Open wrl opened 1 year ago
I'm very sorry about the repeated posts. Github returned a 500 when I tried to post it, and I just continued refreshing.
This is phenomenally embarrassing.
No worries… seems like an idempotence bug on GitHub’s side
Maintainer of apple-codesign here.
I guess my biggest question is what are the requirements/restrictions around concurrent access? It certainly looks like concurrent processes using this crate race to perform an operation against a YubiKey.
Is locking something that this crate aims to abstract away? If so, did I hit a bug or am I using the library incorrectly?
Or is locking something that needs to happen outside this crate? If so, are there any APIs this crate could provide to make lock acquisition simpler? e.g. are there sufficient APIs to test whether a smartcard device is in use or available? (I'm thinking about wanting to present some info to users if contention issues arise.)
This seems like a problem with the pcsc
crate. The pcsc::Card
type has unsafe impls of Send
and Sync
:
https://docs.rs/pcsc/2.7.0/src/pcsc/lib.rs.html#1639
We could potentially throw a mutex around it in the yubikey
crate as a band aid, but that’s about the best we can offer short of an upstream fix.
As a note, my use-case isn't concurrent uses inside the same process, but concurrent uses in separate processes, triggered by separate CI jobs. While it could be feasible to limit concurrent codesign CI jobs, I'm not seeing this PCSC error behaviour with osslsigncode
and a separate (non-Yubikey) token which is nonetheless also accessed through a (different) pcscd
process.
Perhaps it's doing some kind of locking I'm not familiar with?
Can you run some kind of tracing on it to investigate? (e.g. ktrace/dtrace)
I'm wondering whether this is some sort of shared/exclusive mode thing. Just received my spare Yubikey in the mail and I'm going to drill down and find out where this error is coming from, because right now it's unclear.
This is a bug occurring in https://github.com/indygreg/apple-platform-rs, a downstream which (optionally) uses the
yubikey-rs
crate. It's unclear to me whether this is anapple-codesign
(downstream) bug, one inyubikey-rs
, or even one inpcsc-rust
.I've copied and pasted the text from from https://github.com/indygreg/apple-platform-rs/issues/49 below: