and some other free software stickers. I’m not sure when and how I will get new Debian stickers, not sure if somebody from Madrid is going to FOSDEM. I’m considering printing them myself but I don’t know a good printer (for stickers) here. I’ll ask and try with a small investment, and see how it works out.

Debian

I think I have too many things in my plate and would like to close some stuff and focus on other, or maybe do other things.

I feel comfortable doing publicity work, but I would be happier if the team gets bigger and we have more contributors. I’m happy that we managed to publish a Debian Project News issue in DebConf17, a new one in September, and a new one in November, but since then I couldn’t find time to put on it. I’ll try to make a new issue happen before February ends, though. Meanwhile, the team has managed to handle the different announcements (release points and others) and we try to keep the community informed via micronews (mostly) and the blog bits.debian.org.

I’m keeping an eye on DebConf18 organization and I hope I can engage with publicity work about it, but I feel that we will need a local team member that leads the what-to-publish/when-to-publish and probably translations too.

About Spanish translations, I’m very happy that the translations for the Debian website have new contributors and reviewers that are making a really good work. In the last months I’m a bit behind, just trying to review and keep my files up to date, but I hope I can setup a routine in the following weeks to get more involved again, and also try to translate new files too.

Since some time, the Debian website work is the one that keeps my motivation in Debian up. It’s like a paradox because the Debian website is too big, complicated, old in some sense, and we have so much stuff that needs to be done, and so many people complaining or giving ideas (without patches) that one would get overwhelmed, depressed and sometimes would like just to resign from this team. But after all these years, it is now when I feel comfortable with the codebase and experienced enough to try things, review bugs, and try to help with the things needed. So I’m happy to put time in the website team, updating or improving the website, even when I do mistakes, or triage bugs. Also, working in the website is very rewarding because there is always some small thing that I can do to fix something, and thus, “get something done” even when my time is limited. The bad news is that there are also some big tasks that require a lot of time and motivation, and I get them postponed and postponed… 😦 At least, I try to file bugs for all the stuff that I would like to put time on, and maybe slowly, but thanks to all the team members and other contributors, we are advancing: we have a more updated /partners section (still needs work), a new /derivatives section, and we are working on the migration from CVS to Git, the reorganization of the download pages, and other stuff.

Some times I’d like to do other/new things in Debian. Learn to package (and thus, package spigot and gnusrss, used in Publicity, or weewx, that we use it at work, and also help maintaining or adopting some small things), or join the Documentation Team, or put more work in the Outreach Team (relaunch the Welcome Team), or put more work in Internationalization Team. Or maybe other stuff. But before that, I feel that I would need to finish some pending tasks in my current teams, and also find more people for them, too.

Other free software communities

I am still active in the pump.io community, although I don’t post very often in my social network account. I’ll try to open Dianara more often, and use Puma in my new phone (maybe I should adopt/fork Puma…). I am present in the IRC channel (#pump.io in Freenode) and try to organize and attend the meetings. I have a big TODO which is advance our application to join Software Freedom Conservancy (another item that crossed the TODO from 2017 to 2018) but I’ll really try to get this done before January ends.

I keep on testing F-Droid and free software apps for Android (now again in Android 2.x, I get F-Droid crashes all the time “OutofMemory” :D). I keep on reading the IRC channels and mailing list (also the mailing list for Replicant. If I get the broken phone to work with the OTG I will install Replicant on it and will keep it for tests). I keep on translating Android apps when I have some time to kill.

I have no idea who is going to FOSDEM and if I should talk to them prior to their travel (e.g. ask to bring Debian stickers for me if somebody from Madrid goes, or promote if there is any F-Droid or Pump.io or GNU MediaGoblin IRC meeting or talk or whatever) but I really got busy in December-January with life and family stuff, so I just left FOSDEM apart in my mind and will try to join and see the streaming the weekend that the conference is happening, or maybe later.

I think that’s all, or at least this blogpost became very long and I don’t find anything else to write, for now, to make it longer. In any case, it’s hard for me these days to make plans more than one-two weeks ahead. Hopefully I’ll write in my blog more often during this year.

Comments?

You can comment on this post using this pump.io thread.

Instalación de DNI electrónico (DNIe) en Debian 9 Stretch

Realicé una instalación desde cero de Debian 9 Stretch en uno de mis portátiles y aún no había instalado el DNI (Documento nacional de Identidad) electrónico para hacer gestiones con las administraciones públicas españolas, así que me he puesto hoy a ello.
Ha sido relativamente sencillo.

1.- Paquetes necesarios para el lector y gestión de la entrada del PIN

sudo apt-get install pcscd pcsc-tools pinentry-qt pinentry-qt4 opensc opensc-pkcs11

Nota: hay varios paquetes pinentry disponibles para los distintos escritorios/gestores de ventana, yo como uso Plasma de KDE, pues uso los basados en Qt.

2.- Comprobar que el lector funciona: pinchar el lector USB con el DNI metido, y escribir

pcsc_scan

Esta es la salida que me proporciona:

$ pcsc_scan
PC/SC device scanner
V 1.4.27 (c) 2001-2011, Ludovic Rousseau 
Compiled with PC/SC lite version: 1.8.17
Using reader plug'n play mechanism                                                           
Scanning present readers...                                                                  
0: C3PO LTC31 v2 00 00                                                                       
                                                                                             
Thu May 11 19:04:04 2017                                                                     
Reader 0: C3PO LTC31 v2 00 00                                                                
  Card state: Card inserted,                                                                 
  ATR: 3B 7F 38 00 00 00 6A 44 4E 49 65 20 02 4C 34 01 13 03 90 00                           
                                                                                             
ATR: 3B 7F 38 00 00 00 6A 44 4E 49 65 20 02 4C 34 01 13 03 90 00                             
+ TS = 3B --> Direct Convention                                                              
+ T0 = 7F, Y(1): 0111, K: 15 (historical bytes)                                              
  TA(1) = 38 --> Fi=744, Di=12, 62 cycles/ETU                                                
    64516 bits/s at 4 MHz, fMax for Fi = 8 MHz => 129032 bits/s                              
  TB(1) = 00 --> VPP is not electrically connected                                           
  TC(1) = 00 --> Extra guard time: 0                                                         
+ Historical bytes: 00 6A 44 4E 49 65 20 02 4C 34 01 13 03 90 00                             
  Category indicator byte: 00 (compact TLV data object)                                      
    Tag: 6, len: A (pre-issuing data)
      Data: 44 4E 49 65 20 02 4C 34 01 13
    Mandatory status indicator (3 last bytes)
      LCS (life card cycle): 03 (Initialisation state)
      SW: 9000 (Normal processing.)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B 7F 38 00 00 00 6A 44 4E 49 65 20 02 4C 34 01 13 03 90 00
3B 7F 38 00 00 00 6A 44 4E 49 65 [1,2]0 02 4C 34 01 13 03 90 00
        DNI electronico (Spanish electronic ID card)
        http://www.dnielectronico.es

Salgo con Ctrl+C y desconecto el lector de DNI.

3.- Instalar los paquetes de DNI electrónico, para Debian: vamos a usar los de Debian Jessie, porque aún no hay paquetes para Stretch disponibles.

wget https://www.dnielectronico.es/descargas/distribuciones_linux/Debian-64bits/Debian_%208%20Jessie_libpkcs11-dnie_1.4.0_amd64.deb

$ sudo dpkg -i ./Debian_\ 8\ Jessie_libpkcs11-dnie_1.4.0_amd64.deb 

Se abre Firefox y hay que seguir las instrucciones de la página web que aparece, para cargar el módulo de seguridad de DNIe, y la autoridad de certificación FNMT.

Una vez hecho esto, cierro firefox. En el terminal indica que la instalación del paquete terminó con errores pero no tiene importancia. Vuelvo a conectar el lector del DNI con el DNI metido. Abro Firefox y compruebo que funciona.