[Bug 283989] security/gnupg: pcsc stopped working, no token access possible.

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Sat, 11 Jan 2025 01:24:26 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=283989

            Bug ID: 283989
           Summary: security/gnupg: pcsc stopped working, no token access
                    possible.
           Product: Ports & Packages
           Version: Latest
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: adridg@freebsd.org
          Reporter: tomek@cedro.info
          Assignee: adridg@freebsd.org
             Flags: maintainer-feedback?(adridg@freebsd.org)

Hello world :-)

Today my gpg-agent stopped working, probably after recent pkg upgrade, no
configuration change.

Problem is noted on forums too:

https://forums.freebsd.org/threads/smart-card-yubiko-stopped-working.96372/

Seems like caused by PCSCD. Looks like access definitions changed?

# pcscd -f
00000000 ../src/auth.c:148:IsClientAuthorized() Error in authorization:
GDBus.Error:org.freedesktop.PolicyKit1.Error.Failed: get_kinfo_proc() failed
for pid 29033: No such process
00000027 ../src/auth.c:168:IsClientAuthorized() Process 29033 (user: 1001) is
NOT authorized for action: access_pcsc
00000133 ../src/winscard_svc.c:357:ContextThread() Rejected unauthorized PC/SC
client

USB device permissions are fine. Card can be read with yubikey utilities:

% ykinfo -s
serial: [REDACTED]

Another client also fails to read the card for the same reason:

% yubikey-agent -l /[REDACTED]/S.gpg-agent.ssh
2025/01/11 02:20:58 Warning: yubikey-agent is meant to run as a background
daemon.
2025/01/11 02:20:58 Running multiple instances is likely to lead to conflicts.
2025/01/11 02:20:58 Consider using the launchd or systemd services.
2025/01/11 02:21:21 Connecting to the YubiKey...
2025/01/11 02:21:21 agent 11: could not reach YubiKey: connecting to pscs: an
internal communications error has been detected

Any hints welcome. This is kinda blocker for all token based ssh connections
:-(

-- 
You are receiving this mail because:
You are the assignee for the bug.