Page MenuHome GnuPG
Create Task
Maniphest T4998

scdaemon: PC/SC "No such device" without reader-port
Closed, ResolvedPublic
Actions

Description

I am using a YubiKey 5 NFC with GnuPG via PC/SC. I have added disable-ccid to scdaemon.conf (to avoid conflicting with pcscd, based on https://bugs.debian.org/854005 https://github.com/LudovicRousseau/PCSC/issues/65 and https://ludovicrousseau.blogspot.com/2019/06/gnupg-and-pcsc-conflicts.html ). With the YubiKey inserted (as shown by pcsc_scan) gpg --card-status prints:

gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device

With debug-level expert, scdaemon logs:

2020-07-16 16:53:22 scdaemon[5479] listening on socket '/run/user/1000/gnupg/S.scdaemon'
2020-07-16 16:53:22 scdaemon[5479] handler for fd -1 started
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 -> OK GNU Privacy Guard's Smartcard server ready
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 <- GETINFO socket_name
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 -> D /run/user/1000/gnupg/S.scdaemon
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 -> OK
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 <- OPTION event-signal=12
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 -> OK
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 <- GETINFO version
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 -> D 2.2.20
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 -> OK
2020-07-16 16:53:22 scdaemon[5479] DBG: chan_7 <- SERIALNO
2020-07-16 16:53:23 scdaemon[5479] detected reader 'Lenovo Integrated Smart Card Reader 00 00'
2020-07-16 16:53:23 scdaemon[5479] detected reader 'Yubico YubiKey FIDO+CCID 01 00'
2020-07-16 16:53:23 scdaemon[5479] detected reader ''
2020-07-16 16:53:23 scdaemon[5479] reader slot 0: not connected
2020-07-16 16:53:23 scdaemon[5479] reader slot 0: not connected
2020-07-16 16:53:23 scdaemon[5479] DBG: chan_7 -> ERR 100696144 No such device <SCD>
2020-07-16 16:53:23 scdaemon[5479] DBG: chan_7 <- RESTART
2020-07-16 16:53:23 scdaemon[5479] DBG: chan_7 -> OK

After many hours of investigating, I was able to make the card work by adding reader-port Yubico YubiKey FIDO+CCID to scdaemon.conf. To save those hours for future users, I suggest that scdaemon not require reader-port for PC/SC when only one card is inserted (and for parity with the built-in CCID driver, which works for me without reader-port). If that is not possible, I would suggest the scdaemon output and log to give some indication that reader-port is required to resolve the No such device/`not connected' error, which was not apparent to me.

Thanks for considering,
Kevin

Details

Version
2.2.20

Revisions and Commits

rG GnuPG
rG46d185f60397 scd: PC/SC: Don't release the context when it's in use.

Related Objects
Search...

Event Timeline

kevinoid created this task.Jul 17 2020, 1:05 AM
kevinoid updated the task description. (Show Details)
gniibe claimed this task.EditedJul 17 2020, 2:54 AM
gniibe triaged this task as Normal priority.
gniibe added a project: Restricted Project.
gniibe added a subscriber: gniibe.

Thanks for your report.
Major reason was multiple card readers/tokens were not supported by PC/SC handling of scdaemon, only a single reader was assumed, so, user had to specify one if it's not the first one.
Multiple reader by PC/SC support was added in master (to be 2.3), so, I think the problem is solved in master.

It was tracked by T3300: scd: Support multiple readers by PC/SC driver.
But T3300 had not got much interest, for some reason.
Then, it was supported while handling T4301: Handling multiple subkeys on two SmartCards.

gniibe added a parent task: T3300: scd: Support multiple readers by PC/SC driver.Jul 17 2020, 2:59 AM
kevinoid added a comment.Jul 17 2020, 3:27 AM

Thanks for the detailed explanation, I'm glad to hear it! Out of curiosity, I tried running echo 'serialno openpgp' | ./scd/scdaemon --log-file - -v --server built from 43000b043 and it printed:

scdaemon[72566]: NOTE: this is a development version!
scdaemon[72566]: enabled debug flags: cache ipc cardio
2020-07-16 19:12:18 scdaemon[72566] handler for fd -1 started
2020-07-16 19:12:18 scdaemon[72566] DBG: chan_5 -> OK GNU Privacy Guard's Smartcard server ready
OK GNU Privacy Guard's Smartcard server ready
2020-07-16 19:12:18 scdaemon[72566] DBG: chan_5 <- serialno openpgp
2020-07-16 19:12:18 scdaemon[72566] detected reader 'Lenovo Integrated Smart Card Reader 00 00'
2020-07-16 19:12:18 scdaemon[72566] detected reader 'Yubico YubiKey FIDO+CCID 01 00'
2020-07-16 19:12:18 scdaemon[72566] reader slot 0: not connected
2020-07-16 19:12:18 scdaemon[72566] reader slot 0: not connected
2020-07-16 19:12:18 scdaemon[72566] DBG: chan_5 -> S PINCACHE_PUT 0// 
S PINCACHE_PUT 0// 
Segmentation fault

with backtrace

#0  __strlen_sse2 () at ../sysdeps/x86_64/multiarch/../strlen.S:120
#1  0x00007ffff7e952b3 in _gcry_strdup_core (string=string@entry=0x0, 
    xhint=xhint@entry=0) at ../../src/global.c:1086
#2  0x00007ffff7e95fb7 in _gcry_strdup (string=string@entry=0x0)
    at ../../src/global.c:1106
#3  0x00007ffff7e93645 in gcry_strdup (string=string@entry=0x0)
    at ../../src/visibility.c:1524
#4  0x0000555555566b4d in open_pcsc_reader (rdrname=rdrname@entry=0x0)
    at apdu.c:1191
#5  0x00005555555688ff in apdu_open_reader (dl=0x7ffff0001fe0) at apdu.c:2178
#6  0x00005555555734ca in select_application (ctrl=ctrl@entry=0x5555555e0470, 
    name=<optimized out>, name@entry=0x7ffff0002989 "openpgp", 
    r_card=r_card@entry=0x5555555e0480, scan=scan@entry=1, 
    serialno_bin=serialno_bin@entry=0x0, serialno_bin_len=0) at app.c:686
#7  0x0000555555560ef5 in open_card_with_request (opt_all=0, 
    serialno=<optimized out>, apptypestr=<optimized out>, ctrl=0x5555555e0470)
    at command.c:266
#8  cmd_serialno (ctx=0x7ffff0002830, line=<optimized out>) at command.c:332
#9  0x00007ffff7e0fa21 in dispatch_command (ctx=0x7ffff0002830, 
    line=0x7ffff0002989 "openpgp", linelen=<optimized out>)
    at ../../src/assuan-handler.c:676
#10 0x00007ffff7e0fd89 in process_request (ctx=0x7ffff0002830)
    at ../../src/assuan-handler.c:872
#11 assuan_process (ctx=0x7ffff0002830) at ../../src/assuan-handler.c:895
#12 0x0000555555562b5b in scd_command_handler (ctrl=0x5555555e0470, 
    fd=<optimized out>) at command.c:2344
#13 0x000055555555fa45 in start_connection_thread (
    arg=arg@entry=0x5555555e0470) at scdaemon.c:1188
#14 0x00007ffff7e034be in thread_start (startup_arg=<optimized out>)
    at ../../src/npth.c:306
#15 0x00007ffff7de8f27 in start_thread (arg=<optimized out>)
    at pthread_create.c:479
#16 0x00007ffff7cf731f in clone ()
    at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

I'm not sure if that's useful or more likely a problem with how I'm testing. Let me know if there's anything else I can do to help test. Otherwise, I'll look forward to the release of 2.3!

gniibe added a comment.Jul 17 2020, 3:52 AM

Thanks for your testing.

While it surely detects two readers, something seems wrong. Perhaps, error handling for the first reader with no card may be bad.

