[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
gnome-keyring no longer implements a gpg-agent. The gnupg agent and pinentry has been updated to better integrate with GNOME. https://mail.gnome.org/archives/distributor- list/2015-August/msg0.html ** Changed in: gnome-keyring (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in GNOME Keyring: Fix Released Status in gnome-keyring package in Ubuntu: Fix Released Status in gnome-keyring package in Debian: New Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path="/tmp/keyring-p6oNWL/gpg"}, 25) = 0 ... write(3, "SCD SERIALNO openpgp", 20)= 20 write(3, "\n", 1) = 1 read(3, "ERR 103 unknown command\n", 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path="/tmp/keyring-p6oNWL/gpg"}, 25) = 0 ... write(4, "HAVEKEY 62B64B58FF1BD7E0B48FE51A"..., 48) = 48 write(4, "\n", 1) = 1 read(4, "ERR 103 unknown command\n", 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line ("--daemonize --login"). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
** Changed in: gnome-keyring Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in GNOME Keyring: Fix Released Status in gnome-keyring package in Ubuntu: Confirmed Status in gnome-keyring package in Debian: New Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path="/tmp/keyring-p6oNWL/gpg"}, 25) = 0 ... write(3, "SCD SERIALNO openpgp", 20)= 20 write(3, "\n", 1) = 1 read(3, "ERR 103 unknown command\n", 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path="/tmp/keyring-p6oNWL/gpg"}, 25) = 0 ... write(4, "HAVEKEY 62B64B58FF1BD7E0B48FE51A"..., 48) = 48 write(4, "\n", 1) = 1 read(4, "ERR 103 unknown command\n", 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line ("--daemonize --login"). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
** Also affects: gnome-keyring (Debian) Importance: Undecided Status: New -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in GNOME Keyring: Confirmed Status in gnome-keyring package in Ubuntu: Confirmed Status in gnome-keyring package in Debian: New Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path="/tmp/keyring-p6oNWL/gpg"}, 25) = 0 ... write(3, "SCD SERIALNO openpgp", 20)= 20 write(3, "\n", 1) = 1 read(3, "ERR 103 unknown command\n", 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path="/tmp/keyring-p6oNWL/gpg"}, 25) = 0 ... write(4, "HAVEKEY 62B64B58FF1BD7E0B48FE51A"..., 48) = 48 write(4, "\n", 1) = 1 read(4, "ERR 103 unknown command\n", 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line ("--daemonize --login"). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
** Changed in: gnome-keyring Status: New = Confirmed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in GNOME keyring services: Confirmed Status in gnome-keyring package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 Maverick Meerkat - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
Echoing the last entry, this is (also) an Ubuntu bug. The /etc/xdg/autostart/gnome-keyring-gpg.desktop should not be installed until gnome-keyring is a reasonable feature-complete replacement for the GnuPG agent, which it is not at the moment. Please consider removing that file until the upstream gnome-keyring bugs regarding GnuPG agent support are fixed. Removing that file for me fixed my problems with GnuPG. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in GNOME keyring services: New Status in gnome-keyring package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 Maverick Meerkat - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
This also breaks GPA ( https://bugs.launchpad.net/ubuntu/+source/gpa/+bug/1381926 ) and S/MIME support in Kontact. It has required that there is a section about this in the GnuPG Wiki ( http://wiki.gnupg.org/PlatformNotes ). And related problems are regularly raised on the gnupg-users mailing list. There was a thread on the gnupg-devel mailing list involving the gnome- keyring maintainer that shows some standpoints of this problem: http://lists.gnupg.org/pipermail/gnupg-devel/2014-August/028690.html Imho it is an Ubuntu problem and not an Upstream problem. Ubuntu decides to create: /etc/xdg/autostart/gnome-keyring-gpg.desktop And thus deliberately breaks gnupg2 by default. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in GNOME keyring services: New Status in “gnome-keyring” package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 Maverick Meerkat - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
@hawke make sure you have disabled Start GNOME services in your Session startup settings -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in GNOME keyring services: New Status in “gnome-keyring” package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 Maverick Meerkat - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
Even removing the xdg autostart file(s) didn’t work for me. Gnome-keyring is still being started with 'gnome-keyring-daemon --start' and is hijacking my gpg agent, thus breaking smartcard-based GPG and SSH key usage. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in GNOME keyring services: New Status in “gnome-keyring” package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 Maverick Meerkat - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
