FS#52732 - [gnupg] OpenPGP smartcard not recognized anymore in 2.1.18-1
Attached to Project:
Arch Linux
Opened by Julien (ganymede) - Friday, 27 January 2017, 14:55 GMT
Last edited by Gaetan Bisson (vesath) - Saturday, 18 February 2017, 17:19 GMT
Opened by Julien (ganymede) - Friday, 27 January 2017, 14:55 GMT
Last edited by Gaetan Bisson (vesath) - Saturday, 18 February 2017, 17:19 GMT
|
Details
Description:
After upgrading core/gnupg to the latest version (gnupg-2.1.18-1), my OpenPGP smartcard is not recognized anymore ("No such device"). Reverting to the previous version (gnupg-2.1.17-4) makes it work again. Since I access my smartcard via pscscd (PCSC-Lite), I double-checked that pcscd.service was running and pcscd.socket was listening. I also tried to access my smartcard directly (libusb-compat is installed on my system), by stopping pcscd.service and pcscd.socket, but it didn't change anything. Downgrading to gnupg-2.1.17-4 solves the problem. Additional info: * package version(s) : Arch Linux x86_64 core/gnupg-2.1.18-1 community/pcsclite 1.8.20-1 community/ccid 1.4.25-1 extra/libusb-compat 0.1.5-1 Gemalto USB Shell Token v2 + OpenPGP card v2.0 * config and/or log files etc. : $ LANG=C gpg --card-status gpg: selecting openpgp failed: No such device gpg: OpenPGP card not available: No such device Steps to reproduce: Upgrade core/gnupg to the latest version (gnupg-2.1.18-1) |
This task depends upon
Closed by Gaetan Bisson (vesath)
Saturday, 18 February 2017, 17:19 GMT
Reason for closing: Fixed
Additional comments about closing: gnupg-2.1.18-2 in [testing]
Saturday, 18 February 2017, 17:19 GMT
Reason for closing: Fixed
Additional comments about closing: gnupg-2.1.18-2 in [testing]
https://bbs.archlinux.org/viewtopic.php?id=222401
https://bugs.gnupg.org/gnupg/issue2933
I am using a gemalto shelltoken with USB ID 08e6:3438.
> The new scdaemon does NOT get along with pcscd anymore.
> There is a race condition for which one opens the Yubikey device first.
> Normally pcscd opens the device first, after which scdaemon refuses to
> use the device. Occasionally, scdaemon would open the device first and
> things would work as expected.
> A work around for many people is to remove the pcscd package from
> your system. If you don't require the PIV-card features of the Yubikey
> (you are just using the PGP-card, U2F, and OTP features), then removing
> pcscd will allow scdaemon to reliably get ownership of the device.
and the solution is to
> ------------------- .gnupg/scdaemon.conf
> disable-ccid
> -------------------
It is a configuration need to ultimately avoid the race condition, and not
just a workaround, for anyone who only uses PC-SC, it is recommended to
disable ccid.
But another core smartcard developer, NIIBE Yutaka, said in specifically
this case:
> I think that I enbugged scdaemon.
scdaemon used to call PC-SC later on, if builtin ccid found nothing. But
this feature was accidentally removed in 2.1.18. Yutaka have writte a patch
to fix it, available at:
https://anonscm.debian.org/cgit/pkg-gnupg/gnupg2.git/commit/?id=cd2ad84410ba2045338a30a15c1caa145335c445
Just include this patch and make GnuPG work again. It is nice to also have
https://anonscm.debian.org/cgit/pkg-gnupg/gnupg2.git/commit/?id=c7013c262bd36dcff4fdbdf6f12475855cc20e4c
for NitroKey/YubiKey udev updates.
Source: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852702