I just wanted to add that I had this issue for a while too on Ubuntu
20.04.1 LTS. None of the above solutions worked for me but what did work
was installing and using gnupg2.
Then edit /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin to use
gpg2 instead of gpg. So I edit the line /usr/bin/gpg rm to /usr/bin/gpg2
like below:
# there is abstractions/gnupg but that's just for gpg1...
profile gpg {
#include <abstractions/base>
/usr/bin/gpgconf rm,
/usr/bin/gpg2 rm,
/usr/bin/gpgsm rm,
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
}
# probably should become a subprofile like gpg above, but then it doesn't
# work either as it tries to access stuff only allowed above...
I hope this works for others too! My key generation took a while but it worked.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1886092
Title:
libreoffice doesn't list gpg private key for a digital signature due
to apparmor
Status in libreoffice package in Ubuntu:
Confirmed
Status in libreoffice source package in Focal:
Confirmed
Bug description:
LibreOffice should be able to digitally sign a document with a GPG
private key in the GPG key chain. However, the key is not listed in
the list of certificates shown following the menu File - Digital
Signatures - Digital Signatures... - Sign Document..., after, e.g.,
creating and saving a document on LibreOffice Writer.
This seems to be because apparmor doesn't allow LibreOffice to
communicate with GPG agent. /var/log/syslog shows lines like:
Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400
audit(1593652514.311:333): apparmor="DENIED" operation="connect"
profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg-
agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr"
fsuid=1001 ouid=1001
Locally, I could make LibreOffice show the GPG private key with the
following change against
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin
2019-10-03 10:31:21.000000000 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin 2020-07-02
08:59:44.516754728 -1000
@@ -223,6 +223,7 @@
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
+ owner /{,var/}run/user/*/** rw,
}
# probably should become a subprofile like gpg above, but then it doesn't
Tested with the following packages on Xfce4
$ lsb_release -rd
Description: Ubuntu 20.04 LTS
Release: 20.04
$ apt-cache policy libreoffice-common | grep Installed
Installed: 1:6.4.3-0ubuntu0.20.04.1
$ apt-cache policy gpg gpg-agent | grep -B1 Installed
gpg:
Installed: 2.2.19-3ubuntu2
--
gpg-agent:
Installed: 2.2.19-3ubuntu2
$ apt-cache policy apparmor | grep Installed
Installed: 2.13.3-7ubuntu5.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
