Bug#476558: evolution: Fails to GPG sign a message
Goedson Teixeira Paixao
Version: 2.22.1-1
Severity: normal
Whenever I ask evolution to sign a message using GPG, it fails with
the following message:
Could not create message.
Because "Failed to unlock secret key: 3 bad passphrases given.", you
may need to select different mail options.
Although the message says "3 bad passphrases given.", evolution did
not ask for the passphrase.
This used to work before 2.22.1
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to pt_BR.UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages evolution depends on:
ii dbus 1.2.1-1 simple interprocess messaging syst
ii evolution-common 2.22.1-1 architecture independent files for
ii evolution-data-server 2.22.1-1 evolution database backend server
ii gconf2 2.22.0-1 GNOME configuration database syste
ii gnome-icon-theme 2.22.0-1 GNOME Desktop icon theme
ii gtkhtml3.14 3.18.1-1 HTML rendering/editing library - b
ii libart-2.0-2 2.3.20-1 Library of functions for 2D graphi
ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit
ii libbonobo2-0 2.22.0-1 Bonobo CORBA interfaces library
ii libbonoboui2-0 2.22.0-1 The Bonobo UI library
ii libc6 2.7-10 GNU C Library: Shared libraries
ii libcairo2 1.5.8-1 The Cairo 2D vector graphics libra
ii libcamel1.2-11 2.22.1-1 The Evolution MIME message handlin
ii libdbus-1-3 1.2.1-1 simple interprocess messaging syst
ii libdbus-glib-1-2 0.74-2 simple interprocess messaging syst
ii libebook1.2-9 2.22.1-1 Client library for evolution addre
ii libecal1.2-7 2.22.1-1 Client library for evolution calen
ii libedataserver1.2-9 2.22.1-1 Utility library for evolution data
ii libedataserverui1.2-8 2.22.1-1 GUI utility library for evolution
ii libegroupwise1.2-13 2.22.1-1 Client library for accessing group
ii libexchange-storage1.2 2.22.1-1 Client library for accessing Excha
ii libfontconfig1 2.5.0-2 generic font configuration library
ii libfreetype6 2.3.5-1+b1 FreeType 2 font engine, shared lib
ii libgconf2-4 2.22.0-1 GNOME configuration database syste
ii libglade2-0 1:2.6.2-1 library to load .glade files at ru
ii libglib2.0-0 2.16.3-2 The GLib library of C routines
ii libgnome-pilot2 2.0.15-2.1 Support libraries for gnome-pilot
ii libgnome2-0 2.20.1.1-1 The GNOME 2 library - runtime file
ii libgnomecanvas2-0 2.20.1.1-1 A powerful object-oriented display
ii libgnomeui-0 2.20.1.1-1 The GNOME 2 libraries (User Interf
ii libgnomevfs2-0 1:2.22.0-2 GNOME Virtual File System (runtime
ii libgtk2.0-0 2.12.9-3 The GTK+ graphical user interface
ii libgtkhtml3.14-19 3.18.1-1 HTML rendering/editing library - r
ii libhal1 0.5.11~rc2-1 Hardware Abstraction Layer - share
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library
ii libldap-2.4-2 2.4.7-6.1 OpenLDAP libraries
ii libnm-glib0 0.6.6-1 network management framework (GLib
ii libnotify1 [libnotify1 0.4.4-3 sends desktop notifications to a n
ii libnspr4-0d 4.7.0-2 NetScape Portable Runtime Library
ii libnss3-1d 3.12.0~beta3-1 Network Security Service libraries
ii liborbit2 1:2.14.12-0.1 libraries for ORBit2 - a CORBA ORB
ii libpango1.0-0 1.20.2-2 Layout and rendering of internatio
ii libpisock9 0.12.3-4 library for communicating with a P
ii libpisync1 0.12.3-4 synchronization library for PalmOS
ii libpng12-0 1.2.15~beta5-3 PNG library - runtime
ii libpopt0 1.10-3 lib for parsing cmdline parameters
ii libsm6 2:1.0.3-1+b1 X11 Session Management library
ii libsoup2.4-1 2.4.1-1 an HTTP library implementation in
ii libx11-6 2:1.0.3-7 X11 client-side library
ii libxcursor1 1:1.1.9-1 X cursor management library
ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar
ii libxfixes3 1:4.0.3-2 X11 miscellaneous 'fixes' extensio
ii libxi6 2:1.1.3-1 X11 Input extension library
ii libxinerama1 2:1.0.3-1 X11 Xinerama extension library
ii libxml2 2.6.32.dfsg-1 GNOME XML library
ii libxrandr2 2:1.2.2-1 X11 RandR extension library
ii libxrender1 1:0.9.4-1 X Rendering Extension client libra
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages evolution recommends:
pn evolution-plugins <none> (no description available)
pn evolution-webcal <none> (no description available)
ii gnome-desktop-data 2.22.1-1 Common files for GNOME 2 desktop a
pn gnome-pilot-conduits <none> (no description available)
ii spamassassin 3.2.4-1 Perl-based spam filter using text
ii yelp 2.22.1-1 Help browser for GNOME 2
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Yves-Alexis Perez
> Whenever I ask evolution to sign a message using GPG, it fails with
> the following message:
>
> Could not create message.
>
> Because "Failed to unlock secret key: 3 bad passphrases given.", you
> may need to select different mail options.
>
>
> Although the message says "3 bad passphrases given.", evolution did
> not ask for the passphrase.
>
> This used to work before 2.22.1
Could you try to install pinentry-gtk and reportback?
Maybe there's no standalone window anymore (it works here, but I have
pinentry-gtk and gpg-agent running)
--
Yves-Alexis
Goedson Teixeira Paixao
> Could you try to install pinentry-gtk and reportback?
> Maybe there's no standalone window anymore (it works here, but I have
> pinentry-gtk and gpg-agent running)
I've installed pinentry-gtk and the same problem still happens. Is there