Could you please add --debug-all --debug-level guru to get more information?

gniibe added a comment.Jul 17 2020, 3:56 AM

Ah, I identified an issue.
While it's in a loop of trying readers (in select_application in scd/app.c), it should not deallocate resources to access readers, even if reference count == 0.
I'll fix.

kevinoid added a comment.Jul 17 2020, 4:14 AM

Thanks again @gniibe! In case it's still useful, I bisected to 1080e91ef. The output with --debug-all --debug-level guru is:

scdaemon[416874]: reading options from '/home/kevin/.gnupg/scdaemon.conf'
scdaemon[416874]: reading options from '[cmdline]'
scdaemon[416874]: NOTE: this is a development version!
scdaemon[416874]: enabled debug flags: mpi crypto memory cache memstat hashing ipc cardio reader app
2020-07-16 20:13:00 scdaemon[416874] handler for fd -1 started
2020-07-16 20:13:00 scdaemon[416874] DBG: chan_5 -> OK GNU Privacy Guard's Smartcard server ready
OK GNU Privacy Guard's Smartcard server ready
2020-07-16 20:13:00 scdaemon[416874] DBG: chan_5 <- serialno
2020-07-16 20:13:00 scdaemon[416874] detected reader 'Lenovo Integrated Smart Card Reader 00 00'
2020-07-16 20:13:00 scdaemon[416874] detected reader 'Yubico YubiKey FIDO+CCID 01 00'
2020-07-16 20:13:00 scdaemon[416874] DBG: apdu_open_reader: Lenovo Integrated Smart Card Reader 00 00
2020-07-16 20:13:00 scdaemon[416874] DBG: apdu_open_reader: new device=Lenovo Integrated Smart Card Reader 00 00
2020-07-16 20:13:00 scdaemon[416874] reader slot 0: not connected
2020-07-16 20:13:00 scdaemon[416874] DBG: enter: apdu_connect: slot=0
2020-07-16 20:13:00 scdaemon[416874] reader slot 0: not connected
2020-07-16 20:13:00 scdaemon[416874] DBG: leave: apdu_connect => sw=0x10008
2020-07-16 20:13:00 scdaemon[416874] DBG: chan_5 -> S PINCACHE_PUT 0// 
S PINCACHE_PUT 0// 
2020-07-16 20:13:00 scdaemon[416874] DBG: enter: apdu_close_reader: slot=0
2020-07-16 20:13:00 scdaemon[416874] DBG: enter: apdu_disconnect: slot=0
2020-07-16 20:13:00 scdaemon[416874] DBG: leave: apdu_disconnect => sw=0x0
2020-07-16 20:13:00 scdaemon[416874] DBG: leave: apdu_close_reader => 0x0 (close_reader)
2020-07-16 20:13:00 scdaemon[416874] DBG: apdu_open_reader: (null)
2020-07-16 20:13:00 scdaemon[416874] DBG: apdu_open_reader: new device=(null)
gniibe added a commit: rG46d185f60397: scd: PC/SC: Don't release the context when it's in use..Jul 17 2020, 4:15 AM
gniibe added a comment.Jul 17 2020, 4:16 AM

Thanks a lot.
I pushed a fix as rG46d185f60397: scd: PC/SC: Don't release the context when it's in use..

kevinoid added a comment.Jul 17 2020, 4:20 AM

46d185f60 doesn't segfault and does prints the YubiKey card information, even without reader-port configured. Perfect! That will fix the issue for me. Looking forward to seeing it released. Thanks again @gniibe!

gniibe added a comment.Jul 17 2020, 4:28 AM

I am happy that your use case will be supported, and the bug was fixed before the release.
It's me who say "thank you" to you!

werner added a subscriber: werner.Jul 17 2020, 3:02 PM

That could also be the reason for some strange behaviour I have sometimes with my bunch or readers. I have not had the time to look into this and thus opted for a gpgconf --kill scdaemon which fixes things quickly but of course this is a bad workaround.

gniibe changed the task status from Open to Testing.Nov 10 2020, 4:00 AM
gniibe mentioned this in T5143: YubiKey 5 Nano GPG --card-edit verify command causes a segfault.Nov 19 2020, 9:24 AM
gniibe closed this task as Resolved.Jan 28 2021, 3:07 AM
mhalano added a subscriber: mhalano.Mar 14 2021, 1:55 AM