[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
This bug was fixed in the package libreoffice - 1:7.0.6-0ubuntu0.20.10.1 --- libreoffice (1:7.0.6-0ubuntu0.20.10.1) groovy; urgency=medium * New upstream release (LP: #1928642) * Update yaru icon style "2021-03-14" * apparmor: Fix signing documents with enforced apparmor * apparmor: Allow one more digit in temp files -- Rico Tzschichholz Tue, 18 May 2021 11:25:50 +0200 ** Changed in: libreoffice (Ubuntu Groovy) Status: New => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1886092 Title: libreoffice doesn't list gpg private key for a digital signature due to apparmor Status in libreoffice package in Ubuntu: Fix Released Status in libreoffice source package in Focal: Confirmed Status in libreoffice source package in Groovy: Fix Released Status in libreoffice source package in Hirsute: Fix Released Bug description: LibreOffice should be able to digitally sign a document with a GPG private key in the GPG key chain. However, the key is not listed in the list of certificates shown following the menu File - Digital Signatures - Digital Signatures... - Sign Document..., after, e.g., creating and saving a document on LibreOffice Writer. This seems to be because apparmor doesn't allow LibreOffice to communicate with GPG agent. /var/log/syslog shows lines like: Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400 audit(1593652514.311:333): apparmor="DENIED" operation="connect" profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg- agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001 Locally, I could make LibreOffice show the GPG private key with the following change against /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin --- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.0 -1000 +++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02 08:59:44.516754728 -1000 @@ -223,6 +223,7 @@ owner @{HOME}/.gnupg/* r, owner @{HOME}/.gnupg/random_seed rk, +owner /{,var/}run/user/*/** rw, } # probably should become a subprofile like gpg above, but then it doesn't Tested with the following packages on Xfce4 $ lsb_release -rd Description: Ubuntu 20.04 LTS Release: 20.04 $ apt-cache policy libreoffice-common | grep Installed Installed: 1:6.4.3-0ubuntu0.20.04.1 $ apt-cache policy gpg gpg-agent | grep -B1 Installed gpg: Installed: 2.2.19-3ubuntu2 -- gpg-agent: Installed: 2.2.19-3ubuntu2 $ apt-cache policy apparmor | grep Installed Installed: 2.13.3-7ubuntu5.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
Marcelo, you can see which versions of libreoffice are packaged in which Ubuntu releases via the libreoffice source package page on launchpad https://launchpad.net/ubuntu/+source/libreoffice There's a link at the bottom of that page to help you explore versions that might be published in PPAs. Thanks -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1886092 Title: libreoffice doesn't list gpg private key for a digital signature due to apparmor Status in libreoffice package in Ubuntu: Fix Released Status in libreoffice source package in Focal: Confirmed Status in libreoffice source package in Groovy: New Status in libreoffice source package in Hirsute: Fix Released Bug description: LibreOffice should be able to digitally sign a document with a GPG private key in the GPG key chain. However, the key is not listed in the list of certificates shown following the menu File - Digital Signatures - Digital Signatures... - Sign Document..., after, e.g., creating and saving a document on LibreOffice Writer. This seems to be because apparmor doesn't allow LibreOffice to communicate with GPG agent. /var/log/syslog shows lines like: Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400 audit(1593652514.311:333): apparmor="DENIED" operation="connect" profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg- agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001 Locally, I could make LibreOffice show the GPG private key with the following change against /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin --- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.0 -1000 +++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02 08:59:44.516754728 -1000 @@ -223,6 +223,7 @@ owner @{HOME}/.gnupg/* r, owner @{HOME}/.gnupg/random_seed rk, +owner /{,var/}run/user/*/** rw, } # probably should become a subprofile like gpg above, but then it doesn't Tested with the following packages on Xfce4 $ lsb_release -rd Description: Ubuntu 20.04 LTS Release: 20.04 $ apt-cache policy libreoffice-common | grep Installed Installed: 1:6.4.3-0ubuntu0.20.04.1 $ apt-cache policy gpg gpg-agent | grep -B1 Installed gpg: Installed: 2.2.19-3ubuntu2 -- gpg-agent: Installed: 2.2.19-3ubuntu2 $ apt-cache policy apparmor | grep Installed Installed: 2.13.3-7ubuntu5.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
Today I upgraded libreoffice via PPA from version 7.1.2 to version 7.1.4 where the digital document signature function stopped working. When informed about the resolution of this bug in version 7.1.2, I didn't find the date of update of libreoffice from version 6.4.7 to 7.1.2 in ubuntu version 20.04, so I decided to test version 7.1.2 via PPA and it worked. With the update via PPA this function was now stopped working with version 7.1.4. Is there any relationship in ubuntu regarding these libreoffice versions? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1886092 Title: libreoffice doesn't list gpg private key for a digital signature due to apparmor Status in libreoffice package in Ubuntu: Fix Released Status in libreoffice source package in Focal: Confirmed Status in libreoffice source package in Groovy: New Status in libreoffice source package in Hirsute: Fix Released Bug description: LibreOffice should be able to digitally sign a document with a GPG private key in the GPG key chain. However, the key is not listed in the list of certificates shown following the menu File - Digital Signatures - Digital Signatures... - Sign Document..., after, e.g., creating and saving a document on LibreOffice Writer. This seems to be because apparmor doesn't allow LibreOffice to communicate with GPG agent. /var/log/syslog shows lines like: Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400 audit(1593652514.311:333): apparmor="DENIED" operation="connect" profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg- agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001 Locally, I could make LibreOffice show the GPG private key with the following change against /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin --- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.0 -1000 +++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02 08:59:44.516754728 -1000 @@ -223,6 +223,7 @@ owner @{HOME}/.gnupg/* r, owner @{HOME}/.gnupg/random_seed rk, +owner /{,var/}run/user/*/** rw, } # probably should become a subprofile like gpg above, but then it doesn't Tested with the following packages on Xfce4 $ lsb_release -rd Description: Ubuntu 20.04 LTS Release: 20.04 $ apt-cache policy libreoffice-common | grep Installed Installed: 1:6.4.3-0ubuntu0.20.04.1 $ apt-cache policy gpg gpg-agent | grep -B1 Installed gpg: Installed: 2.2.19-3ubuntu2 -- gpg-agent: Installed: 2.2.19-3ubuntu2 $ apt-cache policy apparmor | grep Installed Installed: 2.13.3-7ubuntu5.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
This bug was fixed in the package libreoffice - 1:7.1.2~rc2-0ubuntu1 --- libreoffice (1:7.1.2~rc2-0ubuntu1) hirsute; urgency=medium [ Rico Tzschichholz ] * New upstream release candidate * Bump yaru source to "2021-03-14" and add yaru-mate styles * Fix signing documents with enforced apparmor (LP: #1886092) * Disable lto due to insufficient disc space on amd64 builder [ Matthias Klose ] * Fix lto build, avoiding to pass lto flags to the skia build. -- Rico Tzschichholz Sat, 27 Mar 2021 16:01:35 +0100 ** Changed in: libreoffice (Ubuntu Hirsute) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1886092 Title: libreoffice doesn't list gpg private key for a digital signature due to apparmor Status in libreoffice package in Ubuntu: Fix Released Status in libreoffice source package in Focal: Confirmed Status in libreoffice source package in Groovy: New Status in libreoffice source package in Hirsute: Fix Released Bug description: LibreOffice should be able to digitally sign a document with a GPG private key in the GPG key chain. However, the key is not listed in the list of certificates shown following the menu File - Digital Signatures - Digital Signatures... - Sign Document..., after, e.g., creating and saving a document on LibreOffice Writer. This seems to be because apparmor doesn't allow LibreOffice to communicate with GPG agent. /var/log/syslog shows lines like: Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400 audit(1593652514.311:333): apparmor="DENIED" operation="connect" profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg- agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001 Locally, I could make LibreOffice show the GPG private key with the following change against /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin --- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.0 -1000 +++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02 08:59:44.516754728 -1000 @@ -223,6 +223,7 @@ owner @{HOME}/.gnupg/* r, owner @{HOME}/.gnupg/random_seed rk, +owner /{,var/}run/user/*/** rw, } # probably should become a subprofile like gpg above, but then it doesn't Tested with the following packages on Xfce4 $ lsb_release -rd Description: Ubuntu 20.04 LTS Release: 20.04 $ apt-cache policy libreoffice-common | grep Installed Installed: 1:6.4.3-0ubuntu0.20.04.1 $ apt-cache policy gpg gpg-agent | grep -B1 Installed gpg: Installed: 2.2.19-3ubuntu2 -- gpg-agent: Installed: 2.2.19-3ubuntu2 $ apt-cache policy apparmor | grep Installed Installed: 2.13.3-7ubuntu5.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
Thanks all! -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1886092 Title: libreoffice doesn't list gpg private key for a digital signature due to apparmor Status in libreoffice package in Ubuntu: Fix Committed Status in libreoffice source package in Focal: Confirmed Status in libreoffice source package in Groovy: New Status in libreoffice source package in Hirsute: Fix Committed Bug description: LibreOffice should be able to digitally sign a document with a GPG private key in the GPG key chain. However, the key is not listed in the list of certificates shown following the menu File - Digital Signatures - Digital Signatures... - Sign Document..., after, e.g., creating and saving a document on LibreOffice Writer. This seems to be because apparmor doesn't allow LibreOffice to communicate with GPG agent. /var/log/syslog shows lines like: Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400 audit(1593652514.311:333): apparmor="DENIED" operation="connect" profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg- agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001 Locally, I could make LibreOffice show the GPG private key with the following change against /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin --- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.0 -1000 +++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02 08:59:44.516754728 -1000 @@ -223,6 +223,7 @@ owner @{HOME}/.gnupg/* r, owner @{HOME}/.gnupg/random_seed rk, +owner /{,var/}run/user/*/** rw, } # probably should become a subprofile like gpg above, but then it doesn't Tested with the following packages on Xfce4 $ lsb_release -rd Description: Ubuntu 20.04 LTS Release: 20.04 $ apt-cache policy libreoffice-common | grep Installed Installed: 1:6.4.3-0ubuntu0.20.04.1 $ apt-cache policy gpg gpg-agent | grep -B1 Installed gpg: Installed: 2.2.19-3ubuntu2 -- gpg-agent: Installed: 2.2.19-3ubuntu2 $ apt-cache policy apparmor | grep Installed Installed: 2.13.3-7ubuntu5.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
** Changed in: libreoffice (Ubuntu Hirsute) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1886092 Title: libreoffice doesn't list gpg private key for a digital signature due to apparmor Status in libreoffice package in Ubuntu: Fix Committed Status in libreoffice source package in Focal: Confirmed Status in libreoffice source package in Groovy: New Status in libreoffice source package in Hirsute: Fix Committed Bug description: LibreOffice should be able to digitally sign a document with a GPG private key in the GPG key chain. However, the key is not listed in the list of certificates shown following the menu File - Digital Signatures - Digital Signatures... - Sign Document..., after, e.g., creating and saving a document on LibreOffice Writer. This seems to be because apparmor doesn't allow LibreOffice to communicate with GPG agent. /var/log/syslog shows lines like: Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400 audit(1593652514.311:333): apparmor="DENIED" operation="connect" profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg- agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001 Locally, I could make LibreOffice show the GPG private key with the following change against /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin --- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.0 -1000 +++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02 08:59:44.516754728 -1000 @@ -223,6 +223,7 @@ owner @{HOME}/.gnupg/* r, owner @{HOME}/.gnupg/random_seed rk, +owner /{,var/}run/user/*/** rw, } # probably should become a subprofile like gpg above, but then it doesn't Tested with the following packages on Xfce4 $ lsb_release -rd Description: Ubuntu 20.04 LTS Release: 20.04 $ apt-cache policy libreoffice-common | grep Installed Installed: 1:6.4.3-0ubuntu0.20.04.1 $ apt-cache policy gpg gpg-agent | grep -B1 Installed gpg: Installed: 2.2.19-3ubuntu2 -- gpg-agent: Installed: 2.2.19-3ubuntu2 $ apt-cache policy apparmor | grep Installed Installed: 2.13.3-7ubuntu5.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
** Also affects: libreoffice (Ubuntu Hirsute) Importance: Low Assignee: Rico Tzschichholz (ricotz) Status: Confirmed ** Also affects: libreoffice (Ubuntu Groovy) Importance: Undecided Status: New ** Changed in: libreoffice (Ubuntu Hirsute) Status: Confirmed => In Progress ** Changed in: libreoffice (Ubuntu Groovy) Assignee: (unassigned) => Rico Tzschichholz (ricotz) ** Changed in: libreoffice (Ubuntu Groovy) Importance: Undecided => Low -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1886092 Title: libreoffice doesn't list gpg private key for a digital signature due to apparmor Status in libreoffice package in Ubuntu: In Progress Status in libreoffice source package in Focal: Confirmed Status in libreoffice source package in