Sentinel® LDK and Sentinel HASP® Run-time Environment DEB Installer for Linux: Readme

Version 7.60

July 2017

This document describes installation of the Run-time Environment for Sentinel LDK and Sentinel HASP, using DEB under the supported Ubuntu and Debian operating systems. ("Sentinel LDK" is the next generation of the Sentinel HASP system.)

The following topics are discussed:

Operating Systems Supported

The operating system versions listed in this section were tested by Gemalto and verified to be fully compatible with Sentinel LDK. Older operating system versions are likely to be fully compatible as well, but are not guaranteed. For reasons of compatibility and security, Gemalto recommends that you always keep your operating system up to date with the latest fixes and service packs.

Back to Topics

Installing the Run-time Environment

Warning: If you downgrade the Run-time Environment from LDK 7.5 to a previous version, license storage may become inaccessible. Licenses may be missing, and commands will fail with the HASP_DEVICE_ERR error. To recover, reinstall the latest Run-time Environment, although this may cause some licenses to be marked as "cloned".

Perform the following steps to install the Run-time Environment for Sentinel LDK or Sentinel HASP:

  1. (For x64 distributions) Manually install the 32-bit support libraries (x86 compatibility packages) provided by your Linux distribution. For example: For Debian or Ubuntu, use the command:
    apt-get install ia32

    Note: You can use the script install_32bit_compatibility_package_for_x64.sh to install 32-bit support libraries. You can download this script from the Sentinel Customer Community Downloads page. Use chmod to add execute permissions to the script.


  2. Disconnect your HASP HL key (if any) from the computer.


  3. Open a terminal window and navigate to the directory containing the downloaded installation file.


  4. As root, enter the following command:


  5. Reconnect the HASP HL key.

    Note: At this point, for older HASP HL keys, the firmware on the HL key may be automatically upgraded. During the upgrade process, the key will blink continuously. Do not remove the key while it is blinking. If you remove the key too soon, the key may no longer be visible in Admin Control Center. If the key is not visible, or if the upgrade does not occur, refer to "Upgrading HASP HL Key Firmware" below.

For additional information, see “2.17 - Upgrading Sentinel LDK Run-Time Environment (RTE) Installer” in the Sentinel EMS Configuration Guide.

Back to Topics

Uninstalling the Run-time Environment

Do the following if you want to uninstall the Run-time Environment:

Back to Topics

Enhancements and Issues Resolved in This Release

Enhancements

Reference Description
SM-1286

You can now enter the URL to access Sentinel EMS in your Web browser without changing the EMS URL to lowercase.
SM-901

Admin Control Center (under Windows) can now display and apply updates to local SL UserMode keys. (Session information and certificate information for SL UserMode keys is not displayed.)

SM-4237

To display SL UserMode keys in Admin Control Station, License Manager runs an additional process (hasplmv) on the machine. If you are willing to accept that SL UserMode keys will not be displayed, you have the option to prevent hasplmv from executing by clearing the relevant check box on the Configuration page in Admin Control Center.
SM-6525

In the past, Admin Control Center and Admin API provided a configuration parameter that determined whether a remote user could access and perform actions in Admin Control Center. However, this parameter did not control remote access to Admin API.
Now, the parameter Allow Remote Access to ACC and Admin API (in Admin Control Center) and the tag <accremote> (in Admin API) control remote access to both Admin Control Center and Admin API.

Issues Resolved

Reference Description
SM-515 It was possible to rehost a cloned license to another machine.
SM-518

The Diagnostics report in Admin Control Center (Diagnostics > Generate Report) displays information on "Recent Clients" and "Recent Users". Each entry contained a time stamp but not a date stamp. The report has been corrected to display both a time stamp and a date stamp for each entry.
SM-552

On Linux and Mac machines, Admin Control Center would fail to download additional languages when the user clicked the More Languages option.
SM-942

Under certain circumstances, Sentinel LDK License Manager Service would crash. The exception code would map to STATUS_STACK_OVERFLOW in __chkstk API.

SM-6102

When building a Run-Time Environment installer using Wix, an error message similar to the following was generated:
Invalid product version '7.53.1.66350' in package HASP_Setup.msi'. When included in a bundle, all product version fields in an MSI package must be less than 65536.
This error no longer occurs.
SM-507

When an end user would unpack a Run-time Environment that was configured for the user by Sentinel EMS, the following warning was displayed:
A lone zero block at 21242
This issue did not interfere with the functionality of the Run-time Environment.
SM-555

When started, the License Manager would display warning messages similar to:
warning: maximal mount count reached, running e2fsck is recommended

There are no functionality issues related to these warning messages.
These messages would be seen at system boot time or in /var/log/kern.log.
SM-3687

A number of issues would occur under Arch Linux-2017.01.01-X64:

  • Installation of the Run-time Environment would fail. Execution of aksusbd-7.51.1-i386/dinst would fail with the message: “Unsupported init script system”
  • The fingerprint for an SL UserMode license could be fetched successfully. However, when installing a V2C file for the license, the Licensing API would generate the message: error 43.
  • A Sentinel HL (Driverless configuration) key can be used successfully with the Licensing API. However, when the key contains a license with concurrency, the Licensing API generates “error 80” (because the License Manager Service cannot be installed on the system).
SM-9496

The License Manager and API no longer change the CPU affinity mask to force the process to run on all CPUs. They now keep the default affinity that was set at the process startup.
SM-9755

When operated under Wine, Sentinel License Generation API was not communicating correctly with the Master key. The following message was displayed: error `communication with Master Key failed: Master Key might not be present'

Back to Topics

Revision History

Enhancements in Version 7.55

Reference Description
SM-4748

Sentinel Admin Control Center can now be used to configure the License Manager for the following additional considerations:

  • Allow specific named users to access specific Batch Codes, protection keys (haspID), or Product IDs.
  • Use the "*" wildcard character for IP and hostname.
  • Use subnet mask notation (for example: 172.18.8.0/21) for IP addresses

For more information, see "Configuring User Settings" in the Admin Control Center online help.

Issues Resolved in Version 7.55

Reference Description
SM-4942

Various crash conditions in the License Manager that could be used for denial-of-service attacks or privilege-escalation attacks have been resolved.
SM-7748

When a user issues a "detach license" request from a remote Admin Control Center, the user name cannot be included in request. As a result, User Restrictions (defined in ACC on the license server machine) that are based on the user name are handled as follows:

  • “allow” user restrictions that are based on a specific user name are not applied because the user name is not available to the License Manager on the license server. If a different restriction such as deny=all@all is also specified, the detach request will be denied.
  • If any “deny” user restriction that is applicable for the request in all respects other than username exists, that restriction is applied even if the user name specified in the restriction does not match. For example: If the detach request was sent from a machine with the hostname host123, and a user restriction has been specified deny=skr@host123 on the license server machine, the detach request is denied even the user requesting the detach has a different username.

Sentinel Admin Control Center online help has been updated to describe these limitations.

Enhancements in Version 7.54

Reference Description
SM-884

When a Sentinel EMS user performs an action in a Java-free Web browser that affect Sentinel protection keys in Sentinel EMS Vendor Portal or Customer Portal,  the user would get the following message: “Either Runtime is not installed or the EMS portal URL is not configured in ACC. Download the Latest Runtime Installer (EXE / DLL)”. This message appears when the installed RTE is not configured to communicate with the Sentinel EMS machine. Until now, this configuration had to be performed manually.

Now, when a user installs RTE 7.54 (or later) that was rebranded by Sentinel EMS 7.5.4 (or later), the installed RTE is already configured as required. No manual configuration is required.

Issues Resolved in Version 7.54

Reference Description
SM-552

In Sentinel Admin Control Center on a Linux machine, when a user would click "More Languages", Admin Control Center would not contact the Gemalto server to search for available language packs.

Issues Resolved in Version 7.51

Reference Description
LDK-16443

Given the following circumstances:

  • A V2C file was applied to a new SL AdminMode license on a given machine.
  • The same V2C was applied a second time to the license.

Instead of generating an error message and rejecting the update, the License Manager would generate the error message and then remove the original SL AdminMode license from the machine. (The license would be restored when the License Manager was restarted.)

Issues Resolved in Version 7.50

Reference Description
LDK-13136 Sentinel Licensing API would identify a Max Micro key as a Max key under certain circumstances.
LDK-13455

Given the following circumstances:

  • A license server machine and the recipient machine are in different time zones
  • A detachable license is transferred online from the server to the recipient machine.
The detached license would expire earlier than expected.
LDK-13926 The branded RTE Installer that is generated by Sentinel EMS did not copy the haspvlib correctly to /var/hasplm/. As a result, when hasp_update attempted to apply a V2C file, error 48 was generated.
LDK-14274

Given the following circumstances:

  • An SL AdminMode or SL Legacy license is located on a physical machine.
  • From a remote VM, hasp_get_info() is called to fetch values of the "disabled" and "usable" tags for the SL license.
The incorrect values disabled=true and usable= false were returned.
LDK-14280 HASP HL keys are not recognized correctly by the License Manager when keys from two or more vendors are connected to a given machine.
LDK-14805 The Run-time Environment did not support RAID controllers that create symbolic links as \Device\RaidPort.
LDK-15306 On the Diagnostics page of Admin Control Center, the Requests counter would count a request to local licenses as a remote request.
LDK-15307

Given the following circumstances:

  1. SL Legacy licenses from two different vendors were present on a machine.
  2. The license from one of the vendors is removed.
  3. The License Manager service is restarted.
The remaining SL Legacy license was no longer visible in Admin Control Center.
LDK-16113 When a V2C file to clear the “cloned” status of an SL Legacy license was applied, The “clear clone” operation was not applied correctly until the user restarted the machine.

Enhancements in Version 7.40

Reference Description
LDK-7237 Under certain circumstances, Admin Control Center would continue to show active sessions for an HL key after all sessions had logged out of the key.
LDK-8994 In Admin Control Center on Linux platforms: When the user clicked Show Recent Client Access on the Access From Remote Clients tabbed page, the user/hostname was not displayed.
LDK-10273 Admin Control Center would allow a license to be detached even though the termination date for the detach was invalid.
LDK-10564 The Vendor ID of a Master key was not the same in Admin Control Center pages and in diagnostic reports.
LDK-11825 Admin Control Center was not able to display an invalid HL key. Now such a key is visible in Admin Control Center with an indication that the key is not valid.
LDK-12040 Admin Control Center did not function correctly in the Konqueror browser if the Konquerors page cache was enabled.

Issues Resolved in Version 7.40

Reference Description
LDK-7237 Under certain circumstances, Admin Control Center would continue to show active sessions for an HL key after all sessions had logged out of the key.
LDK-8994 In Admin Control Center on Linux platforms: When the user clicked Show Recent Client Access on the Access From Remote Clients tabbed page, the user/hostname was not displayed.
LDK-10273 Admin Control Center would allow a license to be detached even though the termination date for the detach was invalid.
LDK-10564 The Vendor ID of a Master key was not the same in Admin Control Center pages and in diagnostic reports.
LDK-11825 Admin Control Center was not able to display an invalid HL key. Now such a key is visible in Admin Control Center with an indication that the key is not valid.
LDK-12040 Admin Control Center did not function correctly in the Konqueror browser if the Konquerors page cache was enabled.

Enhancements in Version 7.32

Reference Description
LDK-6934 Sentinel LDK Run-time Environment now supports the Sentinel HL Drive microSD key (patent pending). This key has been tested with the following microSD cards:
  • Sandisk: 16 GB, 64 GB
  • Transcend: 16 GB, 64 GB
  • Toshiba: 32 GB
  • Samsung: 64 GB
  • Kingston: 64 GB, 256 GB, 512 GB

Issues Resolved in Version 7.32

Reference Description
LDK-9325 Given the following circumstances:
  • An SL key contains a Feature that allows concurrency but does not allow virtual machines.
  • The SL key is installed on a physical machine.
When the SL key is displayed in Admin Control Center on a second physical machine, the Feature is shown as "disabled". However, a protected application that includes that Feature operates correctly.
LDK-8862 When attempting to access a remote License Manager, Sentinel Admin API would return the incorrect error code SNTL_ADMIN_LM_NOT_FOUND (6002).
LDK-7237 Given the following circumstances:
  1. A license with concurrency is installed on a Sentinel protection key. The count criteria is "Per Login".
  2. Protected applications that consume seats from the license are started.
  3. While the applications are active, the license is updated to change the count criteria (for example, from "Per Login" to "Per Process").
  4. One or more protected applications are closed.
The Login count for the license would no longer match the number of actual applications active.

As part of the resolution for this issue, when the count criteria for a network license is modified, all active sessions are automatically terminated.

Enhancements in Version 2.5.1

Reference Description
LDK-4468

The template for customizing entries for the Access log in Sentinel License Manager has been enhanced.

  • A new log element (functionparams2) is available.
  • Tags for special characters that could not be used in the template until now are provided.
  • Existing elements (sessioncount, logincount, loginlimit) that did not provide reliable results have been corrected.
  • The following events are now logged correctly: session timeout, orphaned session logout, manual disconnect, AdminAPI disconnect.

In addition, the template is now used for log entries generated by Embedded License Managers and External License Managers.

For information on the log template, see the Edit Log Parameters screen and related help screen in Admin Control Center. (Click the Edit Log Parameters button from the Configuration - Basic Settings screen.)
LDK-735

Admin Control Center now enables the user to generate a C2V file without the requirement of installing the RUS utility. This is supported for Windows, Mac and Linux platforms. The following limitations apply:

  • HL Basic keys are not supported.
  • C2V files fetched from HASP HL and Sentinel HL (HASP Configuration) keys will not work with Business Studio.
The C2V file can be generated for locally-connected Sentinel HL, HASP HL, and SL AdminMode keys.
LDK-5113 Stack usage in Sentinel Licensing API has been optimized. The vendor can use the maximum stack size. Sentinel Licensing API limits its stack usage to the minimum possible.

Issues Resolved in Version 2.5.1

Reference Description
LDK-7900 The aksusbd daemon would crash when a defective Hardlock key was connected to the platform.

Back to Topics

Known Issues - Run-time Environment

Reference Description
140898 Under the Linux operating system, Sentinel License Manager does not support the IPV6 network protocol.

Back to Topics

Resuming a Suspended Application

If the Sentinel HL key for a running application is disconnected, the application is suspended. When the key is re-attached, the application resumes, but it goes into the background. The application can be brought to the foreground using one of the shell built-in "fg" from the same terminal from where application had been launched.

Do the following to bring a background application to the foreground:

  1. List your background running jobs using command "jobs".
  2. Choose your job ID.
  3. Enter the following command to bring the application to the foreground: fg <%jobId>

Upgrading HASP HL Key Firmware

The HASP HL Key Firmware has been modified to support future planned security enhancements in Sentinel LDK and Sentinel HASP. Sentinel LDK and Sentinel HASP automatically upgrade the Firmware on HASP HL keys from v.3.21 to the latest version (v.3.25). This occurs:

(You can determine the Firmware version of your HL key by viewing the key on the Sentinel Keys page of the Admin Control Center.)

For HL keys with Firmware earlier than v.3.21, the upgrade does not occur automatically. Customers can upgrade the Firmware to v.3.25 by applying the Firmware Update V2C provided on the Sentinel HASP or Sentinel LDK Installation DVD v.5.0 and later.

During the Firmware upgrade, the relevant key will start to blink. Do not remove the key while it is blinking. If you remove the key too soon, the key may no longer be visible in Admin Control Center.

Note: In the event the key is no longer visible using the Linux Run-time Environment, do the following on a Windows computer:

  1. Install the Run-time Environment using the enclosed installer script.
  2. Connect the HL key.
  3. Run the application FirmwareUpdate.exe, located on the DVD in \Windows\Installed\Redistribute\Firmware Update\.

    4. The HL key is upgraded to v.3.25 Firmware and will now be visible in the Linux Admin Control Center.

Back to Topics


© Gemalto 2017. All rights reserved. Gemalto, the Gemalto logo, are trademarks and service marks of Gemalto and are registered in certain countries.

DocID 154 Revision 1707-1