git commit signing: Asked for smartcard as it's plugged in
NIIBE Yutaka
gniibe at fsij.org
Wed Mar 28 02:00:02 CEST 2018
Gabriel Augendre <gaugendre at gmail.com> wrote:
> Whenever I need to sign a git commit, I need to plug my Yubikey in and
> type the pin code. That works perfectly just after logging into my
> session, but if the computer goes to sleep (that's my guess, not sure
> about that) and I wake it up and try to sign another commit, GPGTools
> pinentry keeps asking to plug the yubikey in even though it's already
> there.
I think that this is related to the bug report:
https://dev.gnupg.org/T3825
I found that there are (at least four) different issues; Device firmware
problem, GnuPG scdaemon problem, PC/SC problem for GNU/Linux, and Linux
kernel problem.
Since your case is on macOS, latter two are not relevant.
I think that Yubikey somehow doesn't work well for USB suspend. For
this problem, please contact the manufacturer.
I fixed a problem of GnuPG scdaemon and implemented work around for
device problem. It will be in 2.2.6. With the fix and the work around,
scdaemon tries to reset device after such a failure. So, you won't need
to manually re-plug your device, but PIN input will be required, since
the device will be reset.
For GNU/Linux, I'd recommend to use internal CCID driver, instead. It
seems that PC/SC development doesn't have an interest for suspend/resume.
The kernel problem is here:
https://www.spinics.net/lists/kernel/msg2757378.html
Since it is a kind of corner case which has been there long time, I
could not expect fix will be included soonish (or even getting
attention). Thus, I changed scdaemon using pipe instead of signal (in
forthcoming 2.2.6).
--
More information about the Gnupg-users
mailing list