You are not logged in.
Setup of GnuPG with pcscd no longer works on a sssd user
https://wiki.archlinux.org/title/GnuPG#Always_use_pcscd
[2023-04-02T19:52:51+0200] [ALPM] upgraded pcsclite (1.9.9-2 -> 1.9.9-3)
[2023-04-02T19:53:45+0200] [ALPM] upgraded pcsc-tools (1.6.0-1 -> 1.6.2-1)
Getting this error
Apr 03 15:23:38 <host> systemd[1]: Started PC/SC Smart Card Daemon.
Apr 03 15:23:38 <host> pcscd[18957]: 00000000 auth.c:119:IsClientAuthorized() Error in authorization: GDBus.Error:org.gtk.GDBus.UnmappedGError.Quark._g_2dfile_2derror_2dquark.Code4: Failed to
open file “/proc/6196/status”: No such file or directory
Apr 03 15:23:38 <host> pcscd[18957]: 00000020 auth.c:137:IsClientAuthorized() Process 6196 (user: 30000) is NOT authorized for action: access_pcsc
Apr 03 15:23:39 <host> pcscd[18957]: 00000081 winscard_svc.c:335:ContextThread() Rejected unauthorized PC/SC client
Apr 03 15:23:39 <host> gpg-agent[6196]: scdaemon[6196]: pcsc_establish_context failed: inserted card (0x8010006a)
Apr 03 15:23:39 <host> gpg-agent[1624]: no device present
Apr 03 15:23:39 <host> gpg-agent[1624]: smartcard decryption failed: Operation cancelled
Apr 03 15:23:39 <host> gpg-agent[1624]: command 'PKDECRYPT' failed: Operation cancelled <Pinentry>
The process(6196) not authorized is the scdaemon run by the sssd user with the id 30000
Tried adding polkit rules as mentioned in https://github.com/SSSD/sssd/issues/5087 since it has the same error message but it does not help.
Anyone has a clue?
Offline
Hey there. I think I figured it out. This seems to be because the arch packagess enabled the polkit support flag in the latest build which enables certain policies/rules. However, the pcsc package seems to be using GDBus to check for authority explicitly and since on my system I'm using kde polkit the authorization fails. This happens whether or not a correctly permissive rules for access is created. There are two solutions. To downgrade pcsclite to .9-2 or to compile the most recent one yourself without the --enable-polkit flag. I'm not an expert in how the auth check is made so I have no idea what bug report to file or where.
Offline
The solution is documented here: https://wiki.archlinux.org/title/GnuPG# … nt_via_SSH
Offline