[Bug 2061708] Re: Yubikey stopped working after noble upgrade

Ludovic Rousseau 2061708 at bugs.launchpad.net
Fri Apr 26 08:19:12 UTC 2024 

https://blog.apdu.fr/posts/2024/04/gnupg-and-pcsc-conflicts-episode-2/

I do not use GnuPG with a smartcard. So I don't know which configuration
is more stable.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnupg2 in Ubuntu.
https://bugs.launchpad.net/bugs/2061708

Title:
  Yubikey stopped working after noble upgrade

Status in Arch Linux on Launchpad:
  Fix Released
Status in gnupg2 package in Ubuntu:
  Triaged
Status in pcsc-lite package in Ubuntu:
  Invalid

Bug description:
  In Ubuntu 22.04 I used by GPG key stored on a Yubikey smart card, but
  since upgrading to Noble I get the following trying to access it.

  $ gpg --card-status
  gpg: selecting card failed: No such device 
  gpg: OpenPGP card not available: No such device

  If I run this as root it works:

  $ sudo gpg --card-status
  Reader ...........: 1050:0407:X:0
  Application ID ...: D2760001240100000006090826160000
  Application type .: OpenPGP
  Version ..........: 2.1
  Manufacturer .....: Yubico
  Serial number ....: XXXXXXXX
  Name of cardholder: [not set]
  Language prefs ...: [not set]
  Salutation .......: 
  URL of public key : [not set]
  Login data .......: [not set]
  Signature PIN ....: not forced
  Key attributes ...: rsa4096 rsa4096 rsa2048
  Max. PIN lengths .: 127 127 127
  PIN retry counter : 10 0 10
  Signature counter : 1172
  UIF setting ......: Sign=off Decrypt=off Auth=off
  Signature key ....: <redacted>
        created ....: <redacted>
  Encryption key....: <redacted>
        created ....: <redacted>
  Authentication key: [none]
  General key info..: [none]

  If I manually run pcscd.service then it stops working both as root and
  a user.

  $ sudo pkill -9 scdaemon
  $ sudo systemctl start pcscd.service
  $ gpg --card-status
  gpg: selecting card failed: No such device
  gpg: OpenPGP card not available: No such device
  $ sudo gpg --card-status
  gpg: selecting card failed: No such device
  gpg: OpenPGP card not available: No such device

  It might be worth mentioning I'm accessing the machine over SSH, so I
  also did experiment with a polkit rule like this:

  polkit.addRule(function(action, subject) {
      if (action.id == "org.debian.pcsc-lite.access_card" &&
          subject.isInGroup("sudo")) {
          return polkit.Result.YES;
      }
  });
  polkit.addRule(function(action, subject) {
      if (action.id == "org.debian.pcsc-lite.access_pcsc" &&
          subject.isInGroup("sudo")) {
          return polkit.Result.YES;
      }
  });

  Added into /etc/polkit-1/rules.d/99-pcscd.rules and then reloading
  polkit.service in case this was a polkit issue, but this didn't do
  anything.

  
  Versions in noble:
  pcscd: 2.0.3-1build1
  libpcslite1: 2.0.3-1build1
  gnupg: 2.4.4-2ubuntu17
  scdaemon: 2.4.4-2ubuntu17

To manage notifications about this bug go to:
https://bugs.launchpad.net/archlinux-lp/+bug/2061708/+subscriptions

More information about the foundations-bugs mailing list