gnome-keyring vs. gpg-agent and Enigmail [SOLVED]
Forum rules
LMDE 2 has reached end of support as of 1-1-2019
LMDE 2 has reached end of support as of 1-1-2019
gnome-keyring vs. gpg-agent and Enigmail [SOLVED]
gnome-keyring is clashing with gpg-agent, this is no news, there had been difficulties, but Thunderbird with Enigmail was usable.
The last update of Enigmail to V 1.9 two days ago now forces the use of gpg2 and this crashes several people's Enigmail.
See over at Enigmail: https://sourceforge.net/p/enigmail/foru ... /b9a12681/ and https://sourceforge.net/p/enigmail/foru ... /f99ae0fa/. This seems to affect LMDE2 / Debian Jessie with Mate:
It seems impossible to prevent gnome-keyring from hijacking gpg-agent although diverse attempts were made to disable it.
The approaches from https://admin.hostpoint.ch/pipermail/en ... 03674.html do not work (anymore?).
To me, it looks like current gnome-keyring stubbornly starts all its components, sets up all its four sockets and $GPG_AGENT_INFO even though the gpg component is not called for…? Even completely removing all gnome-keyring-gpg.desktop entries does not help.
One machine still using the deprecated mate-keyring does not show these problems.
This effectively blocks mail encryption in our small company.
Any ideas, someone? Maybe a workaround by unsetting $GPG_AGENT_INFO for the whole Mate environment, how could that be done?
The last update of Enigmail to V 1.9 two days ago now forces the use of gpg2 and this crashes several people's Enigmail.
See over at Enigmail: https://sourceforge.net/p/enigmail/foru ... /b9a12681/ and https://sourceforge.net/p/enigmail/foru ... /f99ae0fa/. This seems to affect LMDE2 / Debian Jessie with Mate:
It seems impossible to prevent gnome-keyring from hijacking gpg-agent although diverse attempts were made to disable it.
The approaches from https://admin.hostpoint.ch/pipermail/en ... 03674.html do not work (anymore?).
To me, it looks like current gnome-keyring stubbornly starts all its components, sets up all its four sockets and $GPG_AGENT_INFO even though the gpg component is not called for…? Even completely removing all gnome-keyring-gpg.desktop entries does not help.
One machine still using the deprecated mate-keyring does not show these problems.
This effectively blocks mail encryption in our small company.
Any ideas, someone? Maybe a workaround by unsetting $GPG_AGENT_INFO for the whole Mate environment, how could that be done?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: gnome-keyring vs. gpg-agent and Enigmail
I "fixed" it by installing Enigmail 1.8.2 from synaptic, Icedove will then also be installed. Renamed .thunderbird to .icedove and everything works fine again.
LMDE 2 MATE x64
LMDE 2 MATE x64
Re: gnome-keyring vs. gpg-agent and Enigmail
How?I "fixed" it by installing Enigmail 1.8.2 from synaptic
Code: Select all
$ sudo apt-get install enigmail=1.8.2
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Version '1.8.2' for 'enigmail' was not found
Re: gnome-keyring vs. gpg-agent and Enigmail
The version string is not exactly "1.8.2". Use (say) "2:1.8.2-4~deb8u1".goiken wrote:How?
Code: Select all
$ apt-cache policy enigmail
enigmail:
Installed: (none)
Candidate: 2:1.8.2-4~deb8u1
Version table:
2:1.8.2-4 99
50 http://http.debian.net/debian unstable/main amd64 Packages
99 http://http.debian.net/debian testing/main amd64 Packages
2:1.8.2-4~deb8u1 500
500 http://security.debian.org jessie/updates/main amd64 Packages
2:1.7.2-3 500
500 http://ftp.us.debian.org/debian jessie/main amd64 Packages
Re: gnome-keyring vs. gpg-agent and Enigmail
Like I said, using Synapticgoiken wrote:How?I "fixed" it by installing Enigmail 1.8.2 from synaptic
Re: gnome-keyring vs. gpg-agent and Enigmail
In LMDE2 with Mate 1.12.01+betsy disabling both gpg and ssh via
then making sure that no other such entries are in ~/.config/autostart and rebooting does not help: gnome-keyring still sets up all four sockets in /var/run /user/<uid>/keyring and $GPG_AGENT_INFO, thus blocking current Enigmail 1.9.
I see this as a serious bug in Mate's or Mint's gnome-keyring. What are Mints' modifications (+betsy) to it? In Cinnamon the above is reported to work.
Where should I file this bug and how could I work around it? Downgrading back to Enigmail 1.8.2 is not satisfying.
Code: Select all
dpkg-divert --local --rename --divert /etc/xdg/autostart/gnome-keyring-gpg.desktop-disable --add /etc/xdg/autostart/gnome-keyring-gpg.desktop
dpkg-divert --local --rename --divert /etc/xdg/autostart/gnome-keyring-ssh.desktop-disable --add /etc/xdg/autostart/gnome-keyring-ssh.desktop
I see this as a serious bug in Mate's or Mint's gnome-keyring. What are Mints' modifications (+betsy) to it? In Cinnamon the above is reported to work.
Where should I file this bug and how could I work around it? Downgrading back to Enigmail 1.8.2 is not satisfying.
Re: gnome-keyring vs. gpg-agent and Enigmail
When starting gpg-agent with the options --use-standard-socket --write-env-file it writes its socket path to ~/.gpg-agent-info like
GPG_AGENT_INFO=/home/<username>/.gnupg/S.gpg-agent:3935:1
but it does not set GPG_AGENT_INFO.
While gnome-keyring sets GPG_AGENT_INFO to its own unwanted socket and I can't keep it from doing so.
Does anyone know a way to set GPG_AGENT_INFO to gpg-agent's socket when logging in to a Mate session so that variable is then corrected for the whole Mate session?
gnome-keyring is started from /etc/xdg/autostart while gpg-agent is started from ~/.config/autostart.
GPG_AGENT_INFO=/home/<username>/.gnupg/S.gpg-agent:3935:1
but it does not set GPG_AGENT_INFO.
While gnome-keyring sets GPG_AGENT_INFO to its own unwanted socket and I can't keep it from doing so.
Does anyone know a way to set GPG_AGENT_INFO to gpg-agent's socket when logging in to a Mate session so that variable is then corrected for the whole Mate session?
gnome-keyring is started from /etc/xdg/autostart while gpg-agent is started from ~/.config/autostart.
Re: gnome-keyring vs. gpg-agent and Enigmail
I see the light now: mate-keyring was well-behaved and allowed gpg-agent to do its work or rather used it directly.
Current gnome-keyring is impossible to keep from interfering: it sets up a gpg handler socket and points GPG_AGENT_INFO to it, even when not called for.
gpg2 does start gpg-agent if not already running. BUT: Obviously gpg2 follows GPG_AGENT_INFO if set, but does not set or change it when starting gpg-agent. Huh? So gpg-agent is started but not found… When GPG_AGENT_INFO is manually unset or pointed to gpg-agent's socket, all is well.
To summarize my conclusions for LMDE2 Mate: I do not need to set up an autostart for gpg-agent, but (when using gnome-keyring) I do need a wrapper script for Thunderbird unsetting GPG_AGENT_INFO or pointing it away from gnome-keyrings's socket to gpg-agent's socket. Finally, solved for me. Phew.
That script would be ~/bin/thunderbird or /usr/bin/thunderbird and you need to point your start menu entry to it. Thanks to Patrick Brunschwig, simple as this:
Current gnome-keyring is impossible to keep from interfering: it sets up a gpg handler socket and points GPG_AGENT_INFO to it, even when not called for.
gpg2 does start gpg-agent if not already running. BUT: Obviously gpg2 follows GPG_AGENT_INFO if set, but does not set or change it when starting gpg-agent. Huh? So gpg-agent is started but not found… When GPG_AGENT_INFO is manually unset or pointed to gpg-agent's socket, all is well.
To summarize my conclusions for LMDE2 Mate: I do not need to set up an autostart for gpg-agent, but (when using gnome-keyring) I do need a wrapper script for Thunderbird unsetting GPG_AGENT_INFO or pointing it away from gnome-keyrings's socket to gpg-agent's socket. Finally, solved for me. Phew.
That script would be ~/bin/thunderbird or /usr/bin/thunderbird and you need to point your start menu entry to it. Thanks to Patrick Brunschwig, simple as this:
Code: Select all
#! /bin/bash
unset GPG_AGENT_INFO
exec /opt/thunderbird/thunderbird "$@"
Re: gnome-keyring vs. gpg-agent and Enigmail [SOLVED]
Thanks!Hansl wrote:I see the light now: