Since about a month, I've been working for a customer whose customer is FedICT, and am now helping out with maintaining the official software for the Belgian electronic ID card (eID). One of the first things I did was revamp the way in which the official Linux binaries are built and distributed, and also made work of the (somewhat overdue) new release for Linux.
Previously, the website contained downloadable packages for a number of distributions: two .deb files (one for i386 and one for amd64, for all .deb-based distributions), and a number of RPM files (one each for fedora 15, 16, and red hat enterprise 5, also for both architectures).
The builds as well as the supported distributions were somewhat outdated. This was a problem in and of itself, as eID cards issued since March 2014 are signed by the new government CA3 certificate rather than the older CA2 one, which required minor updates for the middleware to work. Since the Linux packages available on the website predated the required change, they wouldn't work for more recent cards.
Moreover, the actual distributions that were supported were also outdated—Fedora 16 hasn't been supported in over a year by the Fedora project, for instance—and there was a major gap in our list of supported distributions, in that openSUSE RPMs were not provided.
If you check out the install on Linux pages now, however, you'll see that the installation instructions have been changed somewhat. Rather than links to packages to install, we now pass you an 'eid-archive' package that you can install; this package adds relevant configuration for your distribution, after which you can install the packages you need—eid-mw for the PKCS#11 library and the firefox and chrome plugins; eid-viewer for the graphical viewer application to view and possibly print data from your id card.
Apart from the fact that there are now repositories rather than just single-file downloads, the repositories (and in case of RPM packages, the RPM files themselves) are now also signed with an OpenPGP key. Actually, they are signed with two OpenPGP keys; the first one is for officially released builds (i.e., builds that have seen some extensive testing before they were deemed "working"), while the second one is for automatic builds that are generated through a continuous integration system after each and every commit. These untested packages are also in a separate repository that is disabled by default. In addition, there's also support for openSUSE now—which required more work than I expected, but wasn't a major problem.
Enjoy!
(for clarity: while I now work at FedICT, there's an obvious reason why I'm publishing this on my blog and not on any .belgium.be website—don't assume this is an official Belgian message or anything...)
Wouter, nice to see some more progress on the linux front for EID. I ran into a bit of trouble a couple of days ago though with the repo information not being correct. So i couldn't get a list of available packages in yum. I tried to communicate this to Fedict (takes some searching as there is no obvious place to report technical issues), but i'm not sure it has been picked up as i didn't receive any reply to my "ticket".
I have no idea if you still work on eid or have any influence in the matter, but maybe you can get the repo filelist redone. That way the packages should show up in the package manager, instead of having to get them manually from the repo. It's for both FC19 and FC20, the continuous branch seemed to have correct repo information.
Thank you for improving linux support.
@Samuel - your ticket (or at least a ticket saying the same thing) did reach my desk, yes. It was a stupid mistake on my end due to having to do too many things manually and forgetting a step. In that light, see my most recent blog post
I've fixed the issue today; if you try again, it should Just Work(TM) now.