gnome-keyring vs. gpg-agent and Enigmail [SOLVED]

Archived topics about LMDE 1 and LMDE 2
Locked
Hansl
Level 3
Level 3
Posts: 122
Joined: Fri Dec 09, 2011 3:50 pm

gnome-keyring vs. gpg-agent and Enigmail [SOLVED]

Post by Hansl »

gnome-keyring is clashing with gpg-agent, this is no news, there had been difficulties, but Thunderbird with Enigmail was usable.
The last update of Enigmail to V 1.9 two days ago now forces the use of gpg2 and this crashes several people's Enigmail.
See over at Enigmail: https://sourceforge.net/p/enigmail/foru ... /b9a12681/ and https://sourceforge.net/p/enigmail/foru ... /f99ae0fa/.  This seems to affect LMDE2 / Debian Jessie with Mate:

It seems impossible to prevent gnome-keyring from hijacking gpg-agent although diverse attempts were made to disable it.
The approaches from https://admin.hostpoint.ch/pipermail/en ... 03674.html do not work (anymore?).
To me, it looks like current gnome-keyring stubbornly starts all its components, sets up all its four sockets and $GPG_AGENT_INFO even though the gpg component is not called for…? Even completely removing all gnome-keyring-gpg.desktop entries does not help.
One machine still using the deprecated mate-keyring does not show these problems.
This effectively blocks mail encryption in our small company.

Any ideas, someone?  Maybe a workaround by unsetting $GPG_AGENT_INFO for the whole Mate environment, how could that be done?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
mockturtl

Re: gnome-keyring vs. gpg-agent and Enigmail

Post by mockturtl »

+1
User avatar
Bolle1961
Level 5
Level 5
Posts: 889
Joined: Tue Jun 29, 2010 12:59 pm

Re: gnome-keyring vs. gpg-agent and Enigmail

Post by Bolle1961 »

I "fixed" it by installing Enigmail 1.8.2 from synaptic, Icedove will then also be installed. Renamed .thunderbird to .icedove and everything works fine again.
LMDE 2 MATE x64
goiken

Re: gnome-keyring vs. gpg-agent and Enigmail

Post by goiken »

I "fixed" it by installing Enigmail 1.8.2 from synaptic
How?

Code: Select all

$ sudo apt-get install enigmail=1.8.2
Reading package lists... Done
Building dependency tree       
Reading state information... Done
E: Version '1.8.2' for 'enigmail' was not found
mockturtl

Re: gnome-keyring vs. gpg-agent and Enigmail

Post by mockturtl »

goiken wrote:How?
The version string is not exactly "1.8.2". Use (say) "2:1.8.2-4~deb8u1".

Code: Select all

$ apt-cache policy enigmail
enigmail:
  Installed: (none)
  Candidate: 2:1.8.2-4~deb8u1
  Version table:
     2:1.8.2-4 99
         50 http://http.debian.net/debian unstable/main amd64 Packages
         99 http://http.debian.net/debian testing/main amd64 Packages
     2:1.8.2-4~deb8u1 500
        500 http://security.debian.org jessie/updates/main amd64 Packages
     2:1.7.2-3 500
        500 http://ftp.us.debian.org/debian jessie/main amd64 Packages
User avatar
Bolle1961
Level 5
Level 5
Posts: 889
Joined: Tue Jun 29, 2010 12:59 pm

Re: gnome-keyring vs. gpg-agent and Enigmail

Post by Bolle1961 »

goiken wrote:
I "fixed" it by installing Enigmail 1.8.2 from synaptic
How?
Like I said, using Synaptic
Hansl
Level 3
Level 3
Posts: 122
Joined: Fri Dec 09, 2011 3:50 pm

Re: gnome-keyring vs. gpg-agent and Enigmail

Post by Hansl »

In LMDE2 with Mate 1.12.01+betsy disabling both gpg and ssh via

Code: Select all

dpkg-divert --local --rename --divert /etc/xdg/autostart/gnome-keyring-gpg.desktop-disable --add /etc/xdg/autostart/gnome-keyring-gpg.desktop
dpkg-divert --local --rename --divert /etc/xdg/autostart/gnome-keyring-ssh.desktop-disable --add /etc/xdg/autostart/gnome-keyring-ssh.desktop
then making sure that no other such entries are in ~/.config/autostart and rebooting does not help: gnome-keyring still sets up all four sockets in /var/run /user/<uid>/keyring and $GPG_AGENT_INFO, thus blocking current Enigmail 1.9.
I see this as a serious bug in Mate's or Mint's gnome-keyring.  What are Mints' modifications (+betsy) to it?  In Cinnamon the above is reported to work.
Where should I file this bug and how could I work around it?  Downgrading back to Enigmail 1.8.2 is not satisfying.
Hansl
Level 3
Level 3
Posts: 122
Joined: Fri Dec 09, 2011 3:50 pm

Re: gnome-keyring vs. gpg-agent and Enigmail

Post by Hansl »

When starting gpg-agent with the options --use-standard-socket --write-env-file it writes its socket path to ~/.gpg-agent-info like
GPG_AGENT_INFO=/home/<username>/.gnupg/S.gpg-agent:3935:1
but it does not set GPG_AGENT_INFO.
While gnome-keyring sets GPG_AGENT_INFO to its own unwanted socket and I can't keep it from doing so.

Does anyone know a way to set GPG_AGENT_INFO to gpg-agent's socket when logging in to a Mate session so that variable is then corrected for the whole Mate session?

gnome-keyring is started from /etc/xdg/autostart while gpg-agent is started from ~/.config/autostart.
Hansl
Level 3
Level 3
Posts: 122
Joined: Fri Dec 09, 2011 3:50 pm

Re: gnome-keyring vs. gpg-agent and Enigmail

Post by Hansl »

I see the light now: mate-keyring was well-behaved and allowed gpg-agent to do its work or rather used it directly. 
Current gnome-keyring is impossible to keep from interfering:  it sets up a gpg handler socket and points GPG_AGENT_INFO to it, even when not called for.

gpg2 does start gpg-agent if not already running. BUT: Obviously gpg2 follows GPG_AGENT_INFO if set, but does not set or change it when starting gpg-agent.  Huh?  So gpg-agent is started but not found… When GPG_AGENT_INFO is manually unset or pointed to gpg-agent's socket, all is well.

To summarize my conclusions for LMDE2 Mate:  I do not need to set up an autostart for gpg-agent, but (when using gnome-keyring) I do need a wrapper script for Thunderbird unsetting GPG_AGENT_INFO or pointing it away from gnome-keyrings's socket to gpg-agent's socket.  Finally, solved for me.  Phew.
That script would be ~/bin/thunderbird or /usr/bin/thunderbird and you need to point your start menu entry to it. Thanks to Patrick Brunschwig, simple as this:

Code: Select all

#! /bin/bash 
unset GPG_AGENT_INFO
exec /opt/thunderbird/thunderbird "$@" 
mockturtl

Re: gnome-keyring vs. gpg-agent and Enigmail [SOLVED]

Post by mockturtl »

Hansl wrote:I see the light now:
Thanks!
Locked

Return to “LMDE Archive”