Description of problem: I have tried to setup the flatpak version of AusweisApp in Mageia 9. AusweisApp is an app which is used for authentication purposes with a German ID card. It needs access to a compatible USB smartcard reader. I use the "Reiner SCT cyberJack RFID basis" which is supported both by AusweisApp and Mageia (via pcsc daemon and ccid driver). However, every time I try to access the smartcard reader with the flatpak version of AusweisApp, it recognizes the smartcard reader but fails to load the driver. The smartcard reader itself works because I can access it with the pcsc_scan tool. Furthermore, the whole setup works without problems in Manjaro Linux and Fedora 38 on the same computer. When I had a closer look at the spec file of pcsc-lite-1.9.9-1.mga9.src.rpm I realized that Mageia uses a patched version of pcsc. The patch increases the number of accessible smartcard readers from 16 to 48 but according to https://ludovicrousseau.blogspot.com/2022/02/fedora-flatpak-and-pcsc-lite.html it breaks accessibility of smartcard readers for flatpak apps (actually, Fedora dropped the patch in recent versions of their pcsc rpms). Therefore, I have rebuilt the Mageia pcsc packages without the patch and reinstalled them. Unfortunately, the smartcard reader still cannot be accessed by the flatpak app. It seems, that there is also something broken on the flatpak side, but here I am running out of ideas... To rule out that this is an AusweisApp-specific issue I did two additional things: First, I rebuilt the opensuse AusweisApp rpm for Mageia 9 and installed it. This version works without problems and accesses the smartcard reader as expected in Mageia 9. Second, I made a flatpak version of pcsc_scan following the instructions given at https://ludovicrousseau.blogspot.com/2022/02/accessing-smart-cards-from-inside.html. When I try to access the smartcard reader with the flatpak version of pcsc_scan it fails with the error message "SCardEstablishContext: Service not available" in Mageia 9. In Manjaro Linux the flatpak version of pcsc_scan accesses the smartcard reader without problems. Version-Release number of selected component (if applicable): flatpak-1.14.4-1.mga9, pcsc-lite-1.9.9-1.mga9 How reproducible: Every time I try to access a smartcard reader from within a flatpak sandbox Steps to Reproduce: 1. Install AusweisApp from flathub 2. Try to establish a connection to a supported USB smartcard reader 3. AusweisApp detects the smartcard reader but fails to load the driver
Source RPM: flatpak-1.14.4-1.mga9.src.rpm, pcsc-lite-1.9.9-1.mga9.src.rpm => pcsc-lite-1.9.9-1.mga9.src.rpm
Created attachment 14366 [details] Modified spec file for pcsc-lite
I think I have found a solution: I compared once again the Mageia pcsc-lite spec file with the Fedora version. The two main differences are: Mageia still uses the pcsc-lite-1.9.1-maxreaders.patch (see my previous comment) and the Mageia spec file contains an additional configure option in the build section: --enable-ipcdir=/run. I have rebuilt the Mageia psc-lite packages without the patch *and* without the additonal configure option and reinstalled them. Now, flatpak-apps can access my smartcard reader without problems!. Additionally, the modified packages do not break "direct" access of the smartcard reader (e.g. with pcsc_scan provided by Mageia).
Thank you Martin for not just the original report, but your detailed and extensive research into it - comparing with other distros, rebuilding things, and apparently sorting the problem. Please confirm that the modified spec file comment 1 incorporates the correction described in comment 2: I imagine so; packagers will check. Become a packager? You are clearly adept: https://wiki.mageia.org/en/Becoming_a_Mageia_Packager Assigning globally as the previous maintainer has retired.
Assignee: bugsquad => pkg-bugsStatus comment: (none) => FIX PROVIDED comments 1,2Summary: Broken pcsc socket when using flatpak apps -> no access to USB smartcard reader from within a flatpak sandbox => Broken pcsc socket when using flatpak apps -> no access to USB smartcard reader from within a flatpak sandbox. FIX PROVIDED
Yes, the uploaded spec file contains the necessary changes. These are the following ones (line numbers refer to the original spec file): l015: patch deleted l104: autosetup -p1 chaged to setup -q l109: option --enable-ipcdir=/run deleted
Suggested advisory: ======================== The updated packages fix access to USB smartcard reader from within a flatpak sandbox. References: https://ludovicrousseau.blogspot.com/2022/02/fedora-flatpak-and-pcsc-lite.html https://ludovicrousseau.blogspot.com/2022/02/accessing-smart-cards-from-inside.html ======================== Updated packages in core/updates_testing: ======================== lib(64)pcsclite1-1.9.9-1.1.mga9 lib(64)pcsclite-devel-1.9.9-1.1.mga9 lib(64)pcscspy0-1.9.9-1.1.mga9 pcsc-lite-1.9.9-1.1.mga9 pcsc-lite-doc-1.9.9-1.1.mga9 pcsc-spy-1.9.9-1.1.mga9 from SRPM: pcsc-lite-1.9.9-1.1.mga9.src.rpm
Assignee: pkg-bugs => qa-bugsStatus: NEW => ASSIGNEDCC: (none) => nicolas.salgueroStatus comment: FIX PROVIDED comments 1,2 => (none)
I have installed the upadated pcsc packages from core/updates_testing. They work for me :-)
I have installed the updated pcsc packages from core/updates_testing. They work for me :-)
URL: (none) => https://ludovicrousseau.blogspot.com/2022/02/fedora-flatpak-and-pcsc-lite.html https://ludovicrousseau.blogspot.com/2022/02/accessing-smart-cards-from-inside.htmlCC: (none) => marja11
Keywords: (none) => advisory
Whiteboard: (none) => MGA9-64-OKKeywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGAA-2024-0055.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED