desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #62321
[Bug 884856] Re: gnome-keyring integration breaks some GPG functions
the new comments on how to disable the gnome-keyring agents are
orthogonal to the bug described there, ideally the GPG agent would be
good enough that it doesn't need to be disabled, somebody should still
report the bug to GNOME if we want to see it worked.
note that we hide system components from the startup applications list
because they confuse most users, those technical enough to change their
gpg agent should be able to deal with a command line ;-)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/884856
Title:
gnome-keyring integration breaks some GPG functions
Status in “gnome-keyring” package in Ubuntu:
Confirmed
Bug description:
In recent Ubuntu releases (not sure how far back, but at least
Oneiric) gnome-keyring offers gpg-agent integration and is enabled by
default. The gpg-agent protocol implementation of gnome-keyring is
very incomplete and hence breaks at least the smartcard functions of
gpg and most functions of gpgsm.
Steps to reproduce (smartcard):
1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite
2. Start a normal new Ubuntu desktop session
3. strace gpg --card-status
Actual results:
...
socket(PF_FILE, SOCK_STREAM, 0) = 3
connect(3, {sa_family=AF_FILE, path="/tmp/keyring-p6oNWL/gpg"}, 25) = 0
...
write(3, "SCD SERIALNO openpgp", 20) = 20
write(3, "\n", 1) = 1
read(3, "ERR 103 unknown command\n", 1002) = 24
...
The printout on stdout is
selecting openpgp failed: unknown command
OpenPGP card not available: general error
Expected results: The agent should know the SCD command and act
accordingly.
Steps to reproduce(gpgsm):
1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm.
2. strace gpgsm -K
Actual results:
...
socket(PF_FILE, SOCK_STREAM, 0) = 4
connect(4, {sa_family=AF_FILE, path="/tmp/keyring-p6oNWL/gpg"}, 25) = 0
...
write(4, "HAVEKEY 62B64B58FF1BD7E0B48FE51A"..., 48) = 48
write(4, "\n", 1) = 1
read(4, "ERR 103 unknown command\n", 1002) = 24
...
Expected results: The agent should know the HAVEKEY command and act
accordingly.
Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg).
But currently the gnome-keyring-daemon is started through the
pam_gnome_keyring.so PAM module which uses a hard-coded command line
("--daemonize --login").
Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner.
ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: gnome-keyring 3.2.1-0ubuntu1
ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4
Uname: Linux 3.0.0-12-generic x86_64
ApportVersion: 1.23-0ubuntu3
Architecture: amd64
Date: Mon Oct 31 05:41:24 2011
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
ProcEnviron:
LANGUAGE=en_GB:en
PATH=(custom, no user)
LANG=de_DE.utf8
SHELL=/bin/bash
SourcePackage: gnome-keyring
UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/884856/+subscriptions
References
