Unable to use Yubikey without additional pcsc rules #180

jmgilman · 2023-12-31T23:28:53Z

I was unable to get my Yubikey to work with GPG on the latest bluefin-dx image:

$ gpg --card-status
gpg: OpenPGP card not available: No such device

It was necessary to add some additional rules in /etc/polkit-1/rules.d/99-pcscd.rules:

polkit.addRule(function(action, subject) {
        if (action.id == "org.debian.pcsc-lite.access_card" &&
                subject.isInGroup("wheel")) {
                return polkit.Result.YES;
        }
});
polkit.addRule(function(action, subject) {
        if (action.id == "org.debian.pcsc-lite.access_pcsc" &&
                subject.isInGroup("wheel")) {
                return polkit.Result.YES;
        }
});

With these rules, I was able to access the Yubikey. I'm unsure if this is worth baking into the main image.

The text was updated successfully, but these errors were encountered:

jmgilman · 2024-01-01T00:51:01Z

One other issue: even after adding the above rules, they seem to not take effect after a reboot. I get the same error trying to access the Yubikey. However, manually restarting the pcsc daemon fixes the issue:

sudo systemctl restart pcscd

Is there something going on that would prevent the rules from applying after a reboot?

bsherman mentioned this issue Feb 19, 2024

fix: add pcscd polkit rule for Yubikey access ublue-os/main#500

Closed

rothgar linked a pull request Mar 11, 2024 that will close this issue

fix: add polkit rules for yubikey #231

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Unable to use Yubikey without additional pcsc rules #180

Unable to use Yubikey without additional pcsc rules #180

jmgilman commented Dec 31, 2023

jmgilman commented Jan 1, 2024

Unable to use Yubikey without additional pcsc rules #180

Unable to use Yubikey without additional pcsc rules #180

Comments

jmgilman commented Dec 31, 2023

jmgilman commented Jan 1, 2024