Pinentry fails to access smartcards in Flatpak #24
Comments
konstantintutsch
added
bug
|
Please post the output of this command:
… and try running Lock with these parameters (with Flatpak permissions reset to default):
|
konstantintutsch
changed the title
|
In all cases I performed two actions: encryption of the text and its decryption. Adding
Log
Log
Log |
|
All those logs look fine. I am also certain that this has nothing to do with Flatpak permissions (Kleopatra does not have any deviating permissions). It might be an error with using the system pinentry. I have included it in the Flatpak directly now. Could you please test if that has fixed the problem? com.konstantintutsch.Lock.Devel.flatpak.zip |
|
There are no changes, unfortunately. flatpak run --verbose --log-session-bus com.konstantintutsch.Lock.Devel |
|
I also tried with |
|
Can you permanently add those permissions to Lock (e. g. via Flatseal), then reboot your system and try again? |
|
To the Dev version? |
|
To the release version. Please also only grant the smartcard socket permission. |
|
I tried to do it from the beginning, but it didn't reboot. This time I rebooted, but unfortunately nothing helped. |
|
Can you try to enable these two options for Lock in Flatseal, then reboot and try again?
|
|
Nothing has changed. I also tried to remove these lines from the config that fixes the PIN entry dialog #23 (comment). The dialog appears, but still requires inserting a smart card. |
|
To clarify, I'm using 1.2.0 |
|
Could you please also try to allow access to all devices? ( I'm wondering if the smart card reader is not being recognized. |
|
Same here. Changed via Flatseal. |
|
What's the output of this command after trying to use smart cards with Lock? (with smart card socket permissions still granted) |
|
No messages during decryption, only immediately after start: |
|
Okay, can you try to run |
|
I get card info in both cases (also with default permissions). But in sandbox case I get this warning before the card info: but there is one thing: this only works if I run |
|
After this procedure, I tried to decrypt the text, since I decided that the app now sees the card. |
Related to #32. |
Yes, probably. @proninyaroslav Can you test if removing |
Now running |
|
How about without adding And, as always, don't forget to reboot after changing permissions ;) |
|
No dialog again, and the new error: UPD: same for a files: |
What happens when you (without changing any permissions) run these operations in this build: |
|
The dialog appears, but still requires inserting the card. There was no reboot. |
|
Okay, just wanted to check if removing the agent socket broke something. That's not the case. Another solution could be adding |
To the dev version, right? |
Yes 😀 |
It hangs in progress for a while and prints another error: UPD: if I run |
|
On the latest version (1.2.2), running |
|
What happens when you enable and start the GPG Agent's socket via SystemD for your user? Got this from https://blog.grdryn.me/blog/flatpak-emacs-with-gpg-agent.html via the Flathub Matrix channel You can undo this change later like so: |
|
There are changes, but I needed to install Lock in user space. Now there is no need to call |
|
Does adding |
|
No effect. I see the key blinking, but the error is still the same. |
|
In version 1.3.0 with |
|
I tried to build and run the binary without using Flatpak and everything works as it should. Maybe this is not very important information, but I decided to report it. |
It's pretty useful for being absolutely sure that the problem is indeed related to Flatpak. Thank you! However I do not have any clue how to further debug this or where the problem could specifically stem from. |
|
I managed to solve it 🎉 ! I found a solution in the VSCodium thread: flathub/com.vscodium.codium#105 (comment). The key is customization of the My steps:
Note: you can use
I tried to remove any of these steps (install Lock as a system app, don't add |
Seems to be the most compact way to pass modified environment variables to the pinentry program. This workaround should be sufficient until the issue is fixed upstream. |
|
@konstantintutsch |
konstantintutsch
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug …
Fedora 41, GNOME.
I have GPG key for encryption and to use GNOME PIN entry dialog for decryption I followed this advice #23 (comment) and added the following parameters to the configuration files:
~/.gnupg/gpg.conf
use-agent~/.gnupg/gpg-agent.conf
pinentry-program /usr/bin/pinentry-gnome3The dialog appears, but it tells me that the card is not found and asks to insert it, although it was inserted. I tried using the
gpgCLI utility,Kleopatra,git, and in all cases the PIN code entry dialog works correctly, it sees the card. I tried enablingsocket=pcscin Flatseal, but it had no effect.Which version of Lock are you using?
1.0.3
Source
Flathub
Relevant log output
The text was updated successfully, but these errors were encountered: