Control: retitle 870073 enigmail: [jessie only] enigmail needs access to a 
running gpg-agent

On Sun 2017-08-06 16:16:18 +0200, Paul van der Vlis wrote:
> Op 31-07-17 om 23:38 schreef Daniel Kahn Gillmor:
>> I haven't seen this message at all.  are you certain that gpg-agent is
>> running?
> I don't see it when I using "ps aux".

ok, this is an issue that is specific to debian jessie only.  on stretch
and later, the gpg-agent has an autolaunch mechanism that avoids these
problems entirely.

>> Do you ever see a dialog box that prompts you for your gpg
>> password?
> When I first use Enigmail I am asked for a password. After that, I can
> use Enigmail without any question about a password (I don't like this
> behaviour. But I don't know how to turn it off).

It sounds like enigmail is auto-launching an agent during key
generation, and using it for the rest of the session.  I'd imagine if
you "killall gpg-agent" after key creation you will find that enigmail
no longer works.

enigmail expects gpg to use a gpg agent process.  It does not
prompt the user for a passphrase during normal use.

>> Can you try adding "use-agent" to your ~/.gnupg/gpg.conf  and then
>> logging out and logging back in again?
> Yes, the behaviour is still there when I use "use-agent" in
> ~/.gnupg/gpg.conf and logout and login again.
> But then I see gpg-agent running with "ps aux".

this is strange.  what do the following commands show when you've logged
in with "use-agent" running?

     echo $GPG_AGENT_INFO
     gpg-connect-agent 'getinfo socket_name' /bye

> The following tests are without "use-agent" in my gpg.conf.

you should put use-agent in gpg.conf if you want to use enigmail -- or
you should upgrade to stretch where it is on by default. :)

>> As a workaround, please also try closing thunderbird and then
>> re-launching it with the following command:
>>     gpg-agent --daemon thunderbird
>> Does that cause the error message to go away?
> Now, I get another dialog window asking me for the password. It has
> "pinentry" in the title.
> I don't get an error anymore while decrypting.
> Encryption seems to be OK, and asks again for a password.
> So this looks-like OK, but different as normal.

this is a workaround for you not having "use-agent" in your gpg.conf.

> Maybe this is interesting:
> gpg: WARNING: The GNOME keyring manager hijacked the GnuPG agent.
> gpg: WARNING: GnuPG will not work properly - please configure that tool
> to not interfere with the GnuPG system!
> I am using Cinnamon as my desktop-environment, and GDM3 as display manager.

please see:

for information about gnome-keyring and gpg-agent.  modern versions of
gnome-keyring and gpg-agent play nicer together.

> 2017-08-06 16:00:06.149 [DEBUG] enigmail.js: detectGpgAgent: 
> GPG_AGENT_INFO='/run/user/1000/keyring/gpg:0:1'

This is very surprising to me, especially for gpg-agent 2.0.26.  I don't
think that version of gpg-agent used /run/user -- i would expect it
instead to use something like /tmp/gpg-1uGi7D/S.gpg-agent:679:1

where is this value coming from?  have you modified any config files, or
tried to mix packages across versions of the distro?

I'm still not able to reproduce the specific behavior you describe,



Attachment: signature.asc
Description: PGP signature

Pkg-mozext-maintainers mailing list

Reply via email to