[Bug 2061708] Re: Yubikey stopped working after noble upgrade

Julian Andres Klode 2061708 at bugs.launchpad.net
Fri Apr 26 05:23:40 UTC 2024 

I don't recommend running with pcscd, it's much more stable to run with
direct access, but I do not know why it doesn't seem to work for you, it
certainly does for me.

It failing with pcscd is nice, it not telling us why and how to fix it
is bad UX though.

** Changed in: gnupg2 (Ubuntu)
       Status: Confirmed => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg2 in Ubuntu.
https://bugs.launchpad.net/bugs/2061708

Title:
  Yubikey stopped working after noble upgrade

Status in Arch Linux on Launchpad:
  Fix Released
Status in gnupg2 package in Ubuntu:
  Triaged
Status in pcsc-lite package in Ubuntu:
  Invalid

Bug description:
  In Ubuntu 22.04 I used by GPG key stored on a Yubikey smart card, but
  since upgrading to Noble I get the following trying to access it.

  $ gpg --card-status
  gpg: selecting card failed: No such device 
  gpg: OpenPGP card not available: No such device

  If I run this as root it works:

  $ sudo gpg --card-status
  Reader ...........: 1050:0407:X:0
  Application ID ...: D2760001240100000006090826160000
  Application type .: OpenPGP
  Version ..........: 2.1
  Manufacturer .....: Yubico
  Serial number ....: XXXXXXXX
  Name of cardholder: [not set]
  Language prefs ...: [not set]
  Salutation .......: 
  URL of public key : [not set]
  Login data .......: [not set]
  Signature PIN ....: not forced
  Key attributes ...: rsa4096 rsa4096 rsa2048
  Max. PIN lengths .: 127 127 127
  PIN retry counter : 10 0 10
  Signature counter : 1172
  UIF setting ......: Sign=off Decrypt=off Auth=off
  Signature key ....: <redacted>
        created ....: <redacted>
  Encryption key....: <redacted>
        created ....: <redacted>
  Authentication key: [none]
  General key info..: [none]

  If I manually run pcscd.service then it stops working both as root and
  a user.

  $ sudo pkill -9 scdaemon
  $ sudo systemctl start pcscd.service
  $ gpg --card-status
  gpg: selecting card failed: No such device
  gpg: OpenPGP card not available: No such device
  $ sudo gpg --card-status
  gpg: selecting card failed: No such device
  gpg: OpenPGP card not available: No such device

  It might be worth mentioning I'm accessing the machine over SSH, so I
  also did experiment with a polkit rule like this:

  polkit.addRule(function(action, subject) {
      if (action.id == "org.debian.pcsc-lite.access_card" &&
          subject.isInGroup("sudo")) {
          return polkit.Result.YES;
      }
  });
  polkit.addRule(function(action, subject) {
      if (action.id == "org.debian.pcsc-lite.access_pcsc" &&
          subject.isInGroup("sudo")) {
          return polkit.Result.YES;
      }
  });

  Added into /etc/polkit-1/rules.d/99-pcscd.rules and then reloading
  polkit.service in case this was a polkit issue, but this didn't do
  anything.

  
  Versions in noble:
  pcscd: 2.0.3-1build1
  libpcslite1: 2.0.3-1build1
  gnupg: 2.4.4-2ubuntu17
  scdaemon: 2.4.4-2ubuntu17

To manage notifications about this bug go to:
https://bugs.launchpad.net/archlinux-lp/+bug/2061708/+subscriptions

More information about the foundations-bugs mailing list