Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 927656 - sys-apps/pcsc-lite-2.0.1 missing device rules
Summary: sys-apps/pcsc-lite-2.0.1 missing device rules
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-03-24 00:32 UTC by Esteve Varela Colominas
Modified: 2024-03-24 15:09 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Esteve Varela Colominas 2024-03-24 00:32:28 UTC 
I'm grappling a bit with how the pcscd setup on gentoo actually *works*... It doesn't do so for me out of the box, and I think that's a bit of a shame.

I have an "072f:2200 ACS ACR122U PICC Interface". When I tried it on ubuntu, I just had to "apt install libnfc-bin pcscd pcsc-tools" (not sure if libnfc-bin was required), and everything worked right away, pcscd was running, "pcsc_scan" detected the device, and everything's sunshine and rainbows.

In order to get it to work on gentoo, I had to do a few more things that took me a while to figure out, but can be consolidated to "just":
- Install sys-apps/pcsc-tools, this implicitly pulls in sys-apps/pcsc-lite
- Install 93-pn53x.rules[1] to /etc/udev/rules.d
- Install blacklist-libnfc.conf[2] to /etc/modprobe.d
- Append ', ENV{PCSCD}="1"' to each device line in 93-pn53x.rules. This is required for the pcscd daemon to be able to access them, 
- Install app-crypt/ccid. I figured this one out by comparing /usr/lib/pcsc/drivers across distros... it's /usr/lib64/readers/usb on gentoo?
- set up rc_hotplug in /etc/rc.conf, though I already had this set to "*"

There's a few unconventional things regarding pcsc in gentoo that led me down half a day of tinkering to get it to work:
- The daemon runs under an unprivileged user and group combination, with no access to common device groups like plugdev.
- There's no udev rules for common devices installed by default. Distros like Arch[3] and ubuntu[4] distribute it alongside libnfc, and document it accordingly. It's fine to not provide it for every kind of device, but having *some* kind of pre-existing rules helps figure out how to add new devices, instead of me just blindly copying the libnfc files and wondering why they don't work (due to group differences).
- app-crypt/ccid isn't pulled in as a dependency, or mentioned anywhere in the ebuild messages.
- Of course, systemd works differently, but hotplug support on OpenRC needed a bit of extra care beyond the ebuild messages. And I'm still not sure if the solution I applied is the appropriate one.

I think the situation can be improved in order to make gentoo's support a bit more of a plug-and-play experience, mostly by realigning gentoo with upstream and other distro's behaviors. Here's what I'd do: drop the pcscd user as a whole or at minimum give it plugdev permissions (plays nice with users which might not be in the pcscd group and want to use libnfc standalone), add the libnfc udev rules and blacklist files *somewhere* and modify them so hotplugging works, mention app-crypt/ccid and the other compatible drivers listed in the wiki[5] in optfeatures.

Maybe I'm just misguided and there's some crucial bit of documentation I overlooked, or I'm not seeing how this really works. I hope I can at least help in improving things a tiny bit.

[1]: https://github.com/nfc-tools/libnfc/blob/master/contrib/udev/93-pn53x.rules
[2]: https://github.com/nfc-tools/libnfc/blob/master/contrib/linux/blacklist-libnfc.conf
[3]: https://wiki.archlinux.org/title/NFC
[4]: https://packages.ubuntu.com/noble/amd64/libnfc6/filelist
[5]: https://wiki.gentoo.org/wiki/PCSC-Lite