Bug 612012

Summary:	=app-crypt/gnupg-2.1.18 scdaemon cannot access YubiKey or Lenovo Integrated SC Reader
Product:	Gentoo Linux	Reporter:	Marek Szuba <marecki>
Component:	Current packages	Assignee:	Kristian Fiskerstrand (RETIRED) <k_f>
Status:	RESOLVED FIXED
Severity:	normal	CC:	anton.bugs, sir.suriv
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugs.gnupg.org/gnupg/issue2933
See Also:	https://bugs.debian.org/854595
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:	617960
Bug Blocks:	611250

Description Marek Szuba archtester

2017-03-07 23:14:46 UTC

I have just found out the hard way that the Debian bug 854595 is a problem for us too: upgrading app-crypt/gnupg to the recently stabilised 2.1.18 has resulted in its scdaemon no longer being able to access keys stored in the OpenPGP applet of YubiKeys (tested on several YK4s). Downgrading to 2.1.15 (and killing scdaemon) makes things go back to normal.

Please see the aforementioned Debian bug for a detailed description of symptoms.

Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev

2017-03-08 11:06:31 UTC

Try with disable-ccid in scdaemon.conf and install app-crypt/ccid (killing scdaemon to ensure new drivers are used)

Comment 2 Andreas K. Hüttel archtester

2017-03-09 08:28:16 UTC

I see the same effect with the smart card reader in my Thinkpad T520, 
Bus 002 Device 004: ID 17ef:1003 Lenovo Integrated Smart Card Reader

I have not tried k_f's advice yet, since I first went to the upstream bug. 

However, I can confirm that adding the two Debian patches from $URL to our 2.1.18 solves the problem for me, and I can access my card reader again.

Comment 3 Marek Szuba archtester

2017-03-09 10:27:15 UTC

For the record, at least in case of YK4 disabling the built-in CCID driver in favour of the external one does help.

Comment 4 Kristian Fiskerstrand (RETIRED) gentoo-dev

2017-03-09 20:01:57 UTC

(In reply to Marek Szuba from comment #3)
> For the record, at least in case of YK4 disabling the built-in CCID driver
> in favour of the external one does help.

Also of interest is whether the issue persists in 2.1.19

Comment 5 Diogo Pereira 2017-03-09 21:01:08 UTC

Installing 2.1.19-r1 fixed the problem for me (YubiKey 4).

Comment 6 Anton Bolshakov 2017-03-10 06:49:05 UTC

The relevant bug report seems below:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852702
and the patch is here:
https://anonscm.debian.org/cgit/pkg-gnupg/gnupg2.git/commit/?id=cd2ad84410ba2045338a30a15c1caa145335c445

Comment 7 Kristian Fiskerstrand (RETIRED) gentoo-dev

2017-03-10 15:21:34 UTC

(In reply to Diogo Pereira from comment #5)
> Installing 2.1.19-r1 fixed the problem for me (YubiKey 4).

Right, the mentioned patches are included in it so I'm not surprised. So if the workaround isn't sufficient I'd prefer stabilizing 2.1.19 rather than applying the specific patches.

Comment 8 Kristian Fiskerstrand (RETIRED) gentoo-dev

2017-06-10 11:20:02 UTC

Already stable on all but ia64, so closing this bug