Hello Daniel, Op 07-08-17 om 18:57 schreef Daniel Kahn Gillmor: > Control: retitle 870073 enigmail: [jessie only] enigmail needs access to a > running gpg-agent > > On Sun 2017-08-06 16:16:18 +0200, Paul van der Vlis wrote: >> Op 31-07-17 om 23:38 schreef Daniel Kahn Gillmor: >>> I haven't seen this message at all. are you certain that gpg-agent is >>> running? >> >> I don't see it when I using "ps aux". > > ok, this is an issue that is specific to debian jessie only. on stretch > and later, the gpg-agent has an autolaunch mechanism that avoids these > problems entirely.
Aha. >>> Do you ever see a dialog box that prompts you for your gpg >>> password? >> >> When I first use Enigmail I am asked for a password. After that, I can >> use Enigmail without any question about a password (I don't like this >> behaviour. But I don't know how to turn it off). > > It sounds like enigmail is auto-launching an agent during key > generation, and using it for the rest of the session. I'd imagine if > you "killall gpg-agent" after key creation you will find that enigmail > no longer works. I have not created a keypair, I have an excisting keypair what I use. > enigmail 1.9.8.1 expects gpg to use a gpg agent process. It does not > prompt the user for a passphrase during normal use. Aha. >>> Can you try adding "use-agent" to your ~/.gnupg/gpg.conf and then >>> logging out and logging back in again? >> >> Yes, the behaviour is still there when I use "use-agent" in >> ~/.gnupg/gpg.conf and logout and login again. >> >> But then I see gpg-agent running with "ps aux". > > this is strange. what do the following commands show when you've logged > in with "use-agent" running? > > > echo $GPG_AGENT_INFO /run/user/1000/keyring/gpg:0:1 > gpg-connect-agent 'getinfo socket_name' /bye ERR 280 not implemented >> The following tests are without "use-agent" in my gpg.conf. > > you should put use-agent in gpg.conf if you want to use enigmail I've done that now, but it does not work OK. > -- or > you should upgrade to stretch where it is on by default. :) I would like to find out this problem first. >>> As a workaround, please also try closing thunderbird and then >>> re-launching it with the following command: >>> >>> gpg-agent --daemon thunderbird >>> >>> Does that cause the error message to go away? >> >> Now, I get another dialog window asking me for the password. It has >> "pinentry" in the title. >> I don't get an error anymore while decrypting. >> Encryption seems to be OK, and asks again for a password. >> >> So this looks-like OK, but different as normal. > > this is a workaround for you not having "use-agent" in your gpg.conf. I think it's also a workarround for the Gnome-keyring-hijaking... >> Maybe this is interesting: >> gpg: WARNING: The GNOME keyring manager hijacked the GnuPG agent. >> gpg: WARNING: GnuPG will not work properly - please configure that tool >> to not interfere with the GnuPG system! >> >> I am using Cinnamon as my desktop-environment, and GDM3 as display manager. > > please see: > > https://wiki.gnupg.org/GnomeKeyring I did now as root: dpkg-divert --local --rename --divert \ /etc/xdg/autostart/gnome-keyring-gpg.desktop-disable \ --add /etc/xdg/autostart/gnome-keyring-gpg.desktop And I logged out and in again. Now I can use Enigmail, but it works not really nice. Before I could turn-on encrypting and signing using the menu. Now it says default "encrypt (auto)" and it's not clear if it's encrypting or not. If I click on it, it says "encrypt" without "(auto)" and then it works, but I cannot turn it off anymore using the menu. But maybe this is new and normal. > for information about gnome-keyring and gpg-agent. modern versions of > gnome-keyring and gpg-agent play nicer together. > >> 2017-08-06 16:00:06.149 [DEBUG] enigmail.js: detectGpgAgent: >> GPG_AGENT_INFO='/run/user/1000/keyring/gpg:0:1' > > This is very surprising to me, especially for gpg-agent 2.0.26. I don't > think that version of gpg-agent used /run/user -- i would expect it > instead to use something like /tmp/gpg-1uGi7D/S.gpg-agent:679:1 > > where is this value coming from? have you modified any config files, or > tried to mix packages across versions of the distro? No, my installation is "clean". I don't do strange things on this production machine. But maybe I have copied my ~/.gnupg directory from my old computer and are there now other defaults. > I'm still not able to reproduce the specific behavior you describe, > unfortunately. Maybe this is interesting for you: ------- paul@laptopp:~$ echo $GPG_AGENT_INFO /tmp/gpg-ti0k4C/S.gpg-agent:10207:1 paul@laptopp:~$ paul@laptopp:~$ gpg-connect-agent 'getinfo socket_name' /bye D /tmp/gpg-ti0k4C/S.gpg-agent OK paul@laptopp:~$ ------ This is after the "dpkg-divert" command. So I think what other people with this probleme have to do is: --------- echo "use-agent" >> ~/.gnupg/gpg.conf sudo dpkg-divert --local --rename --divert \ /etc/xdg/autostart/gnome-keyring-gpg.desktop-disable \ --add /etc/xdg/autostart/gnome-keyring-gpg.desktop logout and login again. --------- Thanks very much for your help! With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/
