A few weeks back, I learned that some government webinterfaces require users to download a PDF files, sign them with their eID, and upload the signed PDF document. On Linux, the only way to do this appeared to be to download Adobe Reader for Linux, install the eID middleware, make sure that the former would use the latter, and from there things would just work.
Except for the bit where Adobe Reader didn't exist in a 64-bit version. Since the eid middleware packages were not multiarch ready, that meant you couldn't use Adobe Reader to create signatures with your eID card on a 64-bit Linux distribution. Which is, pretty much, "just about everything out there".
For at least the Debian packages, that has been fixed now (I still need to handle the RPM side of things, but that's for later). When I wanted to test just now if everything would work right, however...
... I noticed that Adobe no longer provides any downloads of the Linux
version of Adobe Reader. They're just gone. There is an
ftp.adobe.com containing some old versions, but nothing more recent
than a 5.x version.
Well, I suppose that settles that, then.
Regardless, the middleware package has been split up and multiarchified, and is ready for early adopters. If you want to try it out, you should:
- run
dpkg --add-architecture i386if you haven't yet enabled multiarch - Install the eid-archive package, as usual
- Edit
/etc/apt/sources.list.d/eid.list, and enable thecontinuousrepository (that is, remove the#at the beginning of the line) - run
dpkg-reconfigure eid-archive, so that the key for the continuous repository is enabled - run
apt-get update - run
apt-get -t continuous install eid-mwto upgrade your middleware to the version in continuous - run
apt-get -t continuous install libbeidpkcs11-0:i386to install the 32-bit middleware version. - run your 32-bit application and sign things.
You should, however, note that the continuous repository is named so
because it contains the results of our continuous integration system;
that is, every time a commit is done to the middleware, packages in this
repository are updated automatically. This means the software in the
continuous repository might break. Or it might eat your firstborn. Or it
might cause nasal
daemons. As such,
FedICT does not support these versions of the middleware. Don't try the
above if you're not prepared to deal with that...
Talk about timing! I downloaded the last Reader debs (9.5.5) not even a week ago, and now the Linux platform has vanished entirely.
Unfortunately there are still some classes of PDFs (primarily those using Adobe proprietary features) that can only be used properly with Adobe's viewer, so my users will be stuck with this package for a bit longer...
Canonical's partner archive still has debs for older releases (up to 13.04). Not sure whether those install cleanly on Debian, haven't tried.