Thanks Pete, so glad I found your comment. I was struggling trying to understand why it would work as root and not as normal user. Initially I was looking for some udev rules (permissions etc), but in the end through strace it turned out to be what is described here. What is lost by disabling gpg-agent by default? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in GNOME keyring services: New Status in “gnome-keyring” package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 Maverick Meerkat - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
Bug Allways in 14.04, Work without pb after removing the file /etc/xdg/autostart/gnome-keyring-gpg.desktop gnome application password key seems work -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in GNOME keyring services: New Status in “gnome-keyring” package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 Maverick Meerkat - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
As an opinion, I believe that it would be a right thing to disable gpg- agent functionality of gnome-keyring by default in Ubuntu, until it implements the complete functionality. Because the way it is now, gnome- keyring breaks the functionality of gnupg. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in GNOME keyring services: New Status in “gnome-keyring” package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 Maverick Meerkat - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
** Bug watch added: GNOME Bug Tracker #644415 https://bugzilla.gnome.org/show_bug.cgi?id=644415 ** Also affects: gnome-keyring via https://bugzilla.gnome.org/show_bug.cgi?id=644415 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in GNOME keyring services: Unknown Status in “gnome-keyring” package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 Maverick Meerkat - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
** Changed in: gnome-keyring Status: Unknown = New ** Changed in: gnome-keyring Importance: Unknown = Wishlist -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in GNOME keyring services: New Status in “gnome-keyring” package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 Maverick Meerkat - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
I'm offering a $100 bounty to fix this bug. See http://www.freedomsponsors.org/core/issue/359/gnome-keyring-integration- breaks-some-gpg-functions -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in “gnome-keyring” package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 Maverick Meerkat - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
Brief follow-up to previous comment: I seem to have left the Unity desktop (GUI method): section blank. I had created that section before realizing that the Unity directions were identical to the Cinnamon directions and had failed to remove it. My apologies for any confusion. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in “gnome-keyring” package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 Maverick Meerkat - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
(Resurrecting a long-idle thread. Sorry.) This issue has also propagated to Linux Mint 14, an Ubuntu derivative. I was having difficulty using my German Privacy Foundation Crypto Stick with Mint or Ubuntu. While it doesn't solve the underlying issue (that is, the gnome-keyring agent doesn't play nice with smartcards), one can easily disable the offending agent and thus restore normal GPG operations in the following ways * Unity desktop (GUI method): * MATE (fork of GNOME 2) desktop (GUI method): Click Menu -- Preferences -- Startup Applications. Uncheck the GPG Password Agent (it appears twice as the GNOME Keyring and MATE Keyring). * MATE (fork of GNOME 2) desktop (command line method): 1. Open a terminal. 2. Execute the following commands as your user account (root is not required): mkdir ~/.config/autostart cp /etc/xdg/autostart/gnome-keyring-gpg.desktop ~/.config/autostart/ echo X-MATE-Autostart-enabled=false ~/.config/autostart/gnome-keyring-gpg.desktop 3. Log out of your session and log back in. 4. Test to make sure things are working. * Cinnamon (or Unity) desktop: 1. Open a terminal. 2. Execute the following commands as your user account (root is not required): mkdir ~/.config/autostart cp /etc/xdg/autostart/gnome-keyring-gpg.desktop ~/.config/autostart/ echo X-GNOME-Autostart-enabled=false ~/.config/autostart/gnome-keyring-gpg.desktop 3. Log out of your session and log back in. 4. Test to make sure things are working. * How to test if things are working: 1. Open a terminal. 2. Execute the following command as your user account (root is not required): echo $GPG_AGENT_INFO 3. a. If S.gpg-agent (or nothing, in the case of Unity, oddly enough) appears in the result, GPG will use the normal GPG agent. (Example: /home/pete/.gnupg/S.gpg-agent:2120:1) b. If keyring appears in the result, GPG will use the GNOME keyring agent and you will likely not be able to access the smartcard. (Example /run/user/pete/keyring-k4pQam/gpg:0:1) The exact paths, usernames, and numbers in the responses will vary. This is normal. It's the presence of either S.gpg-agent or keyring that identify which agent is being used. 4. Run gpg2 --card-status (or gpg --card-status if you don't have gnupg2 installed) to verify that GPG is able to communicate with the card. * Even though it doesn't solve the underlying problem, I hope this workaround is helpful. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in “gnome-keyring” package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a)
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
