MacGPG2: scdaemon PC/SC OPEN failed: sharing violation (0x8010000b) - Part 2

jcross's Avatar

jcross

04 May, 2017 03:25 PM

Per https://gpgtools.tenderapp.com/discussions/problems/50028-macgpg2-s...
It was suggested to @mouse008 that the "" issue might be looked into after Sierra was working.
It seems that this is now the case, so it would be great if someone could look into this.
Thanks!

  1. Support Staff 1 Posted by Steve on 21 Jun, 2017 12:14 PM

    Steve's Avatar

    Hey Jonathan,

    could you test the latest nightly from here: https://releases.gpgtools.org/nightlies/ and let me know if that changes anything regarding the usage of S/MIME and OpenPGP with your smartcard?

    The nightly now comes with gpg 2.1 so we'd be curious to learn if that has changed anything for the better or worse.

    Kind regards,
    steve

  2. Support Staff 2 Posted by Steve on 10 Jul, 2017 01:25 PM

    Steve's Avatar

    Hi Jonathan,

    unfortunately unless gnupg enables SHARED mode, you'll be continuing to run into issues.
    Following are some workarounds proposed by usb key vendor nitrokey:
    https://www.nitrokey.com/documentation/frequently-asked-questions#o...

    Unless tokend is moved, macOS will try to restart it, which probably causes the latest issue you're seeing.

    Apparently they were quite successful patching gnupg itself, and according to them the single line change we've seen in one of my previous posts (git commit link) suffices.
    https://www.nitrokey.com/documentation/frequently-asked-questions#h...

    We've filed a ticket with gnupg and hope this will be adressed and this now lives in the GnuPG bug tracker as #3267 Should you consider patching gnupg itself, it would be interesting if you could report back your experience with using gnupg in PCSC_SHARED mode

    All the best,
    steve

  3. Support Staff 3 Posted by Steve on 11 Jul, 2017 02:12 PM

    Steve's Avatar

    Hi Jonathan,

    this issue has been fixed. It would be helpful if you could test the fix. Please download our latest nightly GPG Suite. That page also has sig and SHA1 to verify the download. Build 1932n and later have the fix.

    Then add the line "shared-access" to ~/.gnupg/scdaemon.conf

    Looking forward to your feedback.

    Best, steve

    Disclaimer: This is a development version which has not been thoroughly tested yet, so bugs or crashes are to be expected. Thanks for helping us test this fix.

  4. 4 Posted by jcross on 12 Jul, 2017 12:30 AM

    jcross's Avatar

    Thanks Steve! Will try to test soon.

  5. 5 Posted by jcross on 12 Jul, 2017 12:43 AM

    jcross's Avatar

    This new version 2017.1 (1932n) prompted me to generate a new key when I opened GPG Keychain app. I clicked cancel, but it seems this build does not recognize the keys stored on the Yubikey. If I click on "Show secret keys only" it shows nothing.

    gpg -K works as expected and shows me my key:

    ----------------------------
    sec#  4096R/0xC0C076132FFA7695 2016-02-01 [expires: 2020-01-31]
          Key fingerprint = 9386 A2FB 2DA9 D0D3 1FAF  0818 C0C0 7613 2FFA 7695
    uid                            Jonathan Cross <[email blocked]>
    ssb>  2048R/0xD8578DF8EA7CCF1B 2016-02-01
    ssb>  2048R/0x8E1719FE1E8DA9B9 2016-02-01
    ssb>  2048R/0x397428FC5BA60C24 2016-02-01
    
  6. Support Staff 6 Posted by Mento on 12 Jul, 2017 09:47 AM

    Mento's Avatar

    Hi Jonathan,

    i see you have other gpg installations in /opt/local/ (1.4.19 and 2.0.28).
    Please remove them and try it again.
    Be sure to kill any processes from the older versions.

