Re: git: 726b0eccd65b - main - devel/pcsc-lite: Update to 2.3.1
Date: Wed, 08 Jan 2025 23:16:11 UTC
On 1/5/25 07:56, Gleb Popov wrote:
> The branch main has been updated by arrowd:
>
> URL:https://cgit.FreeBSD.org/ports/commit/?
> id=726b0eccd65bff6517d8189b16fe622998302339
>
> commit 726b0eccd65bff6517d8189b16fe622998302339
> Author: Gleb Popov<arrowd@FreeBSD.org>
> AuthorDate: 2025-01-05 15:56:02 +0000
> Commit: Gleb Popov<arrowd@FreeBSD.org>
> CommitDate: 2025-01-05 15:56:14 +0000
>
> devel/pcsc-lite: Update to 2.3.1
I had a involuntary reboot today and find that this version breaks my
use of hardware tokens (feitian ePass2003 and yubikey) with ssh-agent. I
can get things working again by reverting to 2.3.0 (and restarting pcscd).
The impression I get is that it's some kind of permission problem. When
I insert a token and run "opensc-tool -l" as a user there is no output;
when I run as root it shows the token.
I ran opensc-tool from ktrace and see it successfully connecting to
pcscd but it does an ioctl and then it just gives up.
I ran pcscd under gdb and see that polkit is denying my access:
00001487 [0x800e13500] ../src/auth.c:168:IsClientAuthorized()
Process 3512 (user: 1020) is NOT authorized for action: access_pcsc
00000091 [0x800e13500] ../src/winscard_svc.c:357:ContextThread()
Rejected unauthorized PC/SC client
Indeed I can get things to work again if I run pcscd with
--disable-polkit. Is this the right solution or am I missing polkit
configuration? I found pkaction and it has something that looks reasonable:
pkaction | fgrep pcsc
org.debian.pcsc-lite.access_card
org.debian.pcsc-lite.access_pcsc
But I guess:
/usr/local/share/polkit-1/actions/org.debian.pcsc-lite.policy
is now missing something? Looks like IsClientAuthorized() is getting
called with "access_pcsc" so I don't understand why it's not working.
Suggestions?
Craig