Package: gpg-agent Version: 2.2.17-3~bpo10+2 Severity: normal Since I upgraded this package from buster (2.12) to buster-backports (2.17), things started going weird with my Yubikey. (At least I think that's the trigger.)
When I login in the morning, my Yubikey setup fails to let me connect to remove SSH servers: $ ssh example.com sign_and_send_pubkey: signing failed: agent refused operation anar...@example.com: Permission denied (publickey). I see this in my session logs: aoû 08 09:51:37 curie gpg-agent[3298]: scdaemon[3302] ccid open error: skip aoû 08 09:51:37 curie gpg-agent[3298]: scdaemon[3302] ccid open error: skip aoû 08 09:51:37 curie gpg-agent[3298]: scdaemon[3302] ccid open error: skip aoû 08 09:51:37 curie gpg-agent[3298]: DBG: detected card with S/N D2760001240102000006036471890000 aoû 08 09:51:37 curie gpg-agent[3298]: [103B blob data] aoû 08 09:51:37 curie gpg-agent[3298]: scdaemon[3302] le rappel du code personnel a renvoyé une erreur : L'appel IPC a été annulé aoû 08 09:51:37 curie gpg-agent[3298]: scdaemon[3302] app_auth failed: L'appel IPC a été annulé aoû 08 09:51:37 curie gpg-agent[3298]: smartcard signing failed: Ioctl() inapproprié pour un périphérique aoû 08 09:51:37 curie gpg-agent[3298]: ssh sign request failed: Ioctl() inapproprié pour un périphérique <Pinentry> Sorry for my french, but this basically says: * the personal code reminder returned an error: the IPC call failed * app_auth failed: the IPC call was canceled I have no idea what's going on, to be honest. The Yubikey in itself works fine: I can login on websites with Firefox with U2F, and `gpg --card-status` and `--card-edit` look normal. The workaround I have found is to restart gpg-agent, but it takes a *long* time so it's pretty annoying: $ time systemctl --user restart gpg-agent 0.00user 0.00system 1:30.09elapsed 0%CPU (0avgtext+0avgdata 3864maxresident)k 0inputs+0outputs (0major+206minor)pagefaults 0swaps But that's a separate problem I guess. Once gpg-agent is restarted, the Yubikey works fine again. And that is, even if it's unplugged and plugged back in again. I first thought this could have been a bad interaction with USBguard but I feel that the fact it still works after restart and reconnection rules out that problem. -- System Information: Debian Release: 10.0 APT prefers stable APT policy: (500, 'stable'), (1, 'experimental'), (1, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages gpg-agent depends on: ii gpgconf 2.2.17-3~bpo10+2 ii init-system-helpers 1.56+nmu1 ii libassuan0 2.5.2-1 ii libc6 2.28-10 ii libgcrypt20 1.8.4-5 ii libgpg-error0 1.35-1 ii libnpth0 1.6-1 ii pinentry-curses [pinentry] 1.1.0-2 ii pinentry-gnome3 [pinentry] 1.1.0-2 ii pinentry-gtk2 [pinentry] 1.1.0-2 ii pinentry-qt [pinentry] 1.1.0-2 Versions of packages gpg-agent recommends: ii gnupg 2.2.17-3~bpo10+2 Versions of packages gpg-agent suggests: ii dbus-user-session 1.12.16-1 ii libpam-systemd 241-5 ii pinentry-gnome3 1.1.0-2 ii scdaemon 2.2.17-3~bpo10+2 -- debconf-show failed
