1706511 – p11-kit-proxy doesn't detect USB card reader after Firefox started

Bug 1706511 - p11-kit-proxy doesn't detect USB card reader after Firefox started

Summary: p11-kit-proxy doesn't detect USB card reader after Firefox started

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	p11-kit
Sub Component:
Version:	30
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Daiki Ueno
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1716437
TreeView+	depends on / blocked

Reported:	2019-05-05 07:04 UTC by James
Modified:	2019-06-03 14:04 UTC (History)
CC List:	7 users (show)
Fixed In Version:	p11-kit-0.23.16.1-1.fc30
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1716437 (view as bug list)
Environment:
Last Closed:	2019-05-25 01:05:21 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	p11-glue p11-kit pull 224	0	'None'	closed	proxy: Refresh slot list on every C_GetSlotList call	2021-01-20 08:46:26 UTC

Description James 2019-05-05 07:04:52 UTC

Description of problem:
p11-kit-proxy in Firefox does not detect a smart card reader if plugged in after Firefox has started.

No problem with the OpenSC PKCS-11 module.

Version-Release number of selected component (if applicable):
p11-kit-0.23.15-3.fc30.x86_64

How reproducible:
Always.

Steps to Reproduce:
1. Launch Firefox.
2. Plug in reader, insert card.
3. Check security devices.

Actual results:
No reader and card found.

Expected results:
Reader and card found.

Comment 1 Jakub Jelen 2019-05-06 08:57:18 UTC

I do not think this is a bug in p11-kit, but I think this is a limitation of the way how the pkcs11 modules are handled in NSS or in Firefox.

Comment 2 James 2019-05-08 22:22:12 UTC

As mentioned, it works with OK with opensc-pkcs11.so. Either way, it's a major inconvenience.

In the meantime, is there a way to permanently disable p11-kit-proxy in Firefox since it obstructs loading opensc-pkcs11.so (but not onepin-opensc-pkcs11.so)?

Comment 3 Jakub Jelen 2019-05-09 07:16:37 UTC

Thank you for the clarification. It was not clear from the initial description. In that case, it is really probably something about handling the token insertion in the p11-kit.

You can unregister opensc from p11-kit by removing/commenting out the file /usr/share/p11-kit/modules/opensc.module as a workaround, but this is something I would really like to look into.

Comment 4 Daiki Ueno 2019-05-14 15:04:23 UTC

I suppose this is: https://github.com/p11-glue/p11-kit/issues/221
Let me try to follow the suggestion there.

Comment 5 Fedora Update System 2019-05-23 13:39:32 UTC

p11-kit-0.23.16.1-1.fc30 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-29385faaa3

Comment 6 Fedora Update System 2019-05-23 18:59:01 UTC

p11-kit-0.23.16.1-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-29385faaa3

Comment 7 Fedora Update System 2019-05-25 01:05:21 UTC

p11-kit-0.23.16.1-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.