Yubikey stopped working after noble upgrade
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Arch Linux on Launchpad |
Fix Released
|
Unknown
|
|||
gnupg2 (Ubuntu) |
Triaged
|
Undecided
|
Unassigned | ||
pcsc-lite (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
In Ubuntu 22.04 I used by GPG key stored on a Yubikey smart card, but since upgrading to Noble I get the following trying to access it.
$ gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
If I run this as root it works:
$ sudo gpg --card-status
Reader ...........: 1050:0407:X:0
Application ID ...: D27600012401000
Application type .: OpenPGP
Version ..........: 2.1
Manufacturer .....: Yubico
Serial number ....: XXXXXXXX
Name of cardholder: [not set]
Language prefs ...: [not set]
Salutation .......:
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: not forced
Key attributes ...: rsa4096 rsa4096 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 10 0 10
Signature counter : 1172
UIF setting ......: Sign=off Decrypt=off Auth=off
Signature key ....: <redacted>
created ....: <redacted>
Encryption key....: <redacted>
created ....: <redacted>
Authentication key: [none]
General key info..: [none]
If I manually run pcscd.service then it stops working both as root and a user.
$ sudo pkill -9 scdaemon
$ sudo systemctl start pcscd.service
$ gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
$ sudo gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
It might be worth mentioning I'm accessing the machine over SSH, so I also did experiment with a polkit rule like this:
polkit.
if (action.id == "org.debian.
return polkit.Result.YES;
}
});
polkit.
if (action.id == "org.debian.
return polkit.Result.YES;
}
});
Added into /etc/polkit-
Versions in noble:
pcscd: 2.0.3-1build1
libpcslite1: 2.0.3-1build1
gnupg: 2.4.4-2ubuntu17
scdaemon: 2.4.4-2ubuntu17
affects: | gnupg (Ubuntu) → gnupg2 (Ubuntu) |
Changed in archlinux-lp: | |
status: | Unknown → Fix Released |
I managed to get it working as a user by manually starting pcscd.service and with the following to force scdaemon to use it.
# cat ~/.gnupg/ scdaemon. conf
card-timeout 5
disable-ccid
To me this seems to be a regression in behavior from 2.2.27-3ubuntu2.1 to 2.4.4-2ubuntu17.