Package: pcscd
Version: 2.3.3-1
Severity: normal
Hello,
I've recently been having issues with pcscd. Currently, whenever I
unplug my yubikey and plug it back in, it is not getting read for
accessing the key on it. I have to restart the pcscd service and then I
can start using the yubikey again. So I can work around the issue but it
is quite annoying to have to restart pcscd all the time.
In terms of setup, I'm running debian sid and using pcscd through
gpg-agent->scdaemon. Some months back, I have added a line
`disable-ccid` to `~/.gnupg/scdaemon.conf` to make it continue to use
pcscd instead of gpg's internal ccid implementation.
From what I can see in dpkg.log though there was no recent upgrade for
the pcscd package that happened which could explain some recent change.
The most recent upgrade that I can see happened on my laptop was on
april 22nd, from 2.3.2-1 to 2.3.3-1, but I've been using the yubikey
without issues for some time after that.
There was an upgrade of gnupg from 2.4.7-21+b1 to 2.4.8-3 that was
applied on september 2nd though -- so two days ago. So that might be
what created the change that caused my issues!
I'm not sure where the bug report is more relevant to open though.
Opening here since the issues I have are specifically with talking to
the yubikey and I can workaround the problem by restarting the pcscd
service. Altough it's possible that we may need to reassign to the gnupg
package.
If more information is needed to help with debugging what's happening,
I'd be happy to supply more as needed.
In terms of logs, here's what I have for the latest pcscd service run.
I've restarted it to make the key work again, then a couple minutes
later tried to disconnect the key from the usb port and reconnect it and
got the issue. The only thing that's visible then in the log are lines
about unauthorized access.
Further below I've also included the logs from the gpg-agent service.
There around the same time as the unauthorized access lines in pcscd,
gpg-daemon shows some lined about "sharing violation" with pcsc. The
line about requesting PIN at 13:52 is probably right after the pcscd
service was started, then disconnection/reconnection must have happened
about a minute or two later.
Sep 04 13:52:08 shing systemd[1]: Started pcscd.service - PC/SC Smart
Card Daemon.
░░ Subject: A start job for unit pcscd.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░
░░ A start job for unit pcscd.service has finished successfully.
░░
░░ The job identifier is 31681.
Sep 04 13:52:22 shing pcscd[156007]: 00000000
../src/winscard.c:281:SCardConnect() Error Reader Exclusive
Sep 04 13:52:26 shing pcscd[156007]: 03913067
../src/winscard.c:281:SCardConnect() Error Reader Exclusive
Sep 04 13:52:26 shing pcscd[156007]: 00005415
../src/winscard.c:281:SCardConnect() Error Reader Exclusive
Sep 04 13:52:26 shing pcscd[156007]: 00093372
../src/winscard.c:281:SCardConnect() Error Reader Exclusive
Sep 04 13:52:27 shing pcscd[156007]: 00926722
../src/winscard.c:281:SCardConnect() Error Reader Exclusive
Sep 04 13:52:27 shing pcscd[156007]: 00005734
../src/winscard.c:281:SCardConnect() Error Reader Exclusive
Sep 04 13:52:54 shing pcscd[156007]: 26785249
../src/winscard.c:281:SCardConnect() Error Reader Exclusive
Sep 04 13:52:54 shing pcscd[156007]: 00005825
../src/winscard.c:281:SCardConnect() Error Reader Exclusive
Sep 04 13:53:38 shing pcscd[156007]: 44609057
../src/auth.c:166:IsClientAuthorized() Process 33256 (user: 1000) is NOT
authorized for action: access_pcsc
Sep 04 13:53:38 shing pcscd[156007]: 00000062
../src/winscard_svc.c:357:ContextThread() Rejected unauthorized PC/SC client
Sep 04 13:53:40 shing pcscd[156007]: 01862085
../src/winscard.c:281:SCardConnect() Error Reader Exclusive
Sep 04 13:53:40 shing pcscd[156007]: 00006025
../src/winscard.c:281:SCardConnect() Error Reader Exclusive
Sep 04 13:53:40 shing pcscd[156007]: 00239852
../src/winscard.c:281:SCardConnect() Error Reader Exclusive
Sep 04 13:53:51 shing pcscd[156007]: 10976939
../src/winscard.c:281:SCardConnect() Error Reader Exclusive
Sep 04 13:53:51 shing pcscd[156007]: 00005909
../src/winscard.c:281:SCardConnect() Error Reader Exclusive
Sep 04 13:54:15 shing pcscd[156007]: 23729205
../src/auth.c:166:IsClientAuthorized() Process 32750 (user: 1000) is NOT
authorized for action: access_pcsc
Sep 04 13:54:15 shing pcscd[156007]: 00000044
../src/winscard_svc.c:357:ContextThread() Rejected unauthorized PC/SC client
Sep 04 13:54:29 shing pcscd[156007]: 13436401
../src/auth.c:166:IsClientAuthorized() Process 32750 (user: 1000) is NOT
authorized for action: access_pcsc
Sep 04 13:54:29 shing pcscd[156007]: 00000061
../src/winscard_svc.c:357:ContextThread() Rejected unauthorized PC/SC client
log from gpg-agent.service around the same time as for the pcscd log above:
Sep 04 11:45:43 shing gpg-agent[132180]: scdaemon[132180]: detected
reader 'Yubico YubiKey FIDO+CCID 00 00'
Sep 04 11:45:43 shing gpg-agent[132180]: scdaemon[132180]: detected
reader 'Yubico YubiKey FIDO+CCID 00 00'
Sep 04 11:45:46 shing gpg-agent[132180]: scdaemon[132180]: detected
reader 'Yubico YubiKey FIDO+CCID 00 00'
Sep 04 11:45:46 shing gpg-agent[132180]: scdaemon[132180]: detected
reader 'Yubico YubiKey FIDO+CCID 00 00'
Sep 04 11:59:01 shing gpg-agent[132180]: scdaemon[132180]: detected
reader 'Yubico YubiKey FIDO+CCID 00 00'
Sep 04 11:59:01 shing gpg-agent[132180]: scdaemon[132180]: detected
reader 'Yubico YubiKey FIDO+CCID 00 00'
Sep 04 11:59:04 shing gpg-agent[132180]: scdaemon[132180]: detected
reader 'Yubico YubiKey FIDO+CCID 00 00'
Sep 04 11:59:04 shing gpg-agent[132180]: scdaemon[132180]: detected
reader 'Yubico YubiKey FIDO+CCID 00 00'
Sep 04 12:07:33 shing gpg-agent[132180]: scdaemon[132180]: detected
reader 'Yubico YubiKey FIDO+CCID 00 00'
Sep 04 12:07:33 shing gpg-agent[132180]: scdaemon[132180]: detected
reader 'Yubico YubiKey FIDO+CCID 00 00'
Sep 04 12:07:35 shing gpg-agent[132180]: scdaemon[132180]: detected
reader 'Yubico YubiKey FIDO+CCID 00 00'
Sep 04 12:07:35 shing gpg-agent[132180]: scdaemon[132180]: detected
reader 'Yubico YubiKey FIDO+CCID 00 00'
Sep 04 12:27:28 shing gpg-agent[132180]: scdaemon[132180]:
pcsc_get_status_change failed: unknown reader (0x80100009)
Sep 04 13:51:32 shing gpg-agent[132180]: scdaemon[132180]:
pcsc_list_readers failed: no readers available (0x8010002e)
Sep 04 13:51:59 shing gpg-agent[132180]: scdaemon[132180]: detected
reader 'Yubico YubiKey FIDO+CCID 00 00'
Sep 04 13:51:59 shing gpg-agent[132180]: scdaemon[132180]: pcsc_connect
failed: sharing violation (0x8010000b)
Sep 04 13:52:11 shing gpg-agent[132180]: scdaemon[132180]: detected
reader 'Yubico YubiKey FIDO+CCID 00 00'
Sep 04 13:52:11 shing gpg-agent[132180]: scdaemon[132180]: added app
'piv' to the card context
Sep 04 13:52:11 shing gpg-agent[132180]: scdaemon[132180]: sending
signal 12 to client 131066
Sep 04 13:52:11 shing gpg-agent[132180]: scdaemon[132180]: detected
reader 'Yubico YubiKey FIDO+CCID 00 00'
Sep 04 13:52:11 shing gpg-agent[132180]: scdaemon[132180]: DBG: asking
for PIN '||Please unlock the card%0A%0A\x1eNumber\x1f: <number
redacted>%0AHolder\x1f: '
Sep 04 13:52:18 shing gpg-agent[132180]: scdaemon[132180]: detected
reader 'Yubico YubiKey FIDO+CCID 00 00'
Sep 04 13:52:18 shing gpg-agent[132180]: scdaemon[132180]: detected
reader 'Yubico YubiKey FIDO+CCID 00 00'
Sep 04 13:54:15 shing gpg-agent[132180]: scdaemon[132180]:
pcsc_get_status_change failed: unknown reader (0x80100009)
Sep 04 13:54:35 shing gpg-agent[132180]: scdaemon[132180]: detected
reader 'Yubico YubiKey FIDO+CCID 00 00'
Sep 04 13:54:35 shing gpg-agent[132180]: scdaemon[132180]: pcsc_connect
failed: sharing violation (0x8010000b)
-- System Information:
Debian Release: forky/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.16.3+deb14-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE
not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages pcscd depends on:
ii init-system-helpers 1.69
ii libc6 2.41-12
ii libccid [pcsc-ifd-handler] 1.6.2-1
ii libglib2.0-0t64 2.84.4-3
ii libpcsclite1 2.3.3-1
ii libpolkit-gobject-1-0 126-2
ii libsystemd0 258~rc3-1
ii libudev1 258~rc3-1
ii polkitd 126-2
ii runit-helper 2.16.4
pcscd recommends no packages.
Versions of packages pcscd suggests:
ii systemd 258~rc3-1
-- no debconf information
