Op 07-08-17 om 18:57 schreef Daniel Kahn Gillmor:
> Control: retitle 870073 enigmail: [jessie only] enigmail needs access to a
> running gpg-agent
> On Sun 2017-08-06 16:16:18 +0200, Paul van der Vlis wrote:
>> Op 31-07-17 om 23:38 schreef Daniel Kahn Gillmor:
>>> I haven't seen this message at all. are you certain that gpg-agent is
>> I don't see it when I using "ps aux".
> ok, this is an issue that is specific to debian jessie only. on stretch
> and later, the gpg-agent has an autolaunch mechanism that avoids these
> problems entirely.
>>> Do you ever see a dialog box that prompts you for your gpg
>> When I first use Enigmail I am asked for a password. After that, I can
>> use Enigmail without any question about a password (I don't like this
>> behaviour. But I don't know how to turn it off).
> It sounds like enigmail is auto-launching an agent during key
> generation, and using it for the rest of the session. I'd imagine if
> you "killall gpg-agent" after key creation you will find that enigmail
> no longer works.
I have not created a keypair, I have an excisting keypair what I use.
> enigmail 22.214.171.124 expects gpg to use a gpg agent process. It does not
> prompt the user for a passphrase during normal use.
>>> Can you try adding "use-agent" to your ~/.gnupg/gpg.conf and then
>>> logging out and logging back in again?
>> Yes, the behaviour is still there when I use "use-agent" in
>> ~/.gnupg/gpg.conf and logout and login again.
>> But then I see gpg-agent running with "ps aux".
> this is strange. what do the following commands show when you've logged
> in with "use-agent" running?
> echo $GPG_AGENT_INFO
> gpg-connect-agent 'getinfo socket_name' /bye
ERR 280 not implemented
>> The following tests are without "use-agent" in my gpg.conf.
> you should put use-agent in gpg.conf if you want to use enigmail
I've done that now, but it does not work OK.
> -- or
> you should upgrade to stretch where it is on by default. :)
I would like to find out this problem first.
>>> As a workaround, please also try closing thunderbird and then
>>> re-launching it with the following command:
>>> gpg-agent --daemon thunderbird
>>> Does that cause the error message to go away?
>> Now, I get another dialog window asking me for the password. It has
>> "pinentry" in the title.
>> I don't get an error anymore while decrypting.
>> Encryption seems to be OK, and asks again for a password.
>> So this looks-like OK, but different as normal.
> this is a workaround for you not having "use-agent" in your gpg.conf.
I think it's also a workarround for the Gnome-keyring-hijaking...
>> Maybe this is interesting:
>> gpg: WARNING: The GNOME keyring manager hijacked the GnuPG agent.
>> gpg: WARNING: GnuPG will not work properly - please configure that tool
>> to not interfere with the GnuPG system!
>> I am using Cinnamon as my desktop-environment, and GDM3 as display manager.
> please see:
I did now as root:
dpkg-divert --local --rename --divert \
And I logged out and in again. Now I can use Enigmail, but it works not
really nice. Before I could turn-on encrypting and signing using the
menu. Now it says default "encrypt (auto)" and it's not clear if it's
encrypting or not. If I click on it, it says "encrypt" without "(auto)"
and then it works, but I cannot turn it off anymore using the menu. But
maybe this is new and normal.
> for information about gnome-keyring and gpg-agent. modern versions of
> gnome-keyring and gpg-agent play nicer together.
>> 2017-08-06 16:00:06.149 [DEBUG] enigmail.js: detectGpgAgent:
> This is very surprising to me, especially for gpg-agent 2.0.26. I don't
> think that version of gpg-agent used /run/user -- i would expect it
> instead to use something like /tmp/gpg-1uGi7D/S.gpg-agent:679:1
> where is this value coming from? have you modified any config files, or
> tried to mix packages across versions of the distro?
No, my installation is "clean". I don't do strange things on this
production machine. But maybe I have copied my ~/.gnupg directory from
my old computer and are there now other defaults.
> I'm still not able to reproduce the specific behavior you describe,
Maybe this is interesting for you:
paul@laptopp:~$ echo $GPG_AGENT_INFO
paul@laptopp:~$ gpg-connect-agent 'getinfo socket_name' /bye
This is after the "dpkg-divert" command.
So I think what other people with this probleme have to do is:
echo "use-agent" >> ~/.gnupg/gpg.conf
sudo dpkg-divert --local --rename --divert \
logout and login again.
Thanks very much for your help!
Paul van der Vlis
Paul van der Vlis Linux systeembeheer Groningen
Pkg-mozext-maintainers mailing list