I came up with the following udev rule which, while heavy handed, solves these issues for me: https://gist.github.com/lrvick/d1a5a8e6cf0eefda69d7
On Wed, Dec 2, 2015 at 6:54 PM, NIIBE Yutaka <gni...@fsij.org> wrote: > On 12/02/2015 11:35 PM, the...@otpme.org wrote: > > No problem. I'm glad to help out and probably get a fix for this > annoying issue. :) > > Thanks for your patience. > > >> Anyway, when Scdaemon detects card/token removal, it could finish > >> existing connection(s). I'll consider fixing this. > > > > Sounds good. Should i open a bug report for this? > > Not needed. It's fixed in master. I'm going to backport this to 2.0. > > The commit is: f42c50dbf00c2e6298ca6830cbe6d36805fa54a3 > > > Is there any workaround we can apply to fix this issue? Currently i > > am using a self compiled ssh client binary of openssh 6.7p1 as > > workaround. > > Well, I found another bug with PC/SC. Because of this bug, it is > sometimes (not always) possible for gpg not to raise the error of > "Conflicting usage". So, it would be a workaround to disable internal > ccid driver of GnuPG and to use PC/SC. (I don't recommend, though.) > > Here is a backport patch which I'm considering to apply to 2.0. > > Thank you again for your cooperation fixing this long standing bug. > > ========================= > diff --git a/scd/apdu.c b/scd/apdu.c > index f9a1a2d..acca799 100644 > --- a/scd/apdu.c > +++ b/scd/apdu.c > @@ -3136,7 +3136,13 @@ apdu_close_reader (int slot) > return SW_HOST_NO_DRIVER; > sw = apdu_disconnect (slot); > if (sw) > - return sw; > + { > + /* > + * When the reader/token was removed it might come here. > + * It should go through to call CLOSE_READER even if we got an > error. > + */ > + log_debug ("apdu_close_reader => 0x%x (apdu_disconnect)\n", sw); > + } > if (reader_table[slot].close_reader) > return reader_table[slot].close_reader (slot); > return SW_HOST_NOT_SUPPORTED; > diff --git a/scd/app-common.h b/scd/app-common.h > index e48db3c..ac2c2e9 100644 > --- a/scd/app-common.h > +++ b/scd/app-common.h > @@ -44,11 +44,6 @@ struct app_ctx_s { > operations the particular function pointer is set to NULL */ > unsigned int ref_count; > > - /* Flag indicating that a reset has been done for that application > - and that this context is merely lingering and just should not be > - reused. */ > - int no_reuse; > - > /* Used reader slot. */ > int slot; > > diff --git a/scd/app.c b/scd/app.c > index 742f937..380a347 100644 > --- a/scd/app.c > +++ b/scd/app.c > @@ -190,9 +190,12 @@ application_notify_card_reset (int slot) > /* FIXME: We are ignoring any error value here. */ > lock_reader (slot, NULL); > > - /* Mark application as non-reusable. */ > + /* Release the APP, as it's not reusable any more. */ > if (lock_table[slot].app) > - lock_table[slot].app->no_reuse = 1; > + { > + deallocate_app (lock_table[slot].app); > + lock_table[slot].app = NULL; > + } > > /* Deallocate a saved application for that slot, so that we won't > try to reuse it. If there is no saved application, set a flag so > @@ -265,16 +268,6 @@ select_application (ctrl_t ctrl, int slot, const char > *name, app_t *r_app) > return gpg_error (GPG_ERR_CONFLICT); > } > > - /* Don't use a non-reusable marked application. */ > - if (app && app->no_reuse) > - { > - unlock_reader (slot); > - log_info ("lingering application `%s' in use by reader %d" > - " - can't switch\n", > - app->apptype? app->apptype:"?", slot); > - return gpg_error (GPG_ERR_CONFLICT); > - } > - > /* If we don't have an app, check whether we have a saved > application for that slot. This is useful so that a card does > not get reset even if only one session is using the card - this > @@ -506,15 +499,7 @@ release_application (app_t app) > > if (lock_table[slot].last_app) > deallocate_app (lock_table[slot].last_app); > - if (app->no_reuse) > - { > - /* If we shall not re-use the application we can't save it for > - later use. */ > - deallocate_app (app); > - lock_table[slot].last_app = NULL; > - } > - else > - lock_table[slot].last_app = lock_table[slot].app; > + lock_table[slot].last_app = lock_table[slot].app; > lock_table[slot].app = NULL; > unlock_reader (slot); > } > -- > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > -- Lance R. Vick __________________________________________________ Cell - 407.283.7596 Gtalk - la...@lrvick.net Website - http://lrvick.net PGP Key - http://lrvick.net/0x36C8AAA9.asc keyserver - subkeys.pgp.net __________________________________________________
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users