From 6c5ab3d3885024bc7a8feb724b721d4b481f13a9 Mon Sep 17 00:00:00 2001
From: David Runge <dvzrv@archlinux.org>
Date: Tue, 29 Aug 2023 20:09:46 +0200
Subject: Use pcsclite for communicating with OpenPGP smartcards

As opgpcard uses pcsclite and gnupg is able to use it as well, switch
away from using gnupg's internal ccid driver.
---
 CHANGELOG.rst                                                         | 1 +
 .../airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket     | 1 +
 configs/releng/airootfs/root/.gnupg/scdaemon.conf                     | 4 ++++
 configs/releng/profiledef.sh                                          | 1 +
 4 files changed, 7 insertions(+)
 create mode 120000 configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket
 create mode 100644 configs/releng/airootfs/root/.gnupg/scdaemon.conf

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index d941d1a..0cf973a 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -19,6 +19,7 @@ Changed
   the file system size.
 - Enable systemd-networkd's support for IPv6 Privacy Extensions globally instead of per-connection.
 - Moved custom ``sshd_config`` files to ``/ssh/sshd_config.d/10-archiso.conf``
+- Use pcsclite for interfacing with smartcards, since both gnupg and opgpcard support it.
 
 Deprecated
 ----------
diff --git a/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket b/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket
new file mode 120000
index 0000000..3897c63
--- /dev/null
+++ b/configs/releng/airootfs/etc/systemd/system/sockets.target.wants/pcscd.socket
@@ -0,0 +1 @@
+/usr/lib/systemd/system/pcscd.socket
\ No newline at end of file
diff --git a/configs/releng/airootfs/root/.gnupg/scdaemon.conf b/configs/releng/airootfs/root/.gnupg/scdaemon.conf
new file mode 100644
index 0000000..e1f3d1f
--- /dev/null
+++ b/configs/releng/airootfs/root/.gnupg/scdaemon.conf
@@ -0,0 +1,4 @@
+disable-ccid
+disable-pinpad
+pcsc-driver /usr/lib/libpcsclite.so
+pcsc-shared
diff --git a/configs/releng/profiledef.sh b/configs/releng/profiledef.sh
index 4154816..5cba1b5 100644
--- a/configs/releng/profiledef.sh
+++ b/configs/releng/profiledef.sh
@@ -19,6 +19,7 @@ file_permissions=(
   ["/etc/shadow"]="0:0:400"
   ["/root"]="0:0:750"
   ["/root/.automated_script.sh"]="0:0:755"
+  ["/root/.gnupg"]="0:0:700"
   ["/usr/local/bin/choose-mirror"]="0:0:755"
   ["/usr/local/bin/Installation_guide"]="0:0:755"
   ["/usr/local/bin/livecd-sound"]="0:0:755"
-- 
cgit v1.2.3-54-g00ecf