GuixSD: No such device

Nitrokeys
1

I’m trying to use a Nitrokey Start on GuixSD (an OS derived from NixOS) to no avail: GnuPG cannot find the card.

> gpg --card-status
gpg: selecting openpgp failed: No such device
gpg: OpenPGP card not available: No such device

There has been a discussion about it on Guix’ mailing list:
https://lists.gnu.org/archive/html/help-guix/2018-05/msg00159.html

In short, the issue is (probably) about installing the udev rules properly:
https://www.nitrokey.com/sites/default/files/41-nitrokey.rules

On Guix, the “plugdev” group does not exist and eudev is used instead of udev.
Thus the suggestion was to use the following rule instead:

(define %nitrokey-udev-rule
  (udev-rule
   "41-nitrokey.rules"
   (string-append "ACTION==\"add\", SUBSYSTEM==\"usb\", "
                  "ATTR{idVendor}==\"20a0\", ATTR{idProduct}==\"4211\", "
                  "ENV{ID_SMARTCARD_READER}=\"1\", ENV{ID_SMARTCARD_READER_DRIVER}=\"gnupg\", GROUP+=\"users\", MODE=\"0666\"")))

(Note that since I only have a Nitrokey Start, I haven’t included the other rules in my setup.)

The above rule does not seem to have any effect.

Any clue?

2

Hi @Ambrevar!

What gpg version do you use? I remember its scdaemon has own set of udev rules, where we should be included as well (I do not remember though, from which package version it has started).

I believe the cause lies somewhere else. I will get back to you if I would get an idea.
Have you run the GNUK-related scripts to communicate with the device? What dmesg say when device is being connected by the OS?

3

The answer eventually came up on the aforementioned e-mail thread.
pcsc is not available as a service yet and the driver path is not correctly set for now.

So installing pcsc + ccid followed by

sudo ln -s ~/.guix-profile/pcsc /var/lib/pcsc
sudo pcscd -f

did the trick. gpg --card-status shows the Nitrokey!

I’ll see if I can create a service upstream to fix this issue properly on GuixSD.

Problem solved!

2 Likes