(Fix) `Please enter the password for the PKCS#11 token PIV_II` RPM

If you’re using a yubikey or similar, and run into the above message in Firefox (or Thunderbird, apparently), here’s the source for an RPM that will fix it for you.

Also, this shows how you can override configs in /usr.

Name:           fffix
Version:        0.0.1
Release:        1%{?dist}
Summary:        Fixes Firefox

License:        BSD
URL:            None

Requires:       opensc






echo "disable-in: firefox thunderbird" > %{_prefix}/share/p11-kit/modules/opensc.module

* Sat Mar 26 2022 Jonathan Dickinson
  1. toolbox create && toolbox enter
  2. sudo dnf install -y rpmdevtools
  3. rpmdev-setuptree
  4. cd ~/rpmbuild/SPECS
  5. (create a new file called fffix.spec and paste the above into it)
  6. rpmbuild -bb fffix.spec
  7. sudo rpm-ostree install ~/rpmbuild/RPMS/fffix-*.rpm
  8. Reboot

Thanks, @jcdickinson . Do you know what the token PIV_II password it’s looking for is? Using the YubiKey Manager nomenclature, is it looking for the PIN for the PIV application (or the PIV Management Key), or is it looking for the FIDO2 application PIN?

Thanks for the insight.

Why is a reboot needed?

Because the new commit isn’t active until reboot.