GNU bug report logs - #31337
Unable to use gnuk usb smartcard token on GuixSD

Previous Next

Package: guix;

Reported by: Vagrant Cascadian <vagrant <at> debian.org>

Date: Tue, 1 May 2018 22:30:01 UTC

Severity: normal

Done: Brice Waegeneire <brice <at> waegenei.re>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 31337 in the body.
You can then email your comments to 31337 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#31337; Package guix. (Tue, 01 May 2018 22:30:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Vagrant Cascadian <vagrant <at> debian.org>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Tue, 01 May 2018 22:30:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Vagrant Cascadian <vagrant <at> debian.org>
To: bug-guix <at> gnu.org
Subject: Unable to use gnuk usb smartcard token on GuixSD
Date: Tue, 01 May 2018 15:29:04 -0700

[Message part 1 (text/plain, inline)]
I've been unable to use my gnuk usb smartcard token with gnupg on
GuixSD, and it appears this is because scdaemon is built without libusb
support:

      $ gpg --card-status
      gpg: selecting openpgp failed: No such device
      gpg: OpenPGP card not available: No such device

Attached is a patch that gets scdaemon working for me and a gnuk...

Unfortunately, enabling libusb causes one of the tets to hang
indefinitely:

      PASS: tests/openpgp/decrypt-session-key.scm
      Checking unwrapping the encryption.
          > encsig-2-keys-3 encsig-2-keys-4 <
      PASS: tests/openpgp/decrypt-unwrap-verify.scm
      Checking signing with the default hash algorithm
          >

So far, I've only been able to get it to work by disabling the
tests... so it's obviously not a good idea to enable without further
troubleshooting.

Another option might be to use pcsc-lite and ccid, but I had even less
luck getting that to work.


live well,
  vagrant


diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index f397482ab..0e9e72784 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -39,6 +39,7 @@
   #:use-module (gnu packages curl)
   #:use-module (gnu packages crypto)
   #:use-module (gnu packages emacs)
+  #:use-module (gnu packages libusb)
   #:use-module (gnu packages openldap)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages perl-check)
@@ -232,6 +233,7 @@ compatible to GNU Pth.")
        ("libgcrypt" ,libgcrypt)
        ("libgpg-error" ,libgpg-error)
        ("libksba" ,libksba)
+       ("libusb" ,libusb)
        ("npth" ,npth)
        ("openldap" ,openldap)
        ("pcsc-lite" ,pcsc-lite)
@@ -246,12 +248,17 @@ compatible to GNU Pth.")
                           "--enable-all-tests")
       #:phases
       (modify-phases %standard-phases
+	;; (delete 'check)
         (add-before 'configure 'patch-paths
           (lambda* (#:key inputs #:allow-other-keys)
             (substitute* "scd/scdaemon.c"
               (("\"(libpcsclite\\.so[^\"]*)\"" _ name)
                (string-append "\"" (assoc-ref inputs "pcsc-lite")
                               "/lib/" name "\"")))
+            (substitute* "configure"
+              (("/usr/include/libusb-1.0")
+               (string-append (assoc-ref inputs "libusb")
+                              "/include/libusb-1.0")))
             #t))
         (add-after 'build 'patch-scheme-tests
           (lambda _

[signature.asc (application/pgp-signature, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#31337; Package guix. (Wed, 02 May 2018 07:02:02 GMT) Full text and rfc822 format available.

Message #8 received at 31337 <at> debbugs.gnu.org (full text, mbox):

From: Nils Gillmann <gillmann <at> infotropique.org>
To: Vagrant Cascadian <vagrant <at> debian.org>
Cc: 31337 <at> debbugs.gnu.org
Subject: Re: bug#31337: Unable to use gnuk usb smartcard token on GuixSD
Date: Wed, 2 May 2018 05:57:07 +0000

Vagrant Cascadian transcribed 3.3K bytes:
> I've been unable to use my gnuk usb smartcard token with gnupg on
> GuixSD, and it appears this is because scdaemon is built without libusb
> support:
> 
>       $ gpg --card-status
>       gpg: selecting openpgp failed: No such device
>       gpg: OpenPGP card not available: No such device
> 
> Attached is a patch that gets scdaemon working for me and a gnuk...
> 
> Unfortunately, enabling libusb causes one of the tets to hang
> indefinitely:
> 
>       PASS: tests/openpgp/decrypt-session-key.scm
>       Checking unwrapping the encryption.
>           > encsig-2-keys-3 encsig-2-keys-4 <
>       PASS: tests/openpgp/decrypt-unwrap-verify.scm
>       Checking signing with the default hash algorithm
>           >

There should be a test-suite.log in some location in the build chroot,
have you checked that? You might need to build with -K.

> So far, I've only been able to get it to work by disabling the
> tests... so it's obviously not a good idea to enable without further
> troubleshooting.
> 
> Another option might be to use pcsc-lite and ccid, but I had even less
> luck getting that to work.
> 
> 
> live well,
>   vagrant
> 
> 
> diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
> index f397482ab..0e9e72784 100644
> --- a/gnu/packages/gnupg.scm
> +++ b/gnu/packages/gnupg.scm
> @@ -39,6 +39,7 @@
>    #:use-module (gnu packages curl)
>    #:use-module (gnu packages crypto)
>    #:use-module (gnu packages emacs)
> +  #:use-module (gnu packages libusb)
>    #:use-module (gnu packages openldap)
>    #:use-module (gnu packages perl)
>    #:use-module (gnu packages perl-check)
> @@ -232,6 +233,7 @@ compatible to GNU Pth.")
>         ("libgcrypt" ,libgcrypt)
>         ("libgpg-error" ,libgpg-error)
>         ("libksba" ,libksba)
> +       ("libusb" ,libusb)
>         ("npth" ,npth)
>         ("openldap" ,openldap)
>         ("pcsc-lite" ,pcsc-lite)
> @@ -246,12 +248,17 @@ compatible to GNU Pth.")
>                            "--enable-all-tests")
>        #:phases
>        (modify-phases %standard-phases
> +	;; (delete 'check)
>          (add-before 'configure 'patch-paths
>            (lambda* (#:key inputs #:allow-other-keys)
>              (substitute* "scd/scdaemon.c"
>                (("\"(libpcsclite\\.so[^\"]*)\"" _ name)
>                 (string-append "\"" (assoc-ref inputs "pcsc-lite")
>                                "/lib/" name "\"")))
> +            (substitute* "configure"
> +              (("/usr/include/libusb-1.0")
> +               (string-append (assoc-ref inputs "libusb")
> +                              "/include/libusb-1.0")))
>              #t))
>          (add-after 'build 'patch-scheme-tests
>            (lambda _
Information forwarded to bug-guix <at> gnu.org:
bug#31337; Package guix. (Mon, 07 May 2018 10:06:02 GMT) Full text and rfc822 format available.

Message #11 received at 31337 <at> debbugs.gnu.org (full text, mbox):

From: ludo <at> gnu.org (Ludovic Courtès)
To: Vagrant Cascadian <vagrant <at> debian.org>
Cc: 31337 <at> debbugs.gnu.org
Subject: Re: bug#31337: Unable to use gnuk usb smartcard token on GuixSD
Date: Mon, 07 May 2018 12:04:48 +0200

Hi Vagrant,

Vagrant Cascadian <vagrant <at> debian.org> skribis:

> I've been unable to use my gnuk usb smartcard token with gnupg on
> GuixSD, and it appears this is because scdaemon is built without libusb
> support:
>
>       $ gpg --card-status
>       gpg: selecting openpgp failed: No such device
>       gpg: OpenPGP card not available: No such device
>
> Attached is a patch that gets scdaemon working for me and a gnuk...
>
> Unfortunately, enabling libusb causes one of the tets to hang
> indefinitely:
>
>       PASS: tests/openpgp/decrypt-session-key.scm
>       Checking unwrapping the encryption.
>           > encsig-2-keys-3 encsig-2-keys-4 <
>       PASS: tests/openpgp/decrypt-unwrap-verify.scm
>       Checking signing with the default hash algorithm
>           >
>
> So far, I've only been able to get it to work by disabling the
> tests... so it's obviously not a good idea to enable without further
> troubleshooting.

Did you try attaching strace or gdb to the faulty test to see what’s
going on?

It may be that this test depends on the availability of special hardware
or something like that, in which case we should arrange to skip just
this test.

Thanks for looking into it!

Ludo’.
Information forwarded to bug-guix <at> gnu.org:
bug#31337; Package guix. (Tue, 08 May 2018 05:54:01 GMT) Full text and rfc822 format available.

Message #14 received at 31337 <at> debbugs.gnu.org (full text, mbox):

From: Chris Marusich <cmmarusich <at> gmail.com>
To: Vagrant Cascadian <vagrant <at> debian.org>
Cc: 31337 <at> debbugs.gnu.org
Subject: Re: bug#31337: Unable to use gnuk usb smartcard token on GuixSD
Date: Mon, 07 May 2018 22:53:37 -0700

[Message part 1 (text/plain, inline)]
Vagrant Cascadian <vagrant <at> debian.org> writes:

> Another option might be to use pcsc-lite and ccid, but I had even less
> luck getting that to work.

When you tried that, did you enable the USB drivers by creating a
symlink as described here?

https://lists.gnu.org/archive/html/guix-devel/2016-10/msg01433.html

-- 
Chris

[signature.asc (application/pgp-signature, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#31337; Package guix. (Sat, 02 Jun 2018 21:34:02 GMT) Full text and rfc822 format available.

Message #17 received at 31337 <at> debbugs.gnu.org (full text, mbox):

From: Vagrant Cascadian <vagrant <at> debian.org>
To: Chris Marusich <cmmarusich <at> gmail.com>
Cc: 31337 <at> debbugs.gnu.org
Subject: Re: bug#31337: Unable to use gnuk usb smartcard token on GuixSD
Date: Sat, 02 Jun 2018 14:33:28 -0700

[Message part 1 (text/plain, inline)]
On 2018-05-07, Chris Marusich wrote:
> Vagrant Cascadian <vagrant <at> debian.org> writes:
>
>> Another option might be to use pcsc-lite and ccid, but I had even less
>> luck getting that to work.
>
> When you tried that, did you enable the USB drivers by creating a
> symlink as described here?
>
> https://lists.gnu.org/archive/html/guix-devel/2016-10/msg01433.html

With the symlink:

  lrwxrwxrwx 1 root root 41 Jun  2 06:31 /var/lib/pcsc/drivers -> /home/vagrant/.guix-profile/pcsc/drivers/

Then I tried to run:

  pcscd --debug --foreground
  00000000 pcscdaemon.c:347:main() pcscd set to foreground with debug send to stdout
  00000077 pcscdaemon.c:623:main() cannot create /var/run/pcscd: Permission denied

Running as root appears to have worked:

  sudo -E --debug --foreground pcscd

Then as a user, "gpg --card-status" works. Haven't tried any other
functionality yet, but that's a good start.


So this seems like a somewhat complicated workaround, and making a
proper pcscd service would reduce the complication significantly.  It
would obviously be slightly preferable to me for gnupg to support
smartcards out of the box. :)


live well,
  vagrant

[signature.asc (application/pgp-signature, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#31337; Package guix. (Sun, 13 Jun 2021 08:05:02 GMT) Full text and rfc822 format available.

Message #20 received at 31337 <at> debbugs.gnu.org (full text, mbox):

From: Brice Waegeneire <brice <at> waegenei.re>
To: Vagrant Cascadian <vagrant <at> debian.org>
Cc: Chris Marusich <cmmarusich <at> gmail.com>, 31337 <at> debbugs.gnu.org
Subject: Re: bug#31337: Unable to use gnuk usb smartcard token on GuixSD
Date: Sun, 13 Jun 2021 10:04:07 +0200

Hello Vagrant,

Vagrant Cascadian <vagrant <at> debian.org> writes:

> So this seems like a somewhat complicated workaround, and making a
> proper pcscd service would reduce the complication significantly.  It
> would obviously be slightly preferable to me for gnupg to support
> smartcards out of the box. :)

There is a pcscd service in Guix now. Do you still have issue with using
smartcard in Guix or can we close this one?

Cheers,
- Brice
Reply sent to Brice Waegeneire <brice <at> waegenei.re>:
You have taken responsibility. (Sun, 04 Jul 2021 11:02:02 GMT) Full text and rfc822 format available.
Notification sent to Vagrant Cascadian <vagrant <at> debian.org>:
bug acknowledged by developer. (Sun, 04 Jul 2021 11:02:02 GMT) Full text and rfc822 format available.

Message #25 received at 31337-close <at> debbugs.gnu.org (full text, mbox):

From: Brice Waegeneire <brice <at> waegenei.re>
To: Vagrant Cascadian <vagrant <at> debian.org>
Cc: Chris Marusich <cmmarusich <at> gmail.com>, 31337-close <at> debbugs.gnu.org
Subject: Re: bug#31337: Unable to use gnuk usb smartcard token on GuixSD
Date: Sun, 04 Jul 2021 13:01:02 +0200

Brice Waegeneire <brice <at> waegenei.re> writes:

Closing this issue since it's should be solved.  Feel free to reopen it
if it's not the case.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sun, 01 Aug 2021 11:24:05 GMT) Full text and rfc822 format available.
This bug report was last modified 2 years and 262 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.