the new comments on how to disable the gnome-keyring agents are orthogonal to the bug described there, ideally the GPG agent would be good enough that it doesn't need to be disabled, somebody should still report the bug to GNOME if we want to see it worked. note that we hide system components from the startup applications list because they confuse most users, those technical enough to change their gpg agent should be able to deal with a command line ;-) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in “gnome-keyring” package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 Maverick Meerkat - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
My Oneiric fresh install is also affected by this change. My enigmail (GPG for Thunderbird) configuration was migrated from Natty where it was configured to ask for me a password to unlock my GPG key. Now, in Oneiric, enigmail always has access to my GPG key and never prompts me for a password. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in “gnome-keyring” package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 Maverick Meerkat - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
Ok, it seems I misunderstood the gnome-keyring-daemon startup procedure. Apparently --daemonize --login spawns kind of an empty shell for the functionality (accepting the password through PAM) but does not actually initialize any functionality. For that additional calls the gnome- keyring-daemon with the options --start --components=… (listing the desired component or components) are necessary. As such the PAM module call is actually correct and the fault for gnome-keyring-daemon uncontrollably taking over GPG functions lies elsewhere. (It's just rather confusing because the later calls to --start --components don't leave any traces and looking at the running process list will only show one gnome-keyring-daemon process with --daemonize --login.) In theory, and apparently in some practical cases as evidenced by comment 4 and some other hints on the web, the modules should be started by the session and selectable in gnome-session-properties. However, that doesn't seem to be the case, for Oneiric at least: I tried creating a new user account on my system, and tried a friend's installation (to exclude the possibility of something being wrong with my installation): There is no entry for any gnome-keyring-daemon module in the startup programs list. Instead, there are multiple /etc/xdg/autostart/gnome-keyring-….desktop files, one each for gpg, secrets, pkcs11 and ssh with no obvious UI to disable any of them. WORKAROUND: Removing the /etc/xdg/autostart/gnome-keyring-gpg.desktop file releases (after logging out and in again) gnome-keyring-daemon's grip over the GPG agent functionality and lets gpg and gpgsm work normally again. -- Steps to reproduce -- 1. On a normal Ubuntu Oneiric installation log in normally. 2. Open a Terminal 3. echo $GPG_AGENT_INFO -- Actual results -- /tmp/keyring-some random string/gpg:0:1 -- Expected results (and actual results after applying workaround) -- /tmp/gpg-random string/S.gpg-agent:random number:1 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in “gnome-keyring” package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
Hi, I am smartcard/cryptographic-token user for GnuPG and had this problem too. It used to be GNOME configuration tool in GNOME 2 to disable the interference by GNOM keyrings. It seems that it has been changed, and now it is possible for users to disable the interference using 'gnome-session-properties'. Invoke the command, and at the StartUp Programs tab, you can disable GPG Password Agent and SSH Key Agent buttons. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in “gnome-keyring” package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 Maverick Meerkat - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: gnome-keyring (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in “gnome-keyring” package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 Maverick Meerkat - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
-- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in “gnome-keyring” package in Ubuntu: New Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 Maverick Meerkat - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 884856] Re: gnome-keyring integration breaks some GPG functions
Thank you for taking the time to report this bug and helping to make Ubuntu better. The issue you are reporting is an upstream one and it would be nice if somebody having it could send the bug to the developers of the software by following the instructions at https://wiki.ubuntu.com/Bugs/Upstream/GNOME. If you have done so, please tell us the number of the upstream bug (or the link), so we can add a bugwatch that will inform us about its status. Thanks in advance. ** Changed in: gnome-keyring (Ubuntu) Importance: Undecided = Low -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in “gnome-keyring” package in Ubuntu: New Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(3, SCD SERIALNO openpgp, 20)= 20 write(3, \n, 1) = 1 read(3, ERR 103 unknown command\n, 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path=/tmp/keyring-p6oNWL/gpg}, 25) = 0 ... write(4, HAVEKEY 62B64B58FF1BD7E0B48FE51A..., 48) = 48 write(4, \n, 1) = 1 read(4, ERR 103 unknown command\n, 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line (--daemonize --login). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 Maverick Meerkat - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp