Posts Tagged ‘xenial’

# how to compile and install newest version of 
# proftpd 
# in Ubuntu 16.04 LTS 64-bit:
sudo apt-get update
sudo apt-get install checkinstall build-essential
sudo apt-get build-dep proftpd-dfsg proftpd-basic 
sudo apt-get purge proftpd-basic
cd
sudo rm -rf proftpd
git clone https://github.com/proftpd/proftpd
cd proftpd
sudo ./configure
sudo make clean
sudo make
sudo checkinstall
# type 3 and hit  to enter 1.3.5b as the software version
apt-cache show proftpd
# Terminal output of 'apt-cache show proftpd' should be similar to this:
# Package: proftpd
# Status: install ok installed
# Priority: extra
# Section: checkinstall
# Installed-Size: 8492
# Maintainer: root
# Architecture: amd64
# Version: 1.3.5b-1
# Provides: proftpd
# Description: Package created with checkinstall 1.6.2
# Description-md5: 556b8d22567101c7733f37ce6557412e
# Livestreamer Twitch GUI - A multi platform Twitch.tv browser for Livestreamer
# bash install script
sudo apt-get update
sudo apt-get install livestreamer x11-utils xdg-utils git
cd
sudo rm -rf livestreamer-twitch-gui
git clone https://github.com/bastimeyer/livestreamer-twitch-gui.git
cd livestreamer-twitch-gui/
sudo npm install -g grunt bower grunt-cli
npm install qunit phantomjs
npm update
bower install
grunt release
grunt
# the grunt command replaces the use of the following command:
# ~/livestreamer-twitch-gui/build/releases/livestreamer-twitch-gui/linux64/livestreamer-twitch-gui
 ###############################################################
# install recommended Java version for OmegaT
 ###############################################################
 sudo add-apt-repository ppa:webupd8team/java
 sudo apt-get update
 # uninstall Java 9 which is currently incompatible with OmegaT:
 sudo apt-get purge icedtea-netx oracle-java9-installer
 sudo apt-get build-dep ant omegat
 sudo apt-get install icedtea-netx oracle-java8-installer
 export JAVA_HOME=/usr/lib/jvm/java-8-oracle
 java -version
 # Terminal output should be similar to this:
 # java version "1.8.0_111"
 # Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
 # Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)
 ###############################################################
 # install newest version of OmegaT
 ###############################################################
 cd
 sudo rm -rf OmegaT
 git clone https://github.com/OmegaT-Project/OmegaT
 cd OmegaT
# OmegaT switched from the ant to the gradlew build system in 2016:
./gradlew clean
./gradlew buildNeeded
./gradlew check
# gradlew check Terminal output should look like this:
# :compileJava UP-TO-DATE
# :processResources UP-TO-DATE
# :classes UP-TO-DATE
# :compileTestJava UP-TO-DATE
# :processTestResources UP-TO-DATE
# :testClasses UP-TO-DATE
# :test UP-TO-DATE
# :check UP-TO-DATE
# :release:WebStart-specific:check UP-TO-DATE
# BUILD SUCCESSFUL
# Total time: 1.053 secs
./gradlew run
 # installed OmegaT version should be 4.0.1 or higher

How to get the eid electronic card reader ACR38U working in Ubuntu 16.04 64-bit

Prerequisites: Ubuntu 16.04.2 LTS 64-bit or newer, newest version of Mozilla Firefox OR newest version of 64-bit Google Chrome browser, pcscd, default-jre, opensc, libacr38u,  libacr38ucontrol0, libacsccid1, libccid

Supported CCID readers:   http://pcsclite.alioth.debian.org/ccid/section.html

Copy-paste all the commands below into a temporary file. Then execute the file as a bash script. The Terminal command to execute this script is similar to “bash name-of-temporary-file”

