Bug#773304: gnome-keyring: fails to support openpgp smartcard (SCD SERIALNO openpgp: 103 unknown command)

Tzafrir Cohen tzafrir at debian.org
Tue Dec 16 16:28:15 UTC 2014 

Package: gnome-keyring
Version: 3.14.0-1+b1
Severity: normal

Dear Maintainer,

I tried using an OpenPGP smartcard reader under Mate (which uses
gnome-keyring) and got an error from gpg about "unknown command".

An strace of pgp shows the following:

Various commands working, such as:

  write(7, "OPTION lc-messages=he_IL.UTF-8", 30) = 30
  write(7, "\n", 1)                       = 1
  read(7, "OK \n", 1002)                  = 4

And then:

  write(7, "SCD SERIALNO openpgp", 20)    = 20
  write(7, "\n", 1)                       = 1
  read(7, "ERR 103 unknown command\n", 1002) = 24

Indeed:

  $ gpg-connect-agent 'SCD SERIALNO openpgp' /bye
  ERR 103 unknown command

However if I bypass gnome-keyring-daemon:

  $ env `cat ~/.gnupg/gpg-agent-info-*` gpg-connect-agent 'SCD SERIALNO openpgp' /bye
  S SERIALNO <snipped> 0
  OK

  $ echo $GPG_AGENT_INFO 
  /run/user/1000/keyring/gpg:0:1

  $ cat ~/.gnupg/gpg-agent-info-*
  GPG_AGENT_INFO=/tmp/gpg-wjqbJb/S.gpg-agent:30515:1

So the workaround is to manually set GPG_AGENT_INFO, or tell the gnome
keyring not to work as a gpg agent (and add it myself):

  https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/884856

which is a regression vs. my previous "simple" desktop (fluxbox) where
an OpenPGP agent (with support for a smart card) works out of the box:
/etc/X11/Xsession.d/90gpg-agent

There are probably some other fixes that I'm not going to try right now
as I don't want to re-login.


Note: I use lightdm and mate.

-- System Information:
Debian Release: 8.0
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: armhf

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=he_IL.UTF-8, LC_CTYPE=he_IL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnome-keyring depends on:
ii  dbus-x11                                     1.8.12-1
ii  dconf-gsettings-backend [gsettings-backend]  0.22.0-1
ii  gcr                                          3.14.0-2
ii  libc6                                        2.19-13
ii  libcap-ng0                                   0.7.4-2
ii  libcap2-bin                                  1:2.24-6
ii  libdbus-1-3                                  1.8.12-1
ii  libgck-1-0                                   3.14.0-2
ii  libgcr-base-3-1                              3.14.0-2
ii  libgcrypt20                                  1.6.2-4+b1
ii  libglib2.0-0                                 2.42.1-1
ii  p11-kit                                      0.20.7-1

Versions of packages gnome-keyring recommends:
ii  libpam-gnome-keyring  3.14.0-1+b1

gnome-keyring suggests no packages.

-- no debconf information

More information about the pkg-gnome-maintainers mailing list