YubiKey/OpenPGP card connection issues for non-root user

[Felix E. Klee]

On Mon, Aug 7, 2023 at 9:00 AM NIIBE Yutaka <gniibe at fsij.org> wrote:
> Please note that there may be two methods to access the device in
> scdaemon:
>
>   * in-stock CCID driver of scdaemon
>   * the PC/SC service
>
> Your output shows that you are connecting the smartcard reader through
> the PC/SC service.

Interesting. I assume the problem is down to a race-condition with the
two competing for access. That would explain its apparent randomness.

> If it's not your intention and your scdaemon has support of in-stock
> CCID driver, I'd recommend not to use the PC/SC service. Perhaps,
> simply uninstall pcscd.

I prefer not to, because: I may install the PC/SC service again in the
future and then I likely will have forgotten about our conversation
here.

> If you have a reason using PC/SC service (say, for example, you need
> the service for other applications and other cards, as well as your
> use of OpenPGP smartcard for GnuPG), please make sure that you
> configure the PC/SC service correctly.

Indeed it was not properly set up:

    [felix at felix-arch ~]$ opensc-tool -l
    No smart card readers found.

I added a Polkit rule following the [instructions][1] for PC/SC:

    [root at felix-arch ~]# cat /etc/polkit-1/rules.d/01-pcscd.rules
    polkit.addRule(function(action, subject) {
        if (action.id == "org.debian.pcsc-lite.access_pcsc" &&
            subject.user == "felix") {
                return polkit.Result.YES;
        }
    });

Now it works:

    [felix at felix-arch ~]$ opensc-tool -l
    # Detected readers (pcsc)
    Nr.  Card  Features  Name
    0    Yes             Yubico YubiKey CCID 00 00

I should see in the upcoming days whether that solves the issue.

Thank you!

[1]: https://github.com/LudovicRousseau/PCSC/blob/master/doc/README.polkit