Project

General

Profile

Packaging request #2154

[pcsclite]-openrc PGP-smartcard

anon7mous - 10 months ago - . Updated 9 months ago.

Status:
in progress
Priority:
bug
Assignee:
-
% Done:

0%


Description

gpg doesn't detect my PGP-USB-smartcard
I couldn't find any service for the PGP Smartcard daemon on OpenRC.

service `pcsclite' does not exist

There is no pcsclite-openrc package.
Arch-Wiki says:
"To use pscsd install pcsclite and ccid. Then start and/or enable pcscd.service. Alternatively start and/or enable pcscd.socket to activate the daemon when needed." [1] With OpenRC, I'm unable to do, so I searched in the gentoo-wiki. [2] It seems there is need for a openrc-service?

[1] https://wiki.archlinux.org/index.php/GnuPG#Smartcards
[2] https://wiki.gentoo.org/wiki/GnuPG#Installation
[3] https://packages.gentoo.org/useflags/smartcard

History

#2

Updated by bill-auger 10 months ago

we would not import the pre-made package from artix - we would re-package it

"possible" is probably not the most appropriate question - everything is possible with enough effort

the important questions that would need to be answered are:

  • how much work would this be to package and maintain?
  • is it FSDG-compliant?
  • how helpful or important is it?
  • how many users would find it helpful or important?

if you only want to know if it is possible, you really could answer that yourself by finding the PKGBUILD that artix uses, and try installing it yourself with makepkg - that would be the first thing that a parabola dev would need to do get started

as for the last two questions, i dont know how to use a "smart" GPG card on parabola - i dont even know what a "smart-card" is - probably just a meaningless marketing buzz-word - but maybe there already is some way to do what you want to do on parabola without adding a new package - it sounds important, so it seems to me like it would already be possible

it could just be that an init script needs to be written for openrc

#3

Updated by anon7mous 10 months ago

I am scared!
Every linux developer should use a pgp-smartcard to sign packages... https://www.kernel.org/nitrokey-digital-tokens-for-kernel-developers.html
Anyway,
this package is only a script in /etc/init.d/

#!/usr/bin/openrc-run
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2

name="PC/SC Daemon" 

pidfile=/run/pcscd/pcscd.pid

command=/usr/bin/pcscd
command_args="${EXTRA_OPTS}" 

start_stop_daemon_args="--user pcscd:pcscd" 

depend() {
    need localmount
    after udev openct dbus
    use logger
}

start_pre() {
    checkpath -d -m 0755 -o pcscd:pcscd /run/pcscd
}

#4

Updated by bill-auger 10 months ago

awesome, that looks like the sort of script that is needed

#5

Updated by anon7mous 10 months ago

If I munually add this Script to /etc/init.d/pcsclite and add the user/group pcscd I'm able to start the service but my smartcard wasn't detected. Seems that the packages does more than only copy the skript and create the user/group.
I couldn't find the original source or something helpful.
No chance to use my secured private-key. :(

#6

Updated by freemor 10 months ago

You should launch the daemon manually from a terminal and look for debugging info. that fact that your cardReader is not detected may have little to do with is the daemon is started.
In the past a user with similar issues had failed to install ccid
Could be a configuration issue
etc

#8

Updated by anon7mous 10 months ago

Previously, I used Parabola with systemd. There my Yubikey was detected without any problems.
So will you add the package to the parabola repos? I would be very happy. :)

#9

Updated by anon7mous 10 months ago

After adding /etc/conf.d/pcscd

    # config file for /etc/conf.d/pcscd

    EXTRA_OPTS="" 

    PCSCD_USER="root" 

    PCSCD_GROUP="root" 

And maybe etc/udev/rules.d/90-u2f-securitykey.rules
ATTRS{idVendor}=="1050", GROUP="plugdev", MODE="0660" 
ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", GROUP="plugdev", MODE="0660" 

My card was detected. *.*

#10

Updated by anon7mous 9 months ago

So what about adding this package?

#11

Updated by bill-auger 9 months ago

  • Status changed from open to in progress

anon7mous -

i have added this package to [pcr-testing] - can you please test it to make sure it works

#12

Updated by anon7mous 9 months ago

bill-auger wrote:

i have added this package to [pcr-testing] - can you please test it to make sure it works

Thank you!! :)
Is working.
However, a bit surprising, after I had removed the two above-mentioned files (on a test basis) and also restarted the computer, the card was still detected.When I had not created the two files, the card was not recognized.

Nevertheless, I believe that it could switch to the PCR-repo because the file /etc/conf.d/pcscd would be successfully created.

Also available in: Atom PDF