Project

General

Profile

Packaging request #2154

[pcsclite]-openrc PGP-smartcard

Added by anon7mous 22 days ago. Updated 5 days ago.

Status:
in progress
Priority:
bug
Assignee:
-
% Done:

0%


Description

gpg doesn't detect my PGP-USB-smartcard
I couldn't find any service for the PGP Smartcard daemon on OpenRC.

service `pcsclite' does not exist

There is no pcsclite-openrc package.
Arch-Wiki says:
"To use pscsd install pcsclite and ccid. Then start and/or enable pcscd.service. Alternatively start and/or enable pcscd.socket to activate the daemon when needed." [1] With OpenRC, I'm unable to do, so I searched in the gentoo-wiki. [2] It seems there is need for a openrc-service?

[1] https://wiki.archlinux.org/index.php/GnuPG#Smartcards
[2] https://wiki.gentoo.org/wiki/GnuPG#Installation
[3] https://packages.gentoo.org/useflags/smartcard

History

#2 Updated by bill-auger 21 days ago

we would not import the pre-made package from artix - we would re-package it

"possible" is probably not the most appropriate question - everything is possible with enough effort

the important questions that would need to be answered are:

  • how much work would this be to package and maintain?
  • is it FSDG-compliant?
  • how helpful or important is it?
  • how many users would find it helpful or important?

if you only want to know if it is possible, you really could answer that yourself by finding the PKGBUILD that artix uses, and try installing it yourself with makepkg - that would be the first thing that a parabola dev would need to do get started

as for the last two questions, i dont know how to use a "smart" GPG card on parabola - i dont even know what a "smart-card" is - probably just a meaningless marketing buzz-word - but maybe there already is some way to do what you want to do on parabola without adding a new package - it sounds important, so it seems to me like it would already be possible

it could just be that an init script needs to be written for openrc

#3 Updated by anon7mous 20 days ago

I am scared!
Every linux developer should use a pgp-smartcard to sign packages... https://www.kernel.org/nitrokey-digital-tokens-for-kernel-developers.html
Anyway,
this package is only a script in /etc/init.d/

#!/usr/bin/openrc-run
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2

name="PC/SC Daemon" 

pidfile=/run/pcscd/pcscd.pid

command=/usr/bin/pcscd
command_args="${EXTRA_OPTS}" 

start_stop_daemon_args="--user pcscd:pcscd" 

depend() {
    need localmount
    after udev openct dbus
    use logger
}

start_pre() {
    checkpath -d -m 0755 -o pcscd:pcscd /run/pcscd
}

#4 Updated by bill-auger 20 days ago

awesome, that looks like the sort of script that is needed

#5 Updated by anon7mous 19 days ago

If I munually add this Script to /etc/init.d/pcsclite and add the user/group pcscd I'm able to start the service but my smartcard wasn't detected. Seems that the packages does more than only copy the skript and create the user/group.
I couldn't find the original source or something helpful.
No chance to use my secured private-key. :(

#6 Updated by freemor 19 days ago

You should launch the daemon manually from a terminal and look for debugging info. that fact that your cardReader is not detected may have little to do with is the daemon is started.
In the past a user with similar issues had failed to install ccid
Could be a configuration issue
etc

#8 Updated by anon7mous 18 days ago

Previously, I used Parabola with systemd. There my Yubikey was detected without any problems.
So will you add the package to the parabola repos? I would be very happy. :)

#9 Updated by anon7mous 18 days ago

After adding /etc/conf.d/pcscd

    # config file for /etc/conf.d/pcscd

    EXTRA_OPTS="" 

    PCSCD_USER="root" 

    PCSCD_GROUP="root" 

And maybe etc/udev/rules.d/90-u2f-securitykey.rules
ATTRS{idVendor}=="1050", GROUP="plugdev", MODE="0660" 
ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", GROUP="plugdev", MODE="0660" 

My card was detected. *.*

#10 Updated by anon7mous 7 days ago

So what about adding this package?

#11 Updated by bill-auger 5 days ago

  • Status changed from open to in progress

anon7mous -

i have added this package to [pcr-testing] - can you please test it to make sure it works

Also available in: Atom PDF