[pkg-gnupg-maint] Bug#1102717: gnupg: fails to interact with HSM after upgrade from 2.2.46

Andrew Bower andrew at bower.uk
Sat Apr 12 10:45:33 BST 2025 

Package: gnupg
Version: 2.4.7-14
Severity: normal

Dear Maintainer,

I upgraded gnupg from 2.2.46-6 to 2.4.7-13 and all operations with a hardware
security module (Yubikey 5) now fail.

It may be that there is a user configuration or dependency change that needs
satisfying but I can't find any documentation to that effect:

# gpg --card-status
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device

Other tools such as yubioath-desktop and ykman can interact with the device
fine:

$ ykman list
YubiKey 5 NFC (5.2.7) [OTP+FIDO+CCID] Serial: 

Other packages:

ii  pcscd          2.3.3-1      amd64        Middleware to access a smart card using PC/SC (daemon side)
ii  scdaemon       2.4.7-14     amd64        GNU privacy guard - smart card support

Running processes:

root      2143  0.0  0.0 487728  8232 ?        Sl   10:24   0:00 /usr/sbin/pcscd
andy      4308  0.0  0.0 164448  4320 ?        SLl  10:25   0:00 scdaemon --multi-server
root      4334  0.0  0.0 164448  4256 ?        SLl  10:25   0:00 scdaemon --multi-server

Although other aspects of gnupg may operate fine, for me this is a serious
issue and I will need to downgrade to the previous upstream release in order to
continue operating as a Debian contributor because my private key resides on my
HSM!

I appreciate that there has been a lot of work behind getting this new upstream
release into Debian so thank you and I hope this bug report helps. Let me know
if you need anything else from me.

Andrew


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.12.19-amd64 (SMP w/24 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages gnupg depends on:
ii  dirmngr     2.4.7-14
ii  gnupg-l10n  2.4.7-14
ii  gpg         2.4.7-14
ii  gpg-agent   2.4.7-14
ii  gpgsm       2.4.7-14

Versions of packages gnupg recommends:
ii  gnupg-utils     2.4.7-14
ii  gpg-wks-client  2.4.7-14
ii  gpgv            2.4.7-14

Versions of packages gnupg suggests:
pn  gpg-wks-server  <none>
pn  parcimonie      <none>
pn  xloadimage      <none>

-- no debconf information

More information about the pkg-gnupg-maint mailing list