MacGPG2: scdaemon PC/SC OPEN failed: sharing violation (0x8010000b) - Part 2
Per https://gpgtools.tenderapp.com/discussions/problems/50028-macgpg2-s...
It was suggested to @mouse008 that the "" issue might be looked into after Sierra was working.
It seems that this is now the case, so it would be great if someone could look into this.
Thanks!
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Steve on 21 Jun, 2017 12:14 PM
Hey Jonathan,
could you test the latest nightly from here: https://releases.gpgtools.org/nightlies/ and let me know if that changes anything regarding the usage of S/MIME and OpenPGP with your smartcard?
The nightly now comes with gpg 2.1 so we'd be curious to learn if that has changed anything for the better or worse.
Kind regards,
steve
Support Staff 2 Posted by Steve on 10 Jul, 2017 01:25 PM
Hi Jonathan,
unfortunately unless gnupg enables SHARED mode, you'll be continuing to run into issues.
Following are some workarounds proposed by usb key vendor nitrokey:
https://www.nitrokey.com/documentation/frequently-asked-questions#o...
Unless tokend is moved, macOS will try to restart it, which probably causes the latest issue you're seeing.
Apparently they were quite successful patching gnupg itself, and according to them the single line change we've seen in one of my previous posts (git commit link) suffices.
https://www.nitrokey.com/documentation/frequently-asked-questions#h...
We've filed a ticket with gnupg and hope this will be adressed and this now lives in the GnuPG bug tracker as #3267 Should you consider patching gnupg itself, it would be interesting if you could report back your experience with using gnupg in PCSC_SHARED mode
All the best,
steve
Support Staff 3 Posted by Steve on 11 Jul, 2017 02:12 PM
Hi Jonathan,
this issue has been fixed. It would be helpful if you could test the fix. Please download our latest nightly GPG Suite. That page also has sig and SHA1 to verify the download. Build 1932n and later have the fix.
Then add the line "shared-access" to ~/.gnupg/scdaemon.conf
Looking forward to your feedback.
Best, steve
Disclaimer: This is a development version which has not been thoroughly tested yet, so bugs or crashes are to be expected. Thanks for helping us test this fix.
4 Posted by jcross on 12 Jul, 2017 12:30 AM
Thanks Steve! Will try to test soon.
5 Posted by jcross on 12 Jul, 2017 12:43 AM
This new version 2017.1 (1932n) prompted me to generate a new key when I opened GPG Keychain app. I clicked cancel, but it seems this build does not recognize the keys stored on the Yubikey. If I click on "Show secret keys only" it shows nothing.
gpg -K
works as expected and shows me my key:Support Staff 6 Posted by Mento on 12 Jul, 2017 09:47 AM
Hi Jonathan,
i see you have other gpg installations in /opt/local/ (1.4.19 and 2.0.28).
Please remove them and try it again.
Be sure to kill any processes from the older versions.
Regards, Mento
Support Staff 7 Posted by Steve on 12 Jul, 2017 06:22 PM
Jonathan opened a new discussion but the behavior is highly likely related so pasting the reply here to keep everything in one place and closing other discussion:
I am not seeing my secret keys (stored on Yubikey NEO)
macOS 10.11.6 15G1510
GPG Suite 2017.1 1932n (87683d7)
GPGMail 2.6.3 1221n (67dda62)
GPG Keychain 1.3.3 1355n (d51c342)
GPGServices 1.11 952n (3f09119)
MacGPG2 2.1.21 20n (d6cb803)
GPGPreferences 2.0.2 967n (6552234)
Libmacgpg 0.8 809n (ca1f62c)
pinentry 0.9.7 21n (6aeb033)
Debug Log
8 Posted by jcross on 13 Jul, 2017 12:29 PM
Hi Steve, Yes, I have command line versions of gpg and gpg2 in /opt/local/
Sorry, but it is not clear to me what you mean by "remove them" as I need these (GUI has only limited functionality).
Support Staff 9 Posted by Steve on 13 Jul, 2017 12:40 PM
Hi Jonathan,
when referring to UI you talk about GPG Keychain? GPG Keychain and MacGPG are separate components. You seems to be running gpg 1.4.x, 2.0.x and 2.1.x at the same time. So Mento was suggesting to remove 1.4.x and 2.0.x. That would leave 2.1.x which is used by the UI components of GPG Suite but can be used via CLI just as well.
All the best,
steve
10 Posted by jcross on 13 Jul, 2017 01:26 PM
Okay, thanks Mento & Steve. :-)
Yes.
I removed the old versions and had to regenerate key stubs with
gpg --card-status
.I now see private key in GPG Keychain and so far, no sharing violation!
Will keep testing.
11 Posted by jcross on 16 Jul, 2017 12:16 PM
Although I have not seen the sharing violation, I am now having other issues.
After canceling decryption in Mail, plugin seems to give up on future attempts to decrypt messages (this was happening before). My usual workaround is to close Mail.app and reopen, but now it fails to open each time:
Cannot connect to keyservers. GPG Keychain.app and
/usr/local/MacGPG2/bin/gpg
both fail no matter which keyserver I choose.12 Posted by jcross on 16 Jul, 2017 05:05 PM
Okay, I solved the key search issue (#2). Seems there were still old versions of related gpg software in
/opt/local/bin/
: (gpg-agent
gpg-connect-agent
gpg-error
gpg-error-config
gpg-zip
gpgconf
gpgkey2ssh
gpgparsemail
gpgsm
gpgsm-gencert.sh
gpgsplit
gpgv
) and / or needed to killdirmngr
.Support Staff 13 Posted by Steve on 17 Jul, 2017 09:14 AM
Jonathan, thanks for the updates and testing.
Does your last reply mean, that issues #1 you mention in comment 11 does no longer happen or does that issue persist for you?
If it does, please attach the crash log as .txt file to this discussion.
All the best,
steve
Support Staff 14 Posted by Steve on 18 Aug, 2017 12:50 PM
Closing, since no further user feedback was received. Should your problem persist, feel free to re-open this discussion any time.
All the best, steve
Steve closed this discussion on 18 Aug, 2017 12:50 PM.