Has anyone else been successful when using a USB security key that holds GPG keys (Yubikey, Nitrokey, etc) with Bluefin? I tried both with a Yubikey and a Nitrokey and in both cases I can see the devices are detected in the system logs, and when I installed the Nitrokey app it could see its key, however GPG itself doesn’t seem to be able to see the smartcard:
❯ gpg --card-status
gpg: WARNING: server 'gpg-agent' is older than us (2.2.27 < 2.4.3)
gpg: Note: Outdated servers may lack important security fixes.
gpg: Note: Use the command "gpgconf --kill all" to restart them.
gpg: WARNING: server 'scdaemon' is older than us (2.2.27 < 2.4.3)
gpg: Note: Outdated servers may lack important security fixes.
gpg: Note: Use the command "gpgconf --kill all" to restart them.
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
~
It looks like the components like scdaemon are there, but regardless of which key I try, it seems like GPG isn’t able to detect them.
While I’m a long-time Linux user, I am still relatively new to immutable OSes, so I’m a bit unclear on the “proper” way to remove opensc in this case. Would I need to create a fork of the base image?
I am not using bluefin (yet at least) but Universal Blue base image and its template. If you need to tweak only one package then forking seems overkill to me. You could rpm-ostree uninstall opensc, then reboot and see how that works for you.
I am sure Bluefin users might give you better advice.
I don’t know if it was due to a restart or a change from an auto-update but this morning when I tested it out, it’s working. I did notice I wasn’t able to uninstall opensc:
❯ sudo rpm-ostree uninstall opensc
error: Package/capability 'opensc' is not currently requested