There appears to be a problem (possibly related to 59281f742a0ce8def71be3576129b4178ec579bb) communicating with the yubikey when using libusb-compat.
To Reproduce
❯ gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
Then, using a gpg with libusb = libusb1
❯ pkill gpg-agent
❯ $(nix-build --no-out-link -E 'with import <nixpkgs> {}; gnupg.override { libusb = libusb1; }')/bin/gpg --card-status
[ gpg finds the card and works correctly ]
srhb
All 17 comments
did you enable pcscd deamon ?
In my case I also added the line reader-port Yubico Yubi to .gnupg/scdaemon.conf (See Troubleshooting Issues with GPG).
sylv-io
on 13 Apr 2020
No, I'm explicitly not using pcscd, because I find it annoying in my workflow -- I haven't tested if that method is also affected. This is a regression regardless, however. :)
srhb
on 13 Apr 2020
(If I was unclear in my description, the second example makes everything work again like it used to, without pcscd.)
srhb
on 13 Apr 2020
my bad. I didn't read your description correctly.
Using libusb instead of pcsc sounds great, I will adapt my config :)
sylv-io
on 13 Apr 2020
Oh I just fell back on pcscd and it worked again, so I didn't look further…
jpotier
on 14 Apr 2020
pcscd worked only for a while for me. I can't seem to get it to work at all with the current unstable channel.
MasseR
on 14 Apr 2020
Same, pcscd trick sorta stopped working :(
jpotier
on 14 Apr 2020
Well, this:
$(nix-build --no-out-link -E 'with import <nixpkgs> {}; gnupg.override { libusb = libusb1; }')/bin/gpg --card-status
now fails (without pcscd daemon)
jpotier
on 14 Apr 2020
It also applies to Librem Key. I guess new libusb-compat breaks just any usb smartcard.
snglth
on 15 Apr 2020
Broke my setup as well. I don't use pcscd. With pcscd I could get gnupg working again (but in an annoying way because it has never worked well and is also pointless as it doesn't provide any value). The suggested fix by @srhb is working for me.
johnae
on 15 Apr 2020
Latest unstable is still broken but now it seems the fix here doesn't help anymore.
-- Update
Seems something is wrong with pinentry-gnome3 rather. Switched to gtk2-version for now.
johnae
on 25 Apr 2020
Fwiw, this was a blocker for me so I had to switch the channel back to stable.
MasseR
on 27 Apr 2020
I'm currently working on unstable with pcscd daemon, which regularly fails when I plug-in my key, but works after being forcibly restarted :shrug: Not great, but can work with that.
jpotier
on 27 Apr 2020
Seems to be fixed for me with 6673a4988e4a4ff25ca94a84d8e2acf92453dbf1. I'll verify later and close this.
srhb
on 27 Apr 2020
Can also confirm that it works now on unstable. I'm on 20.09pre222973.7c399a4ee08 (Nightingale), which includes 6673a49. Successfully disabled pcscd daemon.
jpotier
on 28 Apr 2020
This issue has been mentioned on NixOS Discourse. There might be relevant details there:
https://discourse.nixos.org/t/yubikey-smartcard-challenge-mode-usable-on-remote-ssh/8936/5
nixos-discourse
on 9 Sep 2020
This issue has been mentioned on NixOS Discourse. There might be relevant details there:
https://discourse.nixos.org/t/yubikey-smartcard-challenge-mode-usable-on-remote-ssh/8936/6
nixos-discourse
on 9 Sep 2020
Related issues
copumpkin
·
3Comments
langston-barrett
·
3Comments
yawnt
·
3Comments
chris-martin
·
3Comments
sid-kap
·
3Comments
Most helpful comment
Seems to be fixed for me with 6673a4988e4a4ff25ca94a84d8e2acf92453dbf1. I'll verify later and close this.