Beid card reader on FreeBSD

So I’ve got to fill in my taxes, and to do this in Belgium, we need to use our ID card. Well we can use a phone app too, but to use this app we have to register… using our ID card… ¯\_(ツ)_/¯

Last time I tested, this didn’t work well on FreeBSD, but I didn’t look too much into it and perhaps things changed since then. Also, like always, I refuse to do this on another OS where I know it works, that would be far too easy!

So we should install the PC/SC-Lite architecture to be able to read the cards and the beid middleware so we can use the card. Fortunately, beid is in the ports so we can just install it:

pkg install beid

This will also install pcsc-lite. The package messages tell us that we must:

  • Install drivers for the card reader
  • Hack around devd to let the PC/SC Smart Card daemon recognize it
  • Mount procfs
  • Install the eID Belgium extension if you use Firefox (I’ll also explain how to install it in Chromium)
  • Don’t trust your government

Let’s do just all of that!

Install drivers for the card reader

My card reader is a DunnoWhat-Random-USB-Card-Reader, perhaps devel/libccid should do? For some reason, this is not available in the packages but only via ports:

cd /usr/ports/devel/libccid
make install clean

Does the card reader read cards?

Does it work tho? Let’s find out!

$ usbconfig
ugen0.6: <SCM Microsystems Inc. SCR35xx v2.0 USB SC Reader> at usbus0, cfg=0 md=HOST spd=FULL (12Mbps) pwr=ON (100mA)

So our card reader is on the USB port ugen0.6. We run pcscd to see if it’s detected properly:

$ pcscd --info --color --foreground
00000155 [34366794240] ccid_usb.c:660:OpenUSBByName() Found Vendor/Product: 04E6/5410 (SCM Microsystems Inc. SCR 355)

Sweet, so it appears to be detected and working with CCID. However if I run eid-viewer, it doesn’t work. Looking at pcscd info, it looks like the power up of the card failed:

00000011 [34375102464] ifdhandler.c:1221:IFDHPowerICC() PowerUp failed

Searching a bit over the internet, I’ve found this bug report and it seems that we have to tweak the CCID driver a little.

Edit /usr/local/lib/pcsc/drivers/ifd-ccid.bundle/Contents/Info.plist and search for <key>ifdDriverOptions</key>. By default it is set to 0x0000 which, if you read the description belows, means that it tries to power on the card at 5V, then 1.8V then 3V. But apparently this doesn’t work with my particular card reader. Instead I let the card reader decide, change the value to 0x0030:


Restart pcscd (pcscd --info --color --foreground) and try the card again (eid-viewer). In my case, I can see my card details, so I believe this means that the card reader is working well.

Hack around devd

First, let’s enable pcscd at boot in /etc/rc.conf with pcscd_enable="YES".

Now we need to configure devd as described by the pcsc-lite package message (pkg info -D pcsc-lite). Add this to /etc/devd.conf:

attach 100 {
        device-name "ugen[0-9]+";
        action "/usr/local/sbin/pcscd -H";

detach 100 {
        device-name "ugen[0-9]+";
        action "/usr/local/sbin/pcscd -H";

The -H option is to re-read some configuration files in case of a non-USB reader. You can probably remove them.

Now let’s restart everything we need and check that it still works:

$ service devd restart
$ service pcscd restart

Check that it works with the eid-viewer.

Mount procfs

It’s probable that you already have procfs mounted because it’s needed by a lot of other ports. But if you didn’t, just add this line to /etc/fstab

proc /proc procfs rw,late 0 0

and then just mount procfs.

Install the eID Belgium extension (for Firefox)

If you use Firefox, you are looking for this extension. It should work after you have restarted Firefox.

Get it to work in Chromium

On Chromium there is no extension, instead we work directly with NSS. For beid, the process is straightforward since they provide a script to install the necessary module in NSS. Go in your home directory and start the command beid-update-nssdb. Then restart chromium completely and it should work.

Alternatively you can adapt this post which explains how to manually update nssdb on Ubuntu. You would have to adapt this to FreeBSD and also use this library /usr/local/lib/ instead of libcac.

Don’t trust your government

You do this.

Chromium on FreeBSD

Good news everyone! Chromium is now perfectly usable on FreeBSD.
The longstanding hanging tab bug has been resolved. See also PR 212812 and this this FreeBSD forum post.

This was fixed in r337328 but is not yet available in 11.2-RELEASE. Fortunately there are temporary fixes too that you can use while waiting for the patch to be included in the next release.

First add this line to /etc/sysctl.conf:

Second use a memory backed filesystem for the chromium cache. A script to do so was included in the chromium package, but it has since been removed now that a proper fix is coming in.

But if you want to do this manually, first ensure that ~/.cache/chromium directory exists and is empty. Then in /etc/fstab add this line with $USER changed accordingly:

md /home/$USER/.cache/chromium mfs rw,late,noatime,noexec,nosuid,-w$USER:$USER,-s300m 2 0

This will mount the chromium cache path on an UFS partition over a memory backed virtual disk.

I’ve been testing this for several days now and it works like a charm. Don’t forget to remove this workaround when you are past r337328 though.

Disable XF86Back/Forward

Real ThinkPad keyboards (not this monstruous ignominy) have directly accessible keys for XF86Back and XF86Forward. That is really problematic with web browsers such as Firefox or Chromium since pressing those keys transparently go back or forward into your history, discarding anything you were typing in the process, including that 3 hours long bug report you were just about to submit. That’s rather annoying, to say the least.

Some other blog post suggest to simply disable them with xmodmap. That is in ~/.xmodmaprc (or whatever it is you use):

keycode 166 = NoSymbol
keycode 167 = NoSymbol

I personally prefer to remap them to Next/Prior keys. Having these near the navigation keys might come up handy:

keycode 166 = Next
keycode 167 = Prior

That’s on Linux though, on FreeBSD the keycodes are 233 and 234:

keycode 233 = Next
keycode 234 = Prior

Anyway use the xev command and xmodmap -pke to find the keycodes and remap them to any other interesting key symbol.

Chromium won’t start

Since several weeks now I had a problem with chromium. The web browser segfaulted on launch until I ran xfsettings. This daemon configures desktop settings for the xfce desktop. It listens to xfconf and uses the xsettings protocol to propagate configuration changes on-the-fly. So you can use xfce4-settings-manager and rely on the xfce configuration mechanism to change your desktop settings nicely. Actually I used that to easily change the GTK and icon themes.

This is great for fully integrated desktop environment as it gives you a shiny graphical interface that “just works”. However it doesn’t work so much when you modify much of your configuration by hand.

For example, I use a script which listens to changes in the VGA output port and uses xrandr to setup the screen accordingly. But no matter what, if I start xfsettingsd after the initial configuration, it resets everything to whatever xfce thinks my screen configuration should be. And since I didn’t told him, it has no clue. The same apply for the keyboard, for which I use the device name to select the layout (dvorak/azerty/qwerty). The daemon just resets the layout, and worst of all, enables numlock. But again, it has no clue.

So I decided not to use xfsettings anymore. But as soon as I did that, the chromium web browser did not want to start. It even segfaulted, which is bad, but anyway. I guess the problem was a misconfigured gtkrc (well… xfce wasn’t there to hold my hand anymore) which for some reason made chromium go completely nuts. So I fixed this by using LXAppearance to generate a more complete gtkrc which I modified by hand aftewards.

In fact, the actual problem was the gtk-font-name that missed an explicit font family. In other words, in my gtkrc,  I had this:


Which I changed to this:

gtk-font-name="Droid Sans 8"

Default applications with GTK-3, Chromium and beyond

Today I was surprised to see a GTK-3 application opening an HTTP URL with Opera. I don’t use  Opera and I just installed by curiosity long ago and forgot about it.  I configured the Debian alternatives however GTK-3 seems to use xdg-mime as confirmed with an strace of the concerned application and references to /usr/share/applications/defaults.list. Note that you may have to create a symlink for defaults.list to /usr/share/applications/mimeapps.list.

You can use the xdg-mime command to configure the default application for each protocol:

$ xdg-mime default chromium.desktop x-scheme-handler/http
$ xdg-mime default chromium.desktop x-scheme-handler/https

You can also configure this manually by editing /usr/share/applications/defaults.list.  Just add these two lines:


In the [Default Application] section. Thunar and Chromium also use this so you can configure them to open PDF and handle Skype calls properly. See:

[Default Applications]

This should do the trick. You can get the list of available MIME types with this command (note that the path depends on the location of the shared-mime-info database):

find /usr/local/share/mime -name "*.xml" -exec cat {} \; |g -E -o "type=\".*\"" | sort | uniq

Otherwise you may also use the dconf-editor from the dconf-tools package or gconf-editor to configure GNOME-2/3 default applications. With gconf you should search the following keys:


With dconf instead you should search for: