[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
This bug was fixed in the package libreoffice - 1:7.0.6-0ubuntu0.20.10.1
---
libreoffice (1:7.0.6-0ubuntu0.20.10.1) groovy; urgency=medium
* New upstream release (LP: #1928642)
* Update yaru icon style "2021-03-14"
* apparmor: Fix signing documents with enforced apparmor
* apparmor: Allow one more digit in temp files
-- Rico Tzschichholz Tue, 18 May 2021 11:25:50
+0200
** Changed in: libreoffice (Ubuntu Groovy)
Status: New => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1886092
Title:
libreoffice doesn't list gpg private key for a digital signature due
to apparmor
Status in libreoffice package in Ubuntu:
Fix Released
Status in libreoffice source package in Focal:
Confirmed
Status in libreoffice source package in Groovy:
Fix Released
Status in libreoffice source package in Hirsute:
Fix Released
Bug description:
LibreOffice should be able to digitally sign a document with a GPG
private key in the GPG key chain. However, the key is not listed in
the list of certificates shown following the menu File - Digital
Signatures - Digital Signatures... - Sign Document..., after, e.g.,
creating and saving a document on LibreOffice Writer.
This seems to be because apparmor doesn't allow LibreOffice to
communicate with GPG agent. /var/log/syslog shows lines like:
Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400
audit(1593652514.311:333): apparmor="DENIED" operation="connect"
profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg-
agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr"
fsuid=1001 ouid=1001
Locally, I could make LibreOffice show the GPG private key with the
following change against
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin
2019-10-03 10:31:21.0 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02
08:59:44.516754728 -1000
@@ -223,6 +223,7 @@
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
+owner /{,var/}run/user/*/** rw,
}
# probably should become a subprofile like gpg above, but then it doesn't
Tested with the following packages on Xfce4
$ lsb_release -rd
Description: Ubuntu 20.04 LTS
Release: 20.04
$ apt-cache policy libreoffice-common | grep Installed
Installed: 1:6.4.3-0ubuntu0.20.04.1
$ apt-cache policy gpg gpg-agent | grep -B1 Installed
gpg:
Installed: 2.2.19-3ubuntu2
--
gpg-agent:
Installed: 2.2.19-3ubuntu2
$ apt-cache policy apparmor | grep Installed
Installed: 2.13.3-7ubuntu5.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
Marcelo, you can see which versions of libreoffice are packaged in which
Ubuntu releases via the libreoffice source package page on launchpad
https://launchpad.net/ubuntu/+source/libreoffice
There's a link at the bottom of that page to help you explore versions
that might be published in PPAs.
Thanks
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1886092
Title:
libreoffice doesn't list gpg private key for a digital signature due
to apparmor
Status in libreoffice package in Ubuntu:
Fix Released
Status in libreoffice source package in Focal:
Confirmed
Status in libreoffice source package in Groovy:
New
Status in libreoffice source package in Hirsute:
Fix Released
Bug description:
LibreOffice should be able to digitally sign a document with a GPG
private key in the GPG key chain. However, the key is not listed in
the list of certificates shown following the menu File - Digital
Signatures - Digital Signatures... - Sign Document..., after, e.g.,
creating and saving a document on LibreOffice Writer.
This seems to be because apparmor doesn't allow LibreOffice to
communicate with GPG agent. /var/log/syslog shows lines like:
Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400
audit(1593652514.311:333): apparmor="DENIED" operation="connect"
profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg-
agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr"
fsuid=1001 ouid=1001
Locally, I could make LibreOffice show the GPG private key with the
following change against
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin
2019-10-03 10:31:21.0 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02
08:59:44.516754728 -1000
@@ -223,6 +223,7 @@
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
+owner /{,var/}run/user/*/** rw,
}
# probably should become a subprofile like gpg above, but then it doesn't
Tested with the following packages on Xfce4
$ lsb_release -rd
Description: Ubuntu 20.04 LTS
Release: 20.04
$ apt-cache policy libreoffice-common | grep Installed
Installed: 1:6.4.3-0ubuntu0.20.04.1
$ apt-cache policy gpg gpg-agent | grep -B1 Installed
gpg:
Installed: 2.2.19-3ubuntu2
--
gpg-agent:
Installed: 2.2.19-3ubuntu2
$ apt-cache policy apparmor | grep Installed
Installed: 2.13.3-7ubuntu5.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
Today I upgraded libreoffice via PPA from version 7.1.2 to version 7.1.4
where the digital document signature function stopped working. When
informed about the resolution of this bug in version 7.1.2, I didn't
find the date of update of libreoffice from version 6.4.7 to 7.1.2 in
ubuntu version 20.04, so I decided to test version 7.1.2 via PPA and it
worked. With the update via PPA this function was now stopped working
with version 7.1.4. Is there any relationship in ubuntu regarding these
libreoffice versions?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1886092
Title:
libreoffice doesn't list gpg private key for a digital signature due
to apparmor
Status in libreoffice package in Ubuntu:
Fix Released
Status in libreoffice source package in Focal:
Confirmed
Status in libreoffice source package in Groovy:
New
Status in libreoffice source package in Hirsute:
Fix Released
Bug description:
LibreOffice should be able to digitally sign a document with a GPG
private key in the GPG key chain. However, the key is not listed in
the list of certificates shown following the menu File - Digital
Signatures - Digital Signatures... - Sign Document..., after, e.g.,
creating and saving a document on LibreOffice Writer.
This seems to be because apparmor doesn't allow LibreOffice to
communicate with GPG agent. /var/log/syslog shows lines like:
Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400
audit(1593652514.311:333): apparmor="DENIED" operation="connect"
profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg-
agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr"
fsuid=1001 ouid=1001
Locally, I could make LibreOffice show the GPG private key with the
following change against
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin
2019-10-03 10:31:21.0 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02
08:59:44.516754728 -1000
@@ -223,6 +223,7 @@
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
+owner /{,var/}run/user/*/** rw,
}
# probably should become a subprofile like gpg above, but then it doesn't
Tested with the following packages on Xfce4
$ lsb_release -rd
Description: Ubuntu 20.04 LTS
Release: 20.04
$ apt-cache policy libreoffice-common | grep Installed
Installed: 1:6.4.3-0ubuntu0.20.04.1
$ apt-cache policy gpg gpg-agent | grep -B1 Installed
gpg:
Installed: 2.2.19-3ubuntu2
--
gpg-agent:
Installed: 2.2.19-3ubuntu2
$ apt-cache policy apparmor | grep Installed
Installed: 2.13.3-7ubuntu5.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
This bug was fixed in the package libreoffice - 1:7.1.2~rc2-0ubuntu1
---
libreoffice (1:7.1.2~rc2-0ubuntu1) hirsute; urgency=medium
[ Rico Tzschichholz ]
* New upstream release candidate
* Bump yaru source to "2021-03-14" and add yaru-mate styles
* Fix signing documents with enforced apparmor (LP: #1886092)
* Disable lto due to insufficient disc space on amd64 builder
[ Matthias Klose ]
* Fix lto build, avoiding to pass lto flags to the skia build.
-- Rico Tzschichholz Sat, 27 Mar 2021 16:01:35
+0100
** Changed in: libreoffice (Ubuntu Hirsute)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1886092
Title:
libreoffice doesn't list gpg private key for a digital signature due
to apparmor
Status in libreoffice package in Ubuntu:
Fix Released
Status in libreoffice source package in Focal:
Confirmed
Status in libreoffice source package in Groovy:
New
Status in libreoffice source package in Hirsute:
Fix Released
Bug description:
LibreOffice should be able to digitally sign a document with a GPG
private key in the GPG key chain. However, the key is not listed in
the list of certificates shown following the menu File - Digital
Signatures - Digital Signatures... - Sign Document..., after, e.g.,
creating and saving a document on LibreOffice Writer.
This seems to be because apparmor doesn't allow LibreOffice to
communicate with GPG agent. /var/log/syslog shows lines like:
Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400
audit(1593652514.311:333): apparmor="DENIED" operation="connect"
profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg-
agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr"
fsuid=1001 ouid=1001
Locally, I could make LibreOffice show the GPG private key with the
following change against
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin
2019-10-03 10:31:21.0 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02
08:59:44.516754728 -1000
@@ -223,6 +223,7 @@
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
+owner /{,var/}run/user/*/** rw,
}
# probably should become a subprofile like gpg above, but then it doesn't
Tested with the following packages on Xfce4
$ lsb_release -rd
Description: Ubuntu 20.04 LTS
Release: 20.04
$ apt-cache policy libreoffice-common | grep Installed
Installed: 1:6.4.3-0ubuntu0.20.04.1
$ apt-cache policy gpg gpg-agent | grep -B1 Installed
gpg:
Installed: 2.2.19-3ubuntu2
--
gpg-agent:
Installed: 2.2.19-3ubuntu2
$ apt-cache policy apparmor | grep Installed
Installed: 2.13.3-7ubuntu5.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
Thanks all!
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1886092
Title:
libreoffice doesn't list gpg private key for a digital signature due
to apparmor
Status in libreoffice package in Ubuntu:
Fix Committed
Status in libreoffice source package in Focal:
Confirmed
Status in libreoffice source package in Groovy:
New
Status in libreoffice source package in Hirsute:
Fix Committed
Bug description:
LibreOffice should be able to digitally sign a document with a GPG
private key in the GPG key chain. However, the key is not listed in
the list of certificates shown following the menu File - Digital
Signatures - Digital Signatures... - Sign Document..., after, e.g.,
creating and saving a document on LibreOffice Writer.
This seems to be because apparmor doesn't allow LibreOffice to
communicate with GPG agent. /var/log/syslog shows lines like:
Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400
audit(1593652514.311:333): apparmor="DENIED" operation="connect"
profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg-
agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr"
fsuid=1001 ouid=1001
Locally, I could make LibreOffice show the GPG private key with the
following change against
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin
2019-10-03 10:31:21.0 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02
08:59:44.516754728 -1000
@@ -223,6 +223,7 @@
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
+owner /{,var/}run/user/*/** rw,
}
# probably should become a subprofile like gpg above, but then it doesn't
Tested with the following packages on Xfce4
$ lsb_release -rd
Description: Ubuntu 20.04 LTS
Release: 20.04
$ apt-cache policy libreoffice-common | grep Installed
Installed: 1:6.4.3-0ubuntu0.20.04.1
$ apt-cache policy gpg gpg-agent | grep -B1 Installed
gpg:
Installed: 2.2.19-3ubuntu2
--
gpg-agent:
Installed: 2.2.19-3ubuntu2
$ apt-cache policy apparmor | grep Installed
Installed: 2.13.3-7ubuntu5.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
** Changed in: libreoffice (Ubuntu Hirsute)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1886092
Title:
libreoffice doesn't list gpg private key for a digital signature due
to apparmor
Status in libreoffice package in Ubuntu:
Fix Committed
Status in libreoffice source package in Focal:
Confirmed
Status in libreoffice source package in Groovy:
New
Status in libreoffice source package in Hirsute:
Fix Committed
Bug description:
LibreOffice should be able to digitally sign a document with a GPG
private key in the GPG key chain. However, the key is not listed in
the list of certificates shown following the menu File - Digital
Signatures - Digital Signatures... - Sign Document..., after, e.g.,
creating and saving a document on LibreOffice Writer.
This seems to be because apparmor doesn't allow LibreOffice to
communicate with GPG agent. /var/log/syslog shows lines like:
Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400
audit(1593652514.311:333): apparmor="DENIED" operation="connect"
profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg-
agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr"
fsuid=1001 ouid=1001
Locally, I could make LibreOffice show the GPG private key with the
following change against
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin
2019-10-03 10:31:21.0 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02
08:59:44.516754728 -1000
@@ -223,6 +223,7 @@
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
+owner /{,var/}run/user/*/** rw,
}
# probably should become a subprofile like gpg above, but then it doesn't
Tested with the following packages on Xfce4
$ lsb_release -rd
Description: Ubuntu 20.04 LTS
Release: 20.04
$ apt-cache policy libreoffice-common | grep Installed
Installed: 1:6.4.3-0ubuntu0.20.04.1
$ apt-cache policy gpg gpg-agent | grep -B1 Installed
gpg:
Installed: 2.2.19-3ubuntu2
--
gpg-agent:
Installed: 2.2.19-3ubuntu2
$ apt-cache policy apparmor | grep Installed
Installed: 2.13.3-7ubuntu5.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
** Also affects: libreoffice (Ubuntu Hirsute)
Importance: Low
Assignee: Rico Tzschichholz (ricotz)
Status: Confirmed
** Also affects: libreoffice (Ubuntu Groovy)
Importance: Undecided
Status: New
** Changed in: libreoffice (Ubuntu Hirsute)
Status: Confirmed => In Progress
** Changed in: libreoffice (Ubuntu Groovy)
Assignee: (unassigned) => Rico Tzschichholz (ricotz)
** Changed in: libreoffice (Ubuntu Groovy)
Importance: Undecided => Low
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1886092
Title:
libreoffice doesn't list gpg private key for a digital signature due
to apparmor
Status in libreoffice package in Ubuntu:
In Progress
Status in libreoffice source package in Focal:
Confirmed
Status in libreoffice source package in Groovy:
New
Status in libreoffice source package in Hirsute:
In Progress
Bug description:
LibreOffice should be able to digitally sign a document with a GPG
private key in the GPG key chain. However, the key is not listed in
the list of certificates shown following the menu File - Digital
Signatures - Digital Signatures... - Sign Document..., after, e.g.,
creating and saving a document on LibreOffice Writer.
This seems to be because apparmor doesn't allow LibreOffice to
communicate with GPG agent. /var/log/syslog shows lines like:
Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400
audit(1593652514.311:333): apparmor="DENIED" operation="connect"
profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg-
agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr"
fsuid=1001 ouid=1001
Locally, I could make LibreOffice show the GPG private key with the
following change against
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin
2019-10-03 10:31:21.0 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02
08:59:44.516754728 -1000
@@ -223,6 +223,7 @@
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
+owner /{,var/}run/user/*/** rw,
}
# probably should become a subprofile like gpg above, but then it doesn't
Tested with the following packages on Xfce4
$ lsb_release -rd
Description: Ubuntu 20.04 LTS
Release: 20.04
$ apt-cache policy libreoffice-common | grep Installed
Installed: 1:6.4.3-0ubuntu0.20.04.1
$ apt-cache policy gpg gpg-agent | grep -B1 Installed
gpg:
Installed: 2.2.19-3ubuntu2
--
gpg-agent:
Installed: 2.2.19-3ubuntu2
$ apt-cache policy apparmor | grep Installed
Installed: 2.13.3-7ubuntu5.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
** Changed in: libreoffice (Ubuntu Focal)
Assignee: (unassigned) => Rico Tzschichholz (ricotz)
** Changed in: libreoffice (Ubuntu)
Assignee: (unassigned) => Rico Tzschichholz (ricotz)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1886092
Title:
libreoffice doesn't list gpg private key for a digital signature due
to apparmor
Status in libreoffice package in Ubuntu:
Confirmed
Status in libreoffice source package in Focal:
Confirmed
Bug description:
LibreOffice should be able to digitally sign a document with a GPG
private key in the GPG key chain. However, the key is not listed in
the list of certificates shown following the menu File - Digital
Signatures - Digital Signatures... - Sign Document..., after, e.g.,
creating and saving a document on LibreOffice Writer.
This seems to be because apparmor doesn't allow LibreOffice to
communicate with GPG agent. /var/log/syslog shows lines like:
Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400
audit(1593652514.311:333): apparmor="DENIED" operation="connect"
profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg-
agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr"
fsuid=1001 ouid=1001
Locally, I could make LibreOffice show the GPG private key with the
following change against
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin
2019-10-03 10:31:21.0 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02
08:59:44.516754728 -1000
@@ -223,6 +223,7 @@
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
+owner /{,var/}run/user/*/** rw,
}
# probably should become a subprofile like gpg above, but then it doesn't
Tested with the following packages on Xfce4
$ lsb_release -rd
Description: Ubuntu 20.04 LTS
Release: 20.04
$ apt-cache policy libreoffice-common | grep Installed
Installed: 1:6.4.3-0ubuntu0.20.04.1
$ apt-cache policy gpg gpg-agent | grep -B1 Installed
gpg:
Installed: 2.2.19-3ubuntu2
--
gpg-agent:
Installed: 2.2.19-3ubuntu2
$ apt-cache policy apparmor | grep Installed
Installed: 2.13.3-7ubuntu5.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
** Changed in: libreoffice (Ubuntu)
Assignee: Heather Ellsworth (hellsworth) => (unassigned)
** Changed in: libreoffice (Ubuntu Focal)
Assignee: Heather Ellsworth (hellsworth) => (unassigned)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1886092
Title:
libreoffice doesn't list gpg private key for a digital signature due
to apparmor
Status in libreoffice package in Ubuntu:
Confirmed
Status in libreoffice source package in Focal:
Confirmed
Bug description:
LibreOffice should be able to digitally sign a document with a GPG
private key in the GPG key chain. However, the key is not listed in
the list of certificates shown following the menu File - Digital
Signatures - Digital Signatures... - Sign Document..., after, e.g.,
creating and saving a document on LibreOffice Writer.
This seems to be because apparmor doesn't allow LibreOffice to
communicate with GPG agent. /var/log/syslog shows lines like:
Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400
audit(1593652514.311:333): apparmor="DENIED" operation="connect"
profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg-
agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr"
fsuid=1001 ouid=1001
Locally, I could make LibreOffice show the GPG private key with the
following change against
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin
2019-10-03 10:31:21.0 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02
08:59:44.516754728 -1000
@@ -223,6 +223,7 @@
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
+owner /{,var/}run/user/*/** rw,
}
# probably should become a subprofile like gpg above, but then it doesn't
Tested with the following packages on Xfce4
$ lsb_release -rd
Description: Ubuntu 20.04 LTS
Release: 20.04
$ apt-cache policy libreoffice-common | grep Installed
Installed: 1:6.4.3-0ubuntu0.20.04.1
$ apt-cache policy gpg gpg-agent | grep -B1 Installed
gpg:
Installed: 2.2.19-3ubuntu2
--
gpg-agent:
Installed: 2.2.19-3ubuntu2
$ apt-cache policy apparmor | grep Installed
Installed: 2.13.3-7ubuntu5.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
Confirming that fix suggested by Zunda in the bug description works for
me on Ubuntu 20.04.2 LTS and LibreOffice Ubuntu package version:
1:7.1.1~rc2-0ubuntu0.20.04.1~lo1.
Below, the fix I repeated again just to make sure everybody understand
exactly what I did.
--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03
10:31:21.0 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin 2020-07-02
08:59:44.516754728 -1000
@@ -223,6 +223,7 @@
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
+ owner /{,var/}run/user/*/** rw,
}
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1886092
Title:
libreoffice doesn't list gpg private key for a digital signature due
to apparmor
Status in libreoffice package in Ubuntu:
Confirmed
Status in libreoffice source package in Focal:
Confirmed
Bug description:
LibreOffice should be able to digitally sign a document with a GPG
private key in the GPG key chain. However, the key is not listed in
the list of certificates shown following the menu File - Digital
Signatures - Digital Signatures... - Sign Document..., after, e.g.,
creating and saving a document on LibreOffice Writer.
This seems to be because apparmor doesn't allow LibreOffice to
communicate with GPG agent. /var/log/syslog shows lines like:
Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400
audit(1593652514.311:333): apparmor="DENIED" operation="connect"
profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg-
agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr"
fsuid=1001 ouid=1001
Locally, I could make LibreOffice show the GPG private key with the
following change against
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin
2019-10-03 10:31:21.0 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02
08:59:44.516754728 -1000
@@ -223,6 +223,7 @@
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
+owner /{,var/}run/user/*/** rw,
}
# probably should become a subprofile like gpg above, but then it doesn't
Tested with the following packages on Xfce4
$ lsb_release -rd
Description: Ubuntu 20.04 LTS
Release: 20.04
$ apt-cache policy libreoffice-common | grep Installed
Installed: 1:6.4.3-0ubuntu0.20.04.1
$ apt-cache policy gpg gpg-agent | grep -B1 Installed
gpg:
Installed: 2.2.19-3ubuntu2
--
gpg-agent:
Installed: 2.2.19-3ubuntu2
$ apt-cache policy apparmor | grep Installed
Installed: 2.13.3-7ubuntu5.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
I just wanted to add that I had this issue for a while too on Ubuntu
20.04.1 LTS. None of the above solutions worked for me but what did work
was installing and using gnupg2.
Then edit /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin to use
gpg2 instead of gpg. So I edit the line /usr/bin/gpg rm to /usr/bin/gpg2
like below:
# there is abstractions/gnupg but that's just for gpg1...
profile gpg {
#include
/usr/bin/gpgconf rm,
/usr/bin/gpg2 rm,
/usr/bin/gpgsm rm,
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
}
# probably should become a subprofile like gpg above, but then it doesn't
# work either as it tries to access stuff only allowed above...
I hope this works for others too! My key generation took a while but it worked.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1886092
Title:
libreoffice doesn't list gpg private key for a digital signature due
to apparmor
Status in libreoffice package in Ubuntu:
Confirmed
Status in libreoffice source package in Focal:
Confirmed
Bug description:
LibreOffice should be able to digitally sign a document with a GPG
private key in the GPG key chain. However, the key is not listed in
the list of certificates shown following the menu File - Digital
Signatures - Digital Signatures... - Sign Document..., after, e.g.,
creating and saving a document on LibreOffice Writer.
This seems to be because apparmor doesn't allow LibreOffice to
communicate with GPG agent. /var/log/syslog shows lines like:
Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400
audit(1593652514.311:333): apparmor="DENIED" operation="connect"
profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg-
agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr"
fsuid=1001 ouid=1001
Locally, I could make LibreOffice show the GPG private key with the
following change against
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin
2019-10-03 10:31:21.0 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02
08:59:44.516754728 -1000
@@ -223,6 +223,7 @@
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
+owner /{,var/}run/user/*/** rw,
}
# probably should become a subprofile like gpg above, but then it doesn't
Tested with the following packages on Xfce4
$ lsb_release -rd
Description: Ubuntu 20.04 LTS
Release: 20.04
$ apt-cache policy libreoffice-common | grep Installed
Installed: 1:6.4.3-0ubuntu0.20.04.1
$ apt-cache policy gpg gpg-agent | grep -B1 Installed
gpg:
Installed: 2.2.19-3ubuntu2
--
gpg-agent:
Installed: 2.2.19-3ubuntu2
$ apt-cache policy apparmor | grep Installed
Installed: 2.13.3-7ubuntu5.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
** Tags removed: rls-ff-incoming
** Tags added: rls-ff-tracking
** Also affects: libreoffice (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: libreoffice (Ubuntu Focal)
Assignee: (unassigned) => Heather Ellsworth (hellsworth)
** Changed in: libreoffice (Ubuntu Focal)
Importance: Undecided => Low
** Changed in: libreoffice (Ubuntu Focal)
Status: New => Confirmed
** Tags removed: rls-ff-tracking
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1886092
Title:
libreoffice doesn't list gpg private key for a digital signature due
to apparmor
Status in libreoffice package in Ubuntu:
Confirmed
Status in libreoffice source package in Focal:
Confirmed
Bug description:
LibreOffice should be able to digitally sign a document with a GPG
private key in the GPG key chain. However, the key is not listed in
the list of certificates shown following the menu File - Digital
Signatures - Digital Signatures... - Sign Document..., after, e.g.,
creating and saving a document on LibreOffice Writer.
This seems to be because apparmor doesn't allow LibreOffice to
communicate with GPG agent. /var/log/syslog shows lines like:
Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400
audit(1593652514.311:333): apparmor="DENIED" operation="connect"
profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg-
agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr"
fsuid=1001 ouid=1001
Locally, I could make LibreOffice show the GPG private key with the
following change against
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin
2019-10-03 10:31:21.0 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02
08:59:44.516754728 -1000
@@ -223,6 +223,7 @@
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
+owner /{,var/}run/user/*/** rw,
}
# probably should become a subprofile like gpg above, but then it doesn't
Tested with the following packages on Xfce4
$ lsb_release -rd
Description: Ubuntu 20.04 LTS
Release: 20.04
$ apt-cache policy libreoffice-common | grep Installed
Installed: 1:6.4.3-0ubuntu0.20.04.1
$ apt-cache policy gpg gpg-agent | grep -B1 Installed
gpg:
Installed: 2.2.19-3ubuntu2
--
gpg-agent:
Installed: 2.2.19-3ubuntu2
$ apt-cache policy apparmor | grep Installed
Installed: 2.13.3-7ubuntu5.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
** Changed in: libreoffice (Ubuntu)
Assignee: (unassigned) => Heather Ellsworth (hellsworth)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1886092
Title:
libreoffice doesn't list gpg private key for a digital signature due
to apparmor
Status in libreoffice package in Ubuntu:
Confirmed
Status in libreoffice source package in Focal:
Confirmed
Bug description:
LibreOffice should be able to digitally sign a document with a GPG
private key in the GPG key chain. However, the key is not listed in
the list of certificates shown following the menu File - Digital
Signatures - Digital Signatures... - Sign Document..., after, e.g.,
creating and saving a document on LibreOffice Writer.
This seems to be because apparmor doesn't allow LibreOffice to
communicate with GPG agent. /var/log/syslog shows lines like:
Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400
audit(1593652514.311:333): apparmor="DENIED" operation="connect"
profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg-
agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr"
fsuid=1001 ouid=1001
Locally, I could make LibreOffice show the GPG private key with the
following change against
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin
2019-10-03 10:31:21.0 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02
08:59:44.516754728 -1000
@@ -223,6 +223,7 @@
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
+owner /{,var/}run/user/*/** rw,
}
# probably should become a subprofile like gpg above, but then it doesn't
Tested with the following packages on Xfce4
$ lsb_release -rd
Description: Ubuntu 20.04 LTS
Release: 20.04
$ apt-cache policy libreoffice-common | grep Installed
Installed: 1:6.4.3-0ubuntu0.20.04.1
$ apt-cache policy gpg gpg-agent | grep -B1 Installed
gpg:
Installed: 2.2.19-3ubuntu2
--
gpg-agent:
Installed: 2.2.19-3ubuntu2
$ apt-cache policy apparmor | grep Installed
Installed: 2.13.3-7ubuntu5.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
** Changed in: libreoffice (Ubuntu)
Importance: Undecided => Low
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1886092
Title:
libreoffice doesn't list gpg private key for a digital signature due
to apparmor
Status in libreoffice package in Ubuntu:
Confirmed
Status in libreoffice source package in Focal:
Confirmed
Bug description:
LibreOffice should be able to digitally sign a document with a GPG
private key in the GPG key chain. However, the key is not listed in
the list of certificates shown following the menu File - Digital
Signatures - Digital Signatures... - Sign Document..., after, e.g.,
creating and saving a document on LibreOffice Writer.
This seems to be because apparmor doesn't allow LibreOffice to
communicate with GPG agent. /var/log/syslog shows lines like:
Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400
audit(1593652514.311:333): apparmor="DENIED" operation="connect"
profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg-
agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr"
fsuid=1001 ouid=1001
Locally, I could make LibreOffice show the GPG private key with the
following change against
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin
2019-10-03 10:31:21.0 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02
08:59:44.516754728 -1000
@@ -223,6 +223,7 @@
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
+owner /{,var/}run/user/*/** rw,
}
# probably should become a subprofile like gpg above, but then it doesn't
Tested with the following packages on Xfce4
$ lsb_release -rd
Description: Ubuntu 20.04 LTS
Release: 20.04
$ apt-cache policy libreoffice-common | grep Installed
Installed: 1:6.4.3-0ubuntu0.20.04.1
$ apt-cache policy gpg gpg-agent | grep -B1 Installed
gpg:
Installed: 2.2.19-3ubuntu2
--
gpg-agent:
Installed: 2.2.19-3ubuntu2
$ apt-cache policy apparmor | grep Installed
Installed: 2.13.3-7ubuntu5.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1886092] Re: libreoffice doesn't list gpg private key for a digital signature due to apparmor
Just upgraded to 20.10 and the bundled LibreOffice version (7.0.2.2) and
have the same issue.
I can confirm mvaldez's fix for adding access for the GPG agent worked
for me. However, I didn't change the "@{HOME}/.gnupg/*" directive to rw
(I don't really want LibreOffice having write access to my gpg stuff!
Seems to work fine for me for choosing my key from tools->options or
File->Digital Signatures then "Sign Document". Clicking "Start
Certificate Manager" launches seahorse as expected.
Wouldn't it be better to somehow hook this value to GPG_AGENT_INFO or
XDG_RUNTIME_DIR though?
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1886092
Title:
libreoffice doesn't list gpg private key for a digital signature due
to apparmor
Status in libreoffice package in Ubuntu:
Confirmed
Bug description:
LibreOffice should be able to digitally sign a document with a GPG
private key in the GPG key chain. However, the key is not listed in
the list of certificates shown following the menu File - Digital
Signatures - Digital Signatures... - Sign Document..., after, e.g.,
creating and saving a document on LibreOffice Writer.
This seems to be because apparmor doesn't allow LibreOffice to
communicate with GPG agent. /var/log/syslog shows lines like:
Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400
audit(1593652514.311:333): apparmor="DENIED" operation="connect"
profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg-
agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr"
fsuid=1001 ouid=1001
Locally, I could make LibreOffice show the GPG private key with the
following change against
/etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin
--- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin
2019-10-03 10:31:21.0 -1000
+++ apparmor.d/usr.lib.libreoffice.program.soffice.bin2020-07-02
08:59:44.516754728 -1000
@@ -223,6 +223,7 @@
owner @{HOME}/.gnupg/* r,
owner @{HOME}/.gnupg/random_seed rk,
+owner /{,var/}run/user/*/** rw,
}
# probably should become a subprofile like gpg above, but then it doesn't
Tested with the following packages on Xfce4
$ lsb_release -rd
Description: Ubuntu 20.04 LTS
Release: 20.04
$ apt-cache policy libreoffice-common | grep Installed
Installed: 1:6.4.3-0ubuntu0.20.04.1
$ apt-cache policy gpg gpg-agent | grep -B1 Installed
gpg:
Installed: 2.2.19-3ubuntu2
--
gpg-agent:
Installed: 2.2.19-3ubuntu2
$ apt-cache policy apparmor | grep Installed
Installed: 2.13.3-7ubuntu5.1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