    Regards, Mento

  7. Support Staff 7 Posted by Steve on 12 Jul, 2017 06:22 PM

    Steve's Avatar

    Jonathan opened a new discussion but the behavior is highly likely related so pasting the reply here to keep everything in one place and closing other discussion:

    I am not seeing my secret keys (stored on Yubikey NEO)

    macOS 10.11.6 15G1510
    GPG Suite 2017.1 1932n (87683d7)
    GPGMail 2.6.3 1221n (67dda62)
    GPG Keychain 1.3.3 1355n (d51c342)
    GPGServices 1.11 952n (3f09119)
    MacGPG2 2.1.21 20n (d6cb803)
    GPGPreferences 2.0.2 967n (6552234)
    Libmacgpg 0.8 809n (ca1f62c)
    pinentry 0.9.7 21n (6aeb033)

    Debug Log


  8. 8 Posted by jcross on 13 Jul, 2017 12:29 PM

    jcross's Avatar

    Hi Steve, Yes, I have command line versions of gpg and gpg2 in /opt/local/
    Sorry, but it is not clear to me what you mean by "remove them" as I need these (GUI has only limited functionality).

  9. Support Staff 9 Posted by Steve on 13 Jul, 2017 12:40 PM

    Steve's Avatar

    Hi Jonathan,

    when referring to UI you talk about GPG Keychain? GPG Keychain and MacGPG are separate components. You seems to be running gpg 1.4.x, 2.0.x and 2.1.x at the same time. So Mento was suggesting to remove 1.4.x and 2.0.x. That would leave 2.1.x which is used by the UI components of GPG Suite but can be used via CLI just as well.

    All the best,
    steve

  10. 10 Posted by jcross on 13 Jul, 2017 01:26 PM

    jcross's Avatar

    Okay, thanks Mento & Steve. :-)

    UI you talk about GPG Keychain?

    Yes.

    I removed the old versions and had to regenerate key stubs with gpg --card-status.
    I now see private key in GPG Keychain and so far, no sharing violation!
    Will keep testing.

  11. 11 Posted by jcross on 16 Jul, 2017 12:16 PM

    jcross's Avatar

    Although I have not seen the sharing violation, I am now having other issues.

    1. After canceling decryption in Mail, plugin seems to give up on future attempts to decrypt messages (this was happening before). My usual workaround is to close Mail.app and reopen, but now it fails to open each time:

      Mail quit unexpectedly while using the Libmacgpg plug-in. Click Reopen to open the application again. Click Report to see more detailed information and send a report to Apple.

    2. Cannot connect to keyservers. GPG Keychain.app and /usr/local/MacGPG2/bin/gpg both fail no matter which keyserver I choose.

      gpg --search-keys D98F0353
      gpg: error searching keyserver: No route to host
      gpg: keyserver search failed: No route to host
      
  12. 12 Posted by jcross on 16 Jul, 2017 05:05 PM

    jcross's Avatar

    Okay, I solved the key search issue (#2). Seems there were still old versions of related gpg software in /opt/local/bin/: (gpg-agent gpg-connect-agent gpg-error gpg-error-config gpg-zip gpgconf gpgkey2ssh gpgparsemail gpgsm gpgsm-gencert.sh gpgsplit gpgv) and / or needed to kill dirmngr.

  13. Support Staff 13 Posted by Steve on 17 Jul, 2017 09:14 AM

    Steve's Avatar

    Jonathan, thanks for the updates and testing.

    Does your last reply mean, that issues #1 you mention in comment 11 does no longer happen or does that issue persist for you?

    If it does, please attach the crash log as .txt file to this discussion.

    All the best,
    steve

  14. Support Staff 14 Posted by Steve on 18 Aug, 2017 12:50 PM

    Steve's Avatar

    Closing, since no further user feedback was received. Should your problem persist, feel free to re-open this discussion any time.

    All the best, steve

  15. Steve closed this discussion on 18 Aug, 2017 12:50 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac