[Bug 1886092] [NEW] libreoffice doesn't list gpg private key for a digital signature

Thu, 02 Jul 2020 12:51:08 -0700 

Public bug reported:

LibreOffice should be able to digitally sign a document with a GPG
private key in the GPG key chain. However, the key is not listed in the
list of certificates shown following the menu File - Digital Signatures
- Digital Signatures... - Sign Document..., after, e.g., creating and
saving a document on LibreOffice Writer.

This seems to be because apparmor doesn't allow LibreOffice to
communicate with GPG agent. /var/log/syslog shows lines like:

Jul  1 15:15:14 misoan kernel: [20238.265212] audit: type=1400
audit(1593652514.311:333): apparmor="DENIED" operation="connect" profile
="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg-agent"
pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr" fsuid=1001
ouid=1001

Locally, I could make LibreOffice show the GPG private key with the
following change against
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin

--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 
10:31:21.000000000 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin  2020-07-02 
08:59:44.516754728 -1000
@@ -223,6 +223,7 @@
 
     owner @{HOME}/.gnupg/* r,
     owner @{HOME}/.gnupg/random_seed rk,
+    owner /{,var/}run/user/*/** rw,
   }
 
   # probably should become a subprofile like gpg above, but then it doesn't

Tested with the following packages on Xfce4
$ lsb_release -rd
Description:    Ubuntu 20.04 LTS
Release:        20.04
$ apt-cache policy libreoffice-common | grep Installed
  Installed: 1:6.4.3-0ubuntu0.20.04.1
$ apt-cache policy gpg gpg-agent | grep -B1 Installed
gpg:
  Installed: 2.2.19-3ubuntu2
--
gpg-agent:
  Installed: 2.2.19-3ubuntu2
$ apt-cache policy apparmor | grep Installed
  Installed: 2.13.3-7ubuntu5.1

** Affects: libreoffice (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1886092

Title:
  libreoffice doesn't list gpg private key for a digital signature

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to