# add repository for eid-mw and eid-viewer software packages
sudo rm /etc/apt/sources.list.d/eid.list
sudo touch /etc/apt/sources.list.d/eid.list
sudo sh -c 'echo "deb http://files.eid.belgium.be/debian xenial main" >> /etc/apt/sources.list.d/eid.list'
sudo sh -c 'echo "deb http://files2.eid.belgium.be/debian xenial main" >> /etc/apt/sources.list.d/eid.list'
cd $HOME
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 63F7D4AFF6D61D45  A35743EA6773D225   F9FDA6BED73CDC22 3B4FE6ACC0B21F32  4E940D7FDD7FB8CC  A040830F7FAC5991 16126D3A3E5C1192 
sudo DEBIAN_FRONTEND=noninteractive add-apt-repository --yes ppa:gertvdijk/opensc-backports
sudo DEBIAN_FRONTEND=noninteractive apt --yes --force-yes remove --purge beid*
sudo DEBIAN_FRONTEND=noninteractive apt update
sudo DEBIAN_FRONTEND=noninteractive apt install aptitude
sudo aptitude install usbutils pciutils eid-mw eid-viewer apt  firefox pcscd  default-jre  opensc libacr38u libacr38ucontrol0 libacsccid1  libccid libudev-dev libusb-1.0-0 libpcsclite1 libpcsclite-dev pcsc-tools  libnss3-tools ca-certificates
sudo update-pciids
sudo update-usbids
cd $HOME/.mozilla/firefox/*.default
rm extensions*
rm -rf extensions/*
rm addons*
sudo rm -rf /usr/lib/firefox/browser/extensions*
sudo chattr -i prefs.js
cp prefs.js prefs.js.$LogDay.backup
grep -v security.ssl prefs.js > prefs.js.nossl.1
grep -v security.tls.version.min prefs.js.nossl.1 > prefs.js.nossl.2
grep -v extensions.enabled prefs.js.nossl.2 > prefs.js.nossl 
echo 'user_pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);' >> prefs.js.nossl
echo 'user_pref("security.ssl.enable_false_start", true);' >> prefs.js.nossl
echo 'user_pref("security.ssl.renego_unrestricted_hosts", "*.be");' >> prefs.js.nossl
# protect Mozilla Firefox v33 or lower against POODLE SSLv3 vulnerability:
echo 'user_pref("security.tls.version.min", "1");' >> prefs.js.nossl
cp prefs.js.nossl prefs.js
# Change on ISO date 2017/05/25:
# Ensure Mozilla Firefox cannot change new prefs.js contents when closing Mozilla Firefox browser window:
sudo chattr +i prefs.js
# install certificates in Mozilla Firefox:
cd ~/.mozilla/firefox/*.default
rm *.crt
rm *.db
wget --no-check-certificate  http://certs.eid.belgium.be/belgiumrs.crt
wget --no-check-certificate  http://certs.eid.belgium.be/belgiumrs2.crt
wget --no-check-certificate  http://certs.eid.belgium.be/belgiumrs3.crt
wget --no-check-certificate  http://certs.eid.belgium.be/belgiumrs4.crt
wget --no-check-certificate  http://certs.eid.belgium.be/belgiumrca.crt
wget --no-check-certificate  http://certs.eid.belgium.be/belgiumrca2.crt
wget --no-check-certificate  http://certs.eid.belgium.be/belgiumrca3.crt
wget --no-check-certificate  http://certs.eid.belgium.be/belgiumrca4.crt
# download newest citizen eid certificate:
citizenVERSION=`echo "http://certs.eid.belgium.be/" | wget -O- -i- --no-check-certificate |  hxnormalize -x  |grep citizen|tail -n 1|cut -d"\"" -f2 `
wget --no-check-certificate  http://certs.eid.belgium.be/$citizenVERSION
# download newest foreigner eid certificate:
FOREIGNERVERSION=`echo "http://certs.eid.belgium.be/" | wget -O- -i- --no-check-certificate |  hxnormalize -x  |grep foreigner|tail -n 1|cut -d"\"" -f2 `
wget --no-check-certificate  http://certs.eid.belgium.be/$FOREIGNERVERSION
cd ~/.mozilla/firefox/*.default
certutil -N -d .
certutil -L -d .
# certutil -D -n belgiumrs -d .
certutil -d sql:$HOME/.pki/nssdb -A -t "c,T,C" -n belgiumrs -i belgiumrs.crt
certutil -A -n "belgiumrs" -t "TCPuw,TCPuw,TCPuw" -i belgiumrs.crt -d .
certutil -d sql:$HOME/.pki/nssdb -A -t "c,T,C" -n belgiumrs2 -i belgiumrs2.crt
certutil -A -n "belgiumrs2" -t "TCPuw,TCPuw,TCPuw" -i belgiumrs2.crt -d .
certutil -d sql:$HOME/.pki/nssdb -A -t "c,T,C" -n belgiumrs3 -i belgiumrs3.crt
certutil -A -n "belgiumrs3" -t "TCPuw,TCPuw,TCPuw" -i belgiumrs3.crt -d .
certutil -d sql:$HOME/.pki/nssdb -A -t "c,T,C" -n belgiumrs4 -i belgiumrs4.crt
certutil -A -n "belgiumrs4" -t "TCPuw,TCPuw,TCPuw" -i belgiumrs4.crt -d .
certutil -d sql:$HOME/.pki/nssdb -A -t "c,T,C" -n belgiumrca -i belgiumrca.crt
certutil -A -n "belgiumrca" -t "TCPuw,TCPuw,TCPuw" -i belgiumrca.crt -d .
certutil -d sql:$HOME/.pki/nssdb -A -t "c,T,C" -n belgiumrca2 -i belgiumrca2.crt
certutil -A -n "belgiumrca2" -t "TCPuw,TCPuw,TCPuw" -i belgiumrca2.crt -d .
certutil -d sql:$HOME/.pki/nssdb -A -t "TCPc,TCPc,TCPc" -n belgiumrca3 -i belgiumrca3.crt
certutil -A -n "belgiumrca3" -t "TCPuw,TCPuw,TCPuw" -i belgiumrca3.crt -d .
certutil -d sql:$HOME/.pki/nssdb -A -t "c,T,C" -n belgiumrca4 -i belgiumrca4.crt
certutil -A -n "belgiumrca4" -t "TCPuw,TCPuw,TCPuw" -i belgiumrca4.crt -d .
certutil -d sql:$HOME/.pki/nssdb -A -t "c,T,C" -n $citizenVERSION -i $citizenVERSION
certutil -A -n $citizenVERSION -t "TCPuw,TCPuw,TCPuw" -i $citizenVERSION -d .
certutil -d sql:$HOME/.pki/nssdb -A -t "c,T,C" -n $FOREIGNERVERSION -i $FOREIGNERVERSION
certutil -A -n $FOREIGNERVERSION -t "TCPuw,TCPuw,TCPuw" -i $FOREIGNERVERSION -d .
sudo mkdir /usr/share/ca-certificates/extra
sudo cp *.crt /usr/share/ca-certificates/extra/
sudo dpkg-reconfigure ca-certificates
sudo certutil -d sql:$HOME/.pki/nssdb -A -t "c,T,C" -n ca-certificates.crt  -i /etc/ssl/certs/ca-certificates.crt
certutil -A -n ca-certificates.crt -t "TCPuw,TCPuw,TCPuw" -i /etc/ssl/certs/ca-certificates.crt -d .
certutil -L -d .
cd
# add support for Google Chrome browser (64-bit):
modutil -dbdir sql:.pki/nssdb -add "Belgium eID" -libfile /usr/lib/x86_64-linux-gnu/libbeidpkcs11.so.0
modutil -dbdir sql:.pki/nssdb/ -list
# no eid extensions/addons should be installed in Mozilla Firefox or Google Chrome.

Manually replace the security.ssl.renego_unrestricted_hosts name value *.be in about:config,  if you want to authenticate on a DIFFERENT site than www.cm.be or test.eid.belgium.be

Download Belgium Root CA, CA2, CA3 and CA4 certificates here:

http://repository.eid.belgium.be/certificates.php?cert=Root&lang=en

Import Belgium Root CA, CA2, CA3 and CA4 certificates into Firefox.

The Belgium Root certificates are required if you want to use the applications of the FSP Finance (Belcotax, Intervat, Finprof, etc.).

Before you begin, make sure your electronic identity card is in the card reader. Then go to following location in Mozilla Firefox browser:

Viewing certificates
For Linux: Go to Edit > Preferences > Advanced > Encryption and click ‘View certificates’.
Check-marking certificates

Find the Belgium Root CA certificate and click the line below the arrow.
Click ‘Edit…’.
Check ALL three boxes.
Click ‘OK’.

Perform the same steps for the CA2, CA3 and CA4 certificates as well.

Ensure that there are absolutely NO add-on EXTENSIONS installed in the Mozilla Firefox and 64-bit Google Chrome webbrowsers.

The add-on PLUGINS like Citrix Receiver for Linux,OpenH264 and Shockwave Flash plugins can remain active in Mozilla Firefox, as they do not seem to interfere with the eid card reader.

Test eid card reader here using the Mozilla Firefox webbrowser:

http://test.eid.belgium.be/


===============================================================================