[pkg-gnupg-maint] Bug#854005: Bug#854005: ssh-agent no longer works
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sun Feb 5 21:50:08 UTC 2017
On Sun 2017-02-05 06:20:38 -0500, Wouter Verhelst wrote:
> I concur; the workaround is relatively easy (choose one option, where
> "CCID" is probably the most common and certainly the most tested by
> the developers themselves, and disable the other method), and after
> that the problem is gone.
To be concrete, i believe the two proposed solutions for users are:
Do not use PCSC
---------------
Either system-wide:
apt purge pcscd
or per-user:
echo 'pcsc-driver:0:"does-not-exist' | gpgconf --change-options scdaemon
Do not use CCID
---------------
echo disable-ccid:0:1 | gpgconf --change-options scdaemon
> However, the gnupg package maintainers might want to think about how
> to best document this issue.
aiui, CCID is the preferred method for scdaemon to access smartcards.
Would it make sense instead to just change the defaults for pcsc-driver
to be the empty string?
In that case, people who have pcsc-specific devices (that won't be
available via ccid directly) would do:
printf 'pcsc-driver:0:"libpcsclite.so.1\n' | gpgconf --change-options scdaemon
(this enables both pcsc and ccid, returning to the current default)
And the people who need to use devices that can be used via both
mechanisms (and therefore need to disable ccid) can instead do:
printf 'pcsc-driver:0:"libpcsclite.so.1\ndisable-ccid:0:1\n' | gpgconf --change-options scdaemon
(this enables pcsc and disables ccid)
gniibe, what do you think of this proposed change to the defaults?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170205/a7f7c774/attachment.sig>
More information about the pkg-gnupg-maint
mailing list