I plugged a new USB smartcard reader recently and hit the following problem: Apr 10 00:08:24 [pcscd] /var/tmp/portage/sys-apps/pcsc-lite-1.8.22/work/pcsc-lite-1.8.22/src/debuglog.c:289:DebugLogSetLevel() debug level=debug Apr 10 00:08:24 [pcscd] /var/tmp/portage/sys-apps/pcsc-lite-1.8.22/work/pcsc-lite-1.8.22/src/debuglog.c:310:DebugLogSetCategor y() Debug options: APDU Apr 10 00:09:41 [start-stop-daemon] pam_unix(start-stop-daemon:session): session opened for user pcscd by root(uid=0) Apr 10 00:09:41 [pcscd] ccid_usb.c:525:OpenUSBByName() Can't libusb_open(1/23): LIBUSB_ERROR_ACCESS Apr 10 00:09:41 [pcscd] ifdhandler.c:151:CreateChannelByNameOrChannel() failed Apr 10 00:09:41 [pcscd] /var/tmp/portage/sys-apps/pcsc-lite-1.8.22/work/pcsc-lite-1.8.22/src/readerfactory.c:1105:RFInitialize Reader() Open Port 0x200000 Failed (usb:08e6/3437:libudev:0:/dev/bus/usb/001/023) Apr 10 00:09:41 [pcscd] /var/tmp/portage/sys-apps/pcsc-lite-1.8.22/work/pcsc-lite-1.8.22/src/readerfactory.c:376:RFAddReader() Gemalto PC Twin Reader (EF2420E4) init failed. Apr 10 00:11:08 [start-stop-daemon] pam_unix(start-stop-daemon:session): session opened for user pcscd by root(uid=0) Apr 10 00:11:08 [pcscd] ccid_usb.c:525:OpenUSBByName() Can't libusb_open(1/23): LIBUSB_ERROR_ACCESS Apr 10 00:11:08 [pcscd] ifdhandler.c:151:CreateChannelByNameOrChannel() failed Apr 10 00:11:08 [pcscd] /var/tmp/portage/sys-apps/pcsc-lite-1.8.22/work/pcsc-lite-1.8.22/src/readerfactory.c:1105:RFInitialize Reader() Open Port 0x200000 Failed (usb:08e6/3437:libudev:0:/dev/bus/usb/001/023) Apr 10 00:11:08 [pcscd] /var/tmp/portage/sys-apps/pcsc-lite-1.8.22/work/pcsc-lite-1.8.22/src/readerfactory.c:376:RFAddReader() Gemalto PC Twin Reader (EF2420E4) init failed. First of all, the description in the pkg_postinstall is not accurate: pkg_postinst() { elog "Starting from version 1.6.5, pcsc-lite will start as user nobody in" elog "the pcscd group, to avoid running as root." it must be "will start as user pcscd" Secondly, the same user must be in the "plugdev" group in order to fix the problem above. ---------- sys-apps/pcsc-tools-1.4.27 emerge --info Portage 2.3.24 (python 3.5.5-final-0, default/linux/amd64/17.0/hardened, gcc-6.4.0, glibc-2.25-r11, 4.14.15-pentoo x86_64) ================================================================= System uname: Linux-4.14.15-pentoo-x86_64-Intel-R-_Core-TM-_i5-3320M_CPU_@_2.60GHz-with-gentoo-2.4.1 KiB Mem: 7973344 total, 1757348 free KiB Swap: 4194300 total, 4194228 free Timestamp of repository gentoo: Mon, 09 Apr 2018 08:15:01 +0000 Head commit of repository gentoo: c7684eaa754323674d11a2a6e6e46e5d1e079a45 Head commit of repository pentoo: 482980a3552117f1d7399ad85ca2e4e5325290b8 sh bash 4.4_p12 ld GNU ld (Gentoo 2.29.1 p3) 2.29.1 app-shells/bash: 4.4_p12::gentoo dev-java/java-config: 2.2.0-r4::gentoo dev-lang/perl: 5.24.3-r1::gentoo dev-lang/python: 2.7.14-r1::gentoo, 3.5.5::gentoo dev-util/cmake: 3.9.6::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.4.1-r2::gentoo sys-apps/openrc: 0.34.11::gentoo sys-apps/sandbox: 2.13::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69-r4::gentoo sys-devel/automake: 1.15.1-r2::gentoo sys-devel/binutils: 2.29.1-r1::gentoo sys-devel/gcc: 6.4.0-r1::gentoo sys-devel/gcc-config: 1.8-r1::gentoo sys-devel/libtool: 2.4.6-r5::gentoo sys-devel/make: 4.2.1::gentoo sys-kernel/linux-headers: 4.13::gentoo (virtual/os-headers) sys-libs/glibc: 2.25-r11::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://rsync.asia.gentoo.org/gentoo-portage priority: -1000 sync-rsync-verify-metamanifest: no sync-rsync-extra-opts: local-overlay location: /usr/local/portage masters: gentoo priority: 0 pentoo location: /data/pentoo/pentoo sync-type: git sync-uri: https://github.com/pentoo/pentoo-overlay masters: gentoo steam-overlay location: /var/lib/layman/steam-overlay masters: gentoo priority: 50 ABI="amd64" ABI_X86="64" ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA OPERA-12 NVIDIA-CUDA PUEL AdobeFlash-11.x Google-TOS dlj-1.1 google-chrome Oracle-BCLA-JavaSE Intel-SDP skype-4.0.0.7-copyright baudline" ACCEPT_PROPERTIES="*" ACCEPT_RESTRICT="*" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ANDROID_HOME="/opt/android-sdk-update-manager" ANDROID_SWT="/usr/share/swt-3.7/lib" ANT_HOME="/usr/share/ant" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ARCH="amd64" AUTOCLEAN="yes" BOOTSTRAP_USE="cxx unicode internal-glib python_targets_python3_5 python_targets_python2_7 multilib hardened pic xtpax -jit -orc" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump author" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=native -O2 -pipe" CFLAGS_amd64="-m64" CFLAGS_x32="-mx32" CFLAGS_x86="-m32" CHOST="x86_64-pc-linux-gnu" CHOST_amd64="x86_64-pc-linux-gnu" CHOST_x32="x86_64-pc-linux-gnux32" CHOST_x86="i686-pc-linux-gnu" CLEAN_DELAY="5" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" COLLISION_IGNORE="/lib/modules/* *.py[co] *$py.class */dropin.cache" COLORTERM="truecolor" CONFIG_PROTECT="/etc /etc/stunnel/stunnel.conf /usr/share/config /usr/share/easy-rsa /usr/share/gnupg/qualified.txt /usr/share/themes/oxygen-gtk/gtk-2.0" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CPU_FLAGS_X86="aes avx mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" CXXFLAGS="-march=native -O2 -pipe" DEFAULT_ABI="amd64" DISPLAY=":0" DISTDIR="/usr/portage/distfiles" EDITOR="/usr/bin/mcedit" ELIBC="glibc"
The mechanism is different... the reader driver should mark with udev that pcsc should have access, we do not want pcscd to have access to all devices. See example in ccid[1], then the pcsc rules sets the group, see [2] [1] https://github.com/gentoo/gentoo/blob/master/app-crypt/ccid/files/92_pcscd_ccid-2.rules [2] https://github.com/gentoo/gentoo/blob/master/sys-apps/pcsc-lite/files/99-pcscd-hotplug.rules
ok, thanks, I didn't know it. I can see that my smartcard reader (08e6:3437) is not in that list. Can you help to include it?
bash$ lsusb -d 08e6:3437 -v Bus 001 Device 026: ID 08e6:3437 Gemalto (was Gemplus) GemPC Twin SmartCard Reader Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 2.00 bDeviceClass 0 bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 8 idVendor 0x08e6 Gemalto (was Gemplus) idProduct 0x3437 GemPC Twin SmartCard Reader bcdDevice 2.00 iManufacturer 1 Gemalto iProduct 2 USB SmartCard Reader iSerial 3 EF2420E4 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 93 bNumInterfaces 1 bConfigurationValue 1 iConfiguration 0 bmAttributes 0xa0 (Bus Powered) Remote Wakeup MaxPower 50mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 3 bInterfaceClass 11 Chip/SmartCard bInterfaceSubClass 0 bInterfaceProtocol 0 iInterface 0 ChipCard Interface Descriptor: bLength 54 bDescriptorType 33 bcdCCID 1.01 (Warning: Only accurate for version 1.0) nMaxSlotIndex 0 bVoltageSupport 7 5.0V 3.0V 1.8V dwProtocols 3 T=0 T=1 dwDefaultClock 4800 dwMaxiumumClock 4800 bNumClockSupported 0 dwDataRate 12903 bps dwMaxDataRate 825806 bps bNumDataRatesSupp. 53 dwMaxIFSD 254 dwSyncProtocols 00000000 dwMechanical 00000000 dwFeatures 00010230 Auto clock change Auto baud rate change NAD value other than 0x00 accepted TPDU level exchange dwMaxCCIDMsgLen 271 bClassGetResponse 00 bClassEnvelope 00 wlcdLayout none bPINSupport 0 bMaxCCIDBusySlots 1 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x01 EP 1 OUT bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x82 EP 2 IN bmAttributes 2 Transfer Type Bulk Synch Type None Usage Type Data wMaxPacketSize 0x0040 1x 64 bytes bInterval 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x83 EP 3 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0008 1x 8 bytes bInterval 16 can't get device qualifier: Resource temporarily unavailable can't get debug descriptor: Resource temporarily unavailable Device Status: 0x0000 (Bus Powered)
Normally, there is no need to add specific usb device. Your bInterfaceClass is 0x0b, which is generic, the following rule should apply, please try to find out what went wrong: --- # generic CCID device (bInterfaceClass = 0x0b) # change group from default "root" to "pcscd" ENV{ID_USB_INTERFACES}=="*:0b0000:*", ENV{PCSCD}="1" ---
ok, I found the problem. The package app-crypt/ccid wasn't installed when I hit this problem. Shouldn't it be a dependency of pcsc-lite (or sys-apps/pcsc-tools)?
ccid is the driver for *your* smartcard, there are other drivers.