Udev Rules for SmartCard Support

Bug #57755 reported by Lukas Fittl
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gnupg (Ubuntu)
Fix Released
Wishlist
Unassigned
gnupg2 (Ubuntu)
Fix Released
Wishlist
Unassigned
hal (Ubuntu)
Fix Released
Wishlist
Martin Pitt

Bug Description

To use OpenPGP SmartCards with gnupg you need a working SmartCard reader. These devices are not supported out-of-the-box in Ubuntu because the udev rules are missing. If the rules are there by default, Ubuntu will be the first "Fellowship-Ready" distro (http://fsfe.org/en/fellows/greve/freedom_bits/ubuntu_to_be_first_fellowship_ready_distribution) :)

Until this is fixed, users have to use the following howto: http://fsfe.org/en/card/howto/card_reader_howto_udev

Revision history for this message
Lukas Fittl (lfittl) wrote :
Revision history for this message
Lukas Fittl (lfittl) wrote :

The following patch also creates/deletes the group scard in postinst/postrm, I am not sure if everything concerning this is done right.

Revision history for this message
Lukas Fittl (lfittl) wrote :

Rewrote the debian/changelog entry.

Revision history for this message
Lukas Fittl (lfittl) wrote :

Argh, I shouldn't upload stuff when I am tired, this time it really is the better changelog entry.

Lukas Fittl (lfittl)
Changed in gnupg:
assignee: nobody → ubuntu-main-sponsors
Revision history for this message
Martin Knudsen (brainwashed) wrote :

Will this be implemented soon? Seems to work for me, but didn't out of the box.

Revision history for this message
Daniel Holbach (dholbach) wrote :

Kyle: can you take a look at it?

Changed in gnupg:
assignee: ubuntu-main-sponsors → kyle
Revision history for this message
Kyle McMartin (kyle) wrote :

patch looks fine.

Revision history for this message
Tollef Fog Heen (tfheen) wrote :

Those rules are already shipped in libccid, is there any reason to ship them in gnupg instead?

I didn't have to set the permissions differently from what they are shipped as default, it just worked.

Revision history for this message
Michael Bienia (geser) wrote :

gnupg{,2} supports some SCM smartcard readers directly and doesn't need libccid (or any other lib) for it.

I've such a smartcard reader and all I needed to do was to add the udev rules file for it. I don't have libccid installed.

Both gnupg and gnupg2 (and possibly libccid) would benefit from the udev rules file. Perhaps it should be shipped with udev.

Revision history for this message
Scott James Remnant (Canonical) (canonical-scott) wrote :

Ubuntu policy is that rules for devices such as this, which require an auxiliary group, should be shipped in the package that creates that group.

In this case, the "scard" group is created by libccid, so that should ship the rules, not udev.

Revision history for this message
Daniel Holbach (dholbach) wrote :

Unsubscribing Ubuntu Sponsors for main from this bug for now, until changes are taken care of.

Revision history for this message
Peter Lewis (prlewis) wrote :

Hi, is this fixed in Hardy?

Revision history for this message
Michael Bienia (geser) wrote :

Unfortunately it's not fixed in hardy. It's not clear who should install those udev rules as three packages (libccid, gnupg, gnupg2) can use those rules and the "scard" group but are independent from each other.

Revision history for this message
Peter Magnusson (kmpm) wrote :

How hard is it to create a package with just the udev rules and have dependencies set up from all three of them?
This would include the group and the rules.

Just a suggestion, i'm not good enough at packageing to do it myself and for the moment I don't have time to learn.

Daniel T Chen (crimsun)
Changed in gnupg:
importance: Undecided → Wishlist
status: New → Confirmed
Revision history for this message
Michael Bienia (geser) wrote :

Installing that udev rules file was dismissed as it would introduce a new group. Here is a Hal/PolicyKit solution which adds ACLs to the USB device for the currently logged-in user.
And as both gnupg and gnupg2 can natively access that SCM smart-card readers it will be added to hal (there seems to be no better place).

Changed in gnupg:
status: Confirmed → Invalid
Changed in hal:
importance: Undecided → Wishlist
status: New → Confirmed
Michael Bienia (geser)
Changed in hal:
assignee: nobody → pitti
Revision history for this message
Martin Pitt (pitti) wrote :
Changed in hal:
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package hal - 0.5.11-3~ubuntu10

---------------
hal (0.5.11-3~ubuntu10) intrepid; urgency=low

  [ Martin Pitt ]
  * debian/hal.init: Remove the FDI cache before startup. dpkg preserves
    original timestamps of unpacked fdi files in packages, so changes in those
    will never get picked up on upgrade, not even after a reboot.
    (LP: #275825)

  [ Michael Bienia ]
  * Add debian/patches/06_smart_card_readers_acl.patch:
    Grant access to the currently logged-in user on some SCM smart-card
    readers (LP: #57755). This should improve the out-of-box support for
    OpenGPG card users.

 -- Martin Pitt <email address hidden> Thu, 02 Oct 2008 17:16:53 +0200

Changed in hal:
status: Fix Committed → Fix Released
Revision history for this message
Michael Bienia (geser) wrote :

As hal is going away gnupg (and gnupg2) will ship udev rules to get the ACL for the device set.

Changed in gnupg (Ubuntu):
assignee: Kyle McMartin (kyle) → Michael Bienia (geser)
status: Invalid → Confirmed
Changed in gnupg2 (Ubuntu):
assignee: nobody → Michael Bienia (geser)
importance: Undecided → Wishlist
status: New → Confirmed
Revision history for this message
Michael Bienia (geser) wrote :
Revision history for this message
Michael Bienia (geser) wrote :
Revision history for this message
Michael Bienia (geser) wrote :

The necessary change to 70-acl.rules was already committed upstream by pitti.

Michael Bienia (geser)
Changed in gnupg2 (Ubuntu):
assignee: Michael Bienia (geser) → nobody
Changed in gnupg (Ubuntu):
assignee: Michael Bienia (geser) → nobody
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnupg - 1.4.9-4ubuntu5

---------------
gnupg (1.4.9-4ubuntu5) karmic; urgency=low

  * debian/gnupg.udev:
    Add udev rules to set ACLs on SCM smartcard readers. They replace the hal
    rules for the same purpose. (LP: #57755)
  * debian/rules:
    Call dh_installudev.

 -- Michael Bienia <email address hidden> Fri, 03 Jul 2009 15:38:40 +0200

Changed in gnupg (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gnupg2 - 2.0.11-1ubuntu1

---------------
gnupg2 (2.0.11-1ubuntu1) karmic; urgency=low

  * debian/gnupg2.udev:
    Add udev rules to set ACLs on SCM smartcard readers. They replace the hal
    rules for the same purpose. (LP: #57755)
  * debian/rules:
    Call dh_installudev.

 -- Michael Bienia <email address hidden> Fri, 03 Jul 2009 15:35:47 +0200

Changed in gnupg2 (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.