After an upgrade of sys-apps/pcsc-lite from version 1.6.1 to 1.6.6, my card reader, a Cherry ST-2000U stopped to work. I used it in connection with app-crypt/gnupg-2.0.16-r1 and an OpenPGP smartcard. The named reader is listed on the pcsc-lite website as being supported. My other reader, a SCM SCR335 still works as expected. I run on AMD64, so I can't check if the bug also affects other platforms. When running scdaemon in debug mode, I get the following error: unknown PC/SC error code (0x8010002e) Reproducible: Always Steps to Reproduce: 1. run gpg --card-status Actual Results: The following error is reported: gpg: selecting openpgp failed: Card error gpg: OpenPGP card not available: Card error Expected Results: The information on the OpenPGP smart card should be shown. Portage 2.1.9.25 (default/linux/amd64/10.0, gcc-4.4.4, glibc-2.11.2-r3, 2.6.36-tuxonice-r4 x86_64) ================================================================= System uname: Linux-2.6.36-tuxonice-r4-x86_64-Intel-R-_Core-TM-2_Duo_CPU_T8300_@_2.40GHz-with-gentoo-1.12.14 Timestamp of tree: Tue, 11 Jan 2011 16:45:01 +0000 app-shells/bash: 4.1_p7 dev-java/java-config: 2.1.11-r1 dev-lang/python: 2.6.6-r1, 3.1.2-r4 dev-util/cmake: 2.8.1-r2 sys-apps/baselayout: 1.12.14-r1 sys-apps/sandbox: 2.4 sys-devel/autoconf: 2.13, 2.65-r1 sys-devel/automake: 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.4.4-r2 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.10 sys-devel/make: 3.81-r2 virtual/os-headers: 2.6.30-r1 (sys-kernel/linux-headers) ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=core2 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/openvpn/easy-rsa" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-march=core2 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs distlocks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" GENTOO_MIRRORS="ftp://gentoo.lagis.at http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo" LANG="de_AT.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="de en" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.at.gentoo.org/gentoo-portage" USE="X a52 aac aalib acl acpi alsa amd64 autoipd avahi bash-completion bluetooth bzip2 cdda cddb cdparanoia cdr cli connection-sharing consolekit cracklib crypt css cups curl cvs cxx dbus device-mapper dga dhclient dhcpcd directfb djvu dri dts dv dvb dvd dvdr emboss encode exif extras fbcon ffmpeg firefox flac fontconfig foomaticdb fortran ftp gajim gdbm gdu geoip gif gimp gnome gnome-keyring gnutls gpg gphoto2 gpm gps gsm gstreamer gtk gzip hal hardened iconv icu idn ieee1394 imagemagick imap ipv6 jabber jack java javascript jingle jpeg jpeg2k kolab lame latex libgda libnotify lzo mad maildir matroska mbox mdnsresponder-compat mime mmap mmx modules mozilla mp3 mp4 mpeg mplayer mtp mudflap multilib musicbrainz nas nautilus ncurses networkmanager nls nntp nptl nptlonly nsplugin offensive ogg openct opengl openmp pam pcre pcsc-lite pdf perl png policykit pop ppds pppd pulseaudio python radius raw rdesktop readline resolvconf rss samba sasl session sharemem skey smartcard smime smp smtp sockets socks5 sox speex spell sqlite sse sse2 ssl subversion svg sysfs syslog szip tcpd theora threads tiff truetype udev unicode usb v4l v4l2 vcd vim-syntax vnc vorbis wavpack webkit wifi wmf wxwindows x264 xattr xcomposite xine xinerama xml xorg xscreensaver xulrunner xv xvid zeroconf zlib zsh-completion" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" FOO2ZJS_DEVICES="hp2600n" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de en" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="intel" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
See, if it's not the same problem as in bug 349431. If so, same resolution for this bug.
No, ccid was installed at any time. I reinstalled it now, but nothing has changed (despite that, GnuPG also has a CCID driver IIRC). I also installed pcsc-tools now and ran pcsc_scan, which didn't recognize any reader at all.
Can you please try with the ccid-1.4.1-r2 package? There has been a few readers dropped in ccid-1.4.1 and they are restored in ~arch only for now as they required extensive upstream patching.
It works with gpg now, but only if pcscd is started with the --auto-exit option. If pcscd is started via its init script, I'm getting the same error as before. I think this is *really* strange, so I will try a few other things in the next days. Thank you!
Not sure if I should file a new bug yet, but the pcsc/ccid upgrade seems to have broken my CAC reader asetup (just a normal DoD CAC with the coolkey firefox module). It works with all previous versions prior to the recent upgrades (ie, it still works on my older install from last December). However, the current versions of pcsc and ccid stop coolkey from talking to the CAC (and makes firefox stop responding). Although pcsc_scan seems to see the reader and card the same as before, the green light on the card now goes out several seconds after plugging the card in, and doesn't come on again until firefox tries to talk to the card via coolkey (whereas on the working setup the green light stays on the whole time the card is plugged in). I'm still debugging this one, but everything so far points to pcsc_lite and/or ccid. That said, the upstream RedHat guys actually admitted they should release a new version of coolkey, so that *might* help.
Non-working system: [ebuild R ] sys-apps/pcsc-lite-1.6.6 USE="usb" 0 kB [ebuild R ] dev-perl/pcsc-perl-1.4.11 0 kB [ebuild R ] app-crypt/ccid-1.4.1-r2 USE="usb -twinserial" 0 kB [ebuild R ] sys-apps/pcsc-tools-1.4.17 USE="gtk" 0 kB Working system: [ebuild U ] sys-apps/pcsc-lite-1.6.6 [1.6.4] USE="usb (-hal%) (-static%)" 0 kB [ebuild U ] dev-perl/pcsc-perl-1.4.11 [1.4.10] 0 kB [ebuild U ] app-crypt/ccid-1.4.1-r2 [1.4.0] USE="usb -twinserial" 0 kB [blocks b ] <app-crypt/ccid-1.4.1-r1 ("<app-crypt/ccid-1.4.1-r1" is blocking sys-apps/pcsc-lite-1.6.6) [ebuild R ] sys-apps/pcsc-tools-1.4.17 USE="gtk" 0 kB * Note: one of the recent workarounds (for a different issue) discussed on the coolkey list was to remove the CAC-1 patch from the set of upstream patches. Been there, tried that, didn't change anything on either system for me...
The USB card reader is a generic one that works fine (when the software is working) on amd64 and ppc, and even with debian/ubuntu. The output below is the same on both the working and non-working installs: $ pcsc_scan PC/SC device scanner V 1.4.17 (c) 2001-2009, Ludovic Rousseau <ludovic.rousseau@free.fr> Compiled with PC/SC lite version: 1.6.6 Scanning present readers... 0: Axalto Reflex USB v3 (21120538114863) 00 00 Wed Feb 16 16:59:41 2011 Reader 0: Axalto Reflex USB v3 (21120538114863) 00 00 Card state: Card inserted, ATR: 3B 7D 96 00 00 80 31 80 65 B0 83 11 17 D6 83 00 90 00 ATR: 3B 7D 96 00 00 80 31 80 65 B0 83 11 17 D6 83 00 90 00 + TS = 3B --> Direct Convention + T0 = 7D, Y(1): 0111, K: 13 (historical bytes) TA(1) = 96 --> Fi=512, Di=32, 16 cycles/ETU 250000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 312500 bits/s TB(1) = 00 --> VPP is not electrically connected TC(1) = 00 --> Extra guard time: 0 + Historical bytes: 80 31 80 65 B0 83 11 17 D6 83 00 90 00 Category indicator byte: 80 (compact TLV data object) Tag: 3, len: 1 (card service data byte) Card service data byte: 80 - Application selection: by full DF name - EF.DIR and EF.ATR access services: by GET RECORD(s) command - Card with MF Tag: 6, len: 5 (pre-issuing data) Data: B0 83 11 17 D6 Tag: 8, len: 3 (status indicator) LCS (life card cycle): 00 (No information given) SW: 9000 (Normal processing.) Possibly identified card (using /usr/share/pcsc/smartcard_list.txt): 3B 7D 96 00 00 80 31 80 65 B0 83 11 17 D6 83 00 90 00 DoD CAC card issued Jan 14, 2010
Please reopen if comment#7 is not helpful. Thanks.
In systemd : systemctl start pcscd systemctl status pcscd ● pcscd.service - PC/SC Smart Card Daemon Loaded: loaded (/lib/systemd/system/pcscd.service; indirect; vendor preset: disabled) Active: active (running) since Mon 2021-10-11 18:37:37 CEST; 6s ago TriggeredBy: ● pcscd.socket Docs: man:pcscd(8) Main PID: 789487 (pcscd) Tasks: 5 (limit: 38372) Memory: 3.3M CPU: 9ms CGroup: /system.slice/pcscd.service └─789487 /usr/sbin/pcscd --foreground --auto-exit POERYZEN /usr/bin # pcsc_scan Using reader plug'n play mechanism Scanning present readers... 0: Cherry GmbH SmartTerminal XX44 00 00 Mon Oct 11 18:39:02 2021 Reader 0: Cherry GmbH SmartTerminal XX44 00 00 Event number: 0 Card state: Card inserted, ATR: 3B 98 XX 40 0A A5 03 01 01 01 AD XX XX ATR: 3B 98 XX 40 0A A5 03 01 01 01 AD XX XX + TS = 3B --> Direct Convention + T0 = 98, Y(1): 1001, K: 8 (historical bytes) TA(1) = 13 --> Fi=372, Di=4, 93 cycles/ETU 43010 bits/s at 4 MHz, fMax for Fi = 5 MHz => 53763 bits/s TD(1) = 40 --> Y(i+1) = 0100, Protocol T = 0 ----- TC(2) = 0A --> Work waiting time: 960 x 10 x (Fi/F) + Historical bytes: A5 03 01 01 01 AD XX XX Category indicator byte: A5 (proprietary format) Possibly identified card (using /usr/share/pcsc/smartcard_list.txt): XX 98 XX 40 0A A5 03 01 01 01 AD XX XX After starting this service (for Openrc see also service :/etc/init.d/pcscd start) it works if everything is installed. It seems someone forgot to install the services in both systems.
looks too old to reproduce
It is still in use in Belgium an the European countries. So it is not obsolete. Still fabricated in keyboards and stand alone. So FIX it. It worked before in previous versions without a problem. So find the change in this version and the older versions.