Groovy: New Status in libreoffice source package in Hirsute: In Progress Bug description: LibreOffice should be able to digitally sign a document with a GPG private key in the GPG key chain. However, the key is not listed in the list of certificates shown following the menu File - Digital Signatures - Digital Signatures... - Sign Document..., after, e.g., creating and saving a document on LibreOffice Writer. This seems to be because apparmor doesn't allow LibreOffice to communicate with GPG agent. /var/log/syslog shows lines like: Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400 audit(1593652514.311:333): apparmor="DENIED" operation="connect" profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg- agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001 Locally, I could make LibreOffice show the GPG private key with the following change against /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin --- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.0 -1000 +++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02 08:59:44.516754728 -1000 @@ -223,6 +223,7 @@ owner @{HOME}/.gnupg/* r, owner @{HOME}/.gnupg/random_seed rk, +owner /{,var/}run/user/*/** rw, } # probably should become a subprofile like gpg above, but then it doesn't Tested with the following packages on Xfce4 $ lsb_release -rd Description: Ubuntu 20.04 LTS Release: 20.04 $ apt-cache policy libreoffice-common | grep Installed Installed: 1:6.4.3-0ubuntu0.20.04.1 $ apt-cache policy gpg gpg-agent | grep -B1 Installed gpg: Installed: 2.2.19-3ubuntu2 -- gpg-agent: Installed: 2.2.19-3ubuntu2 $ apt-cache policy apparmor | grep Installed Installed: 2.13.3-7ubuntu5.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
** Changed in: libreoffice (Ubuntu Focal) Assignee: (unassigned) => Rico Tzschichholz (ricotz) ** Changed in: libreoffice (Ubuntu) Assignee: (unassigned) => Rico Tzschichholz (ricotz) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1886092 Title: libreoffice doesn't list gpg private key for a digital signature due to apparmor Status in libreoffice package in Ubuntu: Confirmed Status in libreoffice source package in Focal: Confirmed Bug description: LibreOffice should be able to digitally sign a document with a GPG private key in the GPG key chain. However, the key is not listed in the list of certificates shown following the menu File - Digital Signatures - Digital Signatures... - Sign Document..., after, e.g., creating and saving a document on LibreOffice Writer. This seems to be because apparmor doesn't allow LibreOffice to communicate with GPG agent. /var/log/syslog shows lines like: Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400 audit(1593652514.311:333): apparmor="DENIED" operation="connect" profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg- agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001 Locally, I could make LibreOffice show the GPG private key with the following change against /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin --- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.0 -1000 +++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02 08:59:44.516754728 -1000 @@ -223,6 +223,7 @@ owner @{HOME}/.gnupg/* r, owner @{HOME}/.gnupg/random_seed rk, +owner /{,var/}run/user/*/** rw, } # probably should become a subprofile like gpg above, but then it doesn't Tested with the following packages on Xfce4 $ lsb_release -rd Description: Ubuntu 20.04 LTS Release: 20.04 $ apt-cache policy libreoffice-common | grep Installed Installed: 1:6.4.3-0ubuntu0.20.04.1 $ apt-cache policy gpg gpg-agent | grep -B1 Installed gpg: Installed: 2.2.19-3ubuntu2 -- gpg-agent: Installed: 2.2.19-3ubuntu2 $ apt-cache policy apparmor | grep Installed Installed: 2.13.3-7ubuntu5.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
** Changed in: libreoffice (Ubuntu) Assignee: Heather Ellsworth (hellsworth) => (unassigned) ** Changed in: libreoffice (Ubuntu Focal) Assignee: Heather Ellsworth (hellsworth) => (unassigned) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1886092 Title: libreoffice doesn't list gpg private key for a digital signature due to apparmor Status in libreoffice package in Ubuntu: Confirmed Status in libreoffice source package in Focal: Confirmed Bug description: LibreOffice should be able to digitally sign a document with a GPG private key in the GPG key chain. However, the key is not listed in the list of certificates shown following the menu File - Digital Signatures - Digital Signatures... - Sign Document..., after, e.g., creating and saving a document on LibreOffice Writer. This seems to be because apparmor doesn't allow LibreOffice to communicate with GPG agent. /var/log/syslog shows lines like: Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400 audit(1593652514.311:333): apparmor="DENIED" operation="connect" profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg- agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001 Locally, I could make LibreOffice show the GPG private key with the following change against /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin --- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.0 -1000 +++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02 08:59:44.516754728 -1000 @@ -223,6 +223,7 @@ owner @{HOME}/.gnupg/* r, owner @{HOME}/.gnupg/random_seed rk, +owner /{,var/}run/user/*/** rw, } # probably should become a subprofile like gpg above, but then it doesn't Tested with the following packages on Xfce4 $ lsb_release -rd Description: Ubuntu 20.04 LTS Release: 20.04 $ apt-cache policy libreoffice-common | grep Installed Installed: 1:6.4.3-0ubuntu0.20.04.1 $ apt-cache policy gpg gpg-agent | grep -B1 Installed gpg: Installed: 2.2.19-3ubuntu2 -- gpg-agent: Installed: 2.2.19-3ubuntu2 $ apt-cache policy apparmor | grep Installed Installed: 2.13.3-7ubuntu5.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
Confirming that fix suggested by Zunda in the bug description works for me on Ubuntu 20.04.2 LTS and LibreOffice Ubuntu package version: 1:7.1.1~rc2-0ubuntu0.20.04.1~lo1. Below, the fix I repeated again just to make sure everybody understand exactly what I did. --- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.0 -1000 +++ apparmor.d/usr.lib.libreoffice.program.soffice.bin 2020-07-02 08:59:44.516754728 -1000 @@ -223,6 +223,7 @@ owner @{HOME}/.gnupg/* r, owner @{HOME}/.gnupg/random_seed rk, + owner /{,var/}run/user/*/** rw, } -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1886092 Title: libreoffice doesn't list gpg private key for a digital signature due to apparmor Status in libreoffice package in Ubuntu: Confirmed Status in libreoffice source package in Focal: Confirmed Bug description: LibreOffice should be able to digitally sign a document with a GPG private key in the GPG key chain. However, the key is not listed in the list of certificates shown following the menu File - Digital Signatures - Digital Signatures... - Sign Document..., after, e.g., creating and saving a document on LibreOffice Writer. This seems to be because apparmor doesn't allow LibreOffice to communicate with GPG agent. /var/log/syslog shows lines like: Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400 audit(1593652514.311:333): apparmor="DENIED" operation="connect" profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg- agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001 Locally, I could make LibreOffice show the GPG private key with the following change against /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin --- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.0 -1000 +++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02 08:59:44.516754728 -1000 @@ -223,6 +223,7 @@ owner @{HOME}/.gnupg/* r, owner @{HOME}/.gnupg/random_seed rk, +owner /{,var/}run/user/*/** rw, } # probably should become a subprofile like gpg above, but then it doesn't Tested with the following packages on Xfce4 $ lsb_release -rd Description: Ubuntu 20.04 LTS Release: 20.04 $ apt-cache policy libreoffice-common | grep Installed Installed: 1:6.4.3-0ubuntu0.20.04.1 $ apt-cache policy gpg gpg-agent | grep -B1 Installed gpg: Installed: 2.2.19-3ubuntu2 -- gpg-agent: Installed: 2.2.19-3ubuntu2 $ apt-cache policy apparmor | grep Installed Installed: 2.13.3-7ubuntu5.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
I just wanted to add that I had this issue for a while too on Ubuntu 20.04.1 LTS. None of the above solutions worked for me but what did work was installing and using gnupg2. Then edit /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin to use gpg2 instead of gpg. So I edit the line /usr/bin/gpg rm to /usr/bin/gpg2 like below: # there is abstractions/gnupg but that's just for gpg1... profile gpg { #include /usr/bin/gpgconf rm, /usr/bin/gpg2 rm, /usr/bin/gpgsm rm, owner @{HOME}/.gnupg/* r, owner @{HOME}/.gnupg/random_seed rk, } # probably should become a subprofile like gpg above, but then it doesn't # work either as it tries to access stuff only allowed above... I hope this works for others too! My key generation took a while but it worked. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1886092 Title: libreoffice doesn't list gpg private key for a digital signature due to apparmor Status in libreoffice package in Ubuntu: Confirmed Status in libreoffice source package in Focal: Confirmed Bug description: LibreOffice should be able to digitally sign a document with a GPG private key in the GPG key chain. However, the key is not listed in the list of certificates shown following the menu File - Digital Signatures - Digital Signatures... - Sign Document..., after, e.g., creating and saving a document on LibreOffice Writer. This seems to be because apparmor doesn't allow LibreOffice to communicate with GPG agent. /var/log/syslog shows lines like: Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400 audit(1593652514.311:333): apparmor="DENIED" operation="connect" profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg- agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001 Locally, I could make LibreOffice show the GPG private key with the following change against /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin --- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.0 -1000 +++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02 08:59:44.516754728 -1000 @@ -223,6 +223,7 @@ owner @{HOME}/.gnupg/* r, owner @{HOME}/.gnupg/random_seed rk, +owner /{,var/}run/user/*/** rw, } # probably should become a subprofile like gpg above, but then it doesn't Tested with the following packages on Xfce4 $ lsb_release -rd Description: Ubuntu 20.04 LTS Release: 20.04 $ apt-cache policy libreoffice-common | grep Installed Installed: 1:6.4.3-0ubuntu0.20.04.1 $ apt-cache policy gpg gpg-agent | grep -B1 Installed gpg: Installed: 2.2.19-3ubuntu2 -- gpg-agent: Installed: 2.2.19-3ubuntu2 $ apt-cache policy apparmor | grep Installed Installed: 2.13.3-7ubuntu5.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
** Tags removed: rls-ff-incoming ** Tags added: rls-ff-tracking ** Also affects: libreoffice (Ubuntu Focal) Importance: Undecided Status: New ** Changed in: libreoffice (Ubuntu Focal) Assignee: (unassigned) => Heather Ellsworth (hellsworth) ** Changed in: libreoffice (Ubuntu Focal) Importance: Undecided => Low ** Changed in: libreoffice (Ubuntu Focal) Status: New => Confirmed ** Tags removed: rls-ff-tracking -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1886092 Title: libreoffice doesn't list gpg private key for a digital signature due to apparmor Status in libreoffice package in Ubuntu: Confirmed Status in libreoffice source package in Focal: Confirmed Bug description: LibreOffice should be able to digitally sign a document with a GPG private key in the GPG key chain. However, the key is not listed in the list of certificates shown following the menu File - Digital Signatures - Digital Signatures... - Sign Document..., after, e.g., creating and saving a document on LibreOffice Writer. This seems to be because apparmor doesn't allow LibreOffice to communicate with GPG agent. /var/log/syslog shows lines like: Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400 audit(1593652514.311:333): apparmor="DENIED" operation="connect" profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg- agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001 Locally, I could make LibreOffice show the GPG private key with the following change against /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin --- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.0 -1000 +++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02 08:59:44.516754728 -1000 @@ -223,6 +223,7 @@ owner @{HOME}/.gnupg/* r, owner @{HOME}/.gnupg/random_seed rk, +owner /{,var/}run/user/*/** rw, } # probably should become a subprofile like gpg above, but then it doesn't Tested with the following packages on Xfce4 $ lsb_release -rd Description: Ubuntu 20.04 LTS Release: 20.04 $ apt-cache policy libreoffice-common | grep Installed Installed: 1:6.4.3-0ubuntu0.20.04.1 $ apt-cache policy gpg gpg-agent | grep -B1 Installed gpg: Installed: 2.2.19-3ubuntu2 -- gpg-agent: Installed: 2.2.19-3ubuntu2 $ apt-cache policy apparmor | grep Installed Installed: 2.13.3-7ubuntu5.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
** Changed in: libreoffice (Ubuntu) Assignee: (unassigned) => Heather Ellsworth (hellsworth) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1886092 Title: libreoffice doesn't list gpg private key for a digital signature due to apparmor Status in libreoffice package in Ubuntu: Confirmed Status in libreoffice source package in Focal: Confirmed Bug description: LibreOffice should be able to digitally sign a document with a GPG private key in the GPG key chain. However, the key is not listed in the list of certificates shown following the menu File - Digital Signatures - Digital Signatures... - Sign Document..., after, e.g., creating and saving a document on LibreOffice Writer. This seems to be because apparmor doesn't allow LibreOffice to communicate with GPG agent. /var/log/syslog shows lines like: Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400 audit(1593652514.311:333): apparmor="DENIED" operation="connect" profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg- agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001 Locally, I could make LibreOffice show the GPG private key with the following change against /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin --- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.0 -1000 +++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02 08:59:44.516754728 -1000 @@ -223,6 +223,7 @@ owner @{HOME}/.gnupg/* r, owner @{HOME}/.gnupg/random_seed rk, +owner /{,var/}run/user/*/** rw, } # probably should become a subprofile like gpg above, but then it doesn't Tested with the following packages on Xfce4 $ lsb_release -rd Description: Ubuntu 20.04 LTS Release: 20.04 $ apt-cache policy libreoffice-common | grep Installed Installed: 1:6.4.3-0ubuntu0.20.04.1 $ apt-cache policy gpg gpg-agent | grep -B1 Installed gpg: Installed: 2.2.19-3ubuntu2 -- gpg-agent: Installed: 2.2.19-3ubuntu2 $ apt-cache policy apparmor | grep Installed Installed: 2.13.3-7ubuntu5.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
** Changed in: libreoffice (Ubuntu) Importance: Undecided => Low -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1886092 Title: libreoffice doesn't list gpg private key for a digital signature due to apparmor Status in libreoffice package in Ubuntu: Confirmed Status in libreoffice source package in Focal: Confirmed Bug description: LibreOffice should be able to digitally sign a document with a GPG private key in the GPG key chain. However, the key is not listed in the list of certificates shown following the menu File - Digital Signatures - Digital Signatures... - Sign Document..., after, e.g., creating and saving a document on LibreOffice Writer. This seems to be because apparmor doesn't allow LibreOffice to communicate with GPG agent. /var/log/syslog shows lines like: Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400 audit(1593652514.311:333): apparmor="DENIED" operation="connect" profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg- agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001 Locally, I could make LibreOffice show the GPG private key with the following change against /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin --- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.0 -1000 +++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02 08:59:44.516754728 -1000 @@ -223,6 +223,7 @@ owner @{HOME}/.gnupg/* r, owner @{HOME}/.gnupg/random_seed rk, +owner /{,var/}run/user/*/** rw, } # probably should become a subprofile like gpg above, but then it doesn't Tested with the following packages on Xfce4 $ lsb_release -rd Description: Ubuntu 20.04 LTS Release: 20.04 $ apt-cache policy libreoffice-common | grep Installed Installed: 1:6.4.3-0ubuntu0.20.04.1 $ apt-cache policy gpg gpg-agent | grep -B1 Installed gpg: Installed: 2.2.19-3ubuntu2 -- gpg-agent: Installed: 2.2.19-3ubuntu2 $ apt-cache policy apparmor | grep Installed Installed: 2.13.3-7ubuntu5.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
Just upgraded to 20.10 and the bundled LibreOffice version (7.0.2.2) and have the same issue. I can confirm mvaldez's fix for adding access for the GPG agent worked for me. However, I didn't change the "@{HOME}/.gnupg/*" directive to rw (I don't really want LibreOffice having write access to my gpg stuff! Seems to work fine for me for choosing my key from tools->options or File->Digital Signatures then "Sign Document". Clicking "Start Certificate Manager" launches seahorse as expected. Wouldn't it be better to somehow hook this value to GPG_AGENT_INFO or XDG_RUNTIME_DIR though? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1886092 Title: libreoffice doesn't list gpg private key for a digital signature due to apparmor Status in libreoffice package in Ubuntu: Confirmed Bug description: LibreOffice should be able to digitally sign a document with a GPG private key in the GPG key chain. However, the key is not listed in the list of certificates shown following the menu File - Digital Signatures - Digital Signatures... - Sign Document..., after, e.g., creating and saving a document on LibreOffice Writer. This seems to be because apparmor doesn't allow LibreOffice to communicate with GPG agent. /var/log/syslog shows lines like: Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400 audit(1593652514.311:333): apparmor="DENIED" operation="connect" profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg- agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001 Locally, I could make LibreOffice show the GPG private key with the following change against /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin --- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.0 -1000 +++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02 08:59:44.516754728 -1000 @@ -223,6 +223,7 @@ owner @{HOME}/.gnupg/* r, owner @{HOME}/.gnupg/random_seed rk, +owner /{,var/}run/user/*/** rw, } # probably should become a subprofile like gpg above, but then it doesn't Tested with the following packages on Xfce4 $ lsb_release -rd Description: Ubuntu 20.04 LTS Release: 20.04 $ apt-cache policy libreoffice-common | grep Installed Installed: 1:6.4.3-0ubuntu0.20.04.1 $ apt-cache policy gpg gpg-agent | grep -B1 Installed gpg: Installed: 2.2.19-3ubuntu2 -- gpg-agent: Installed: 2.2.19-3ubuntu2 $ apt-cache policy apparmor | grep Installed Installed: 2.13.3-7ubuntu5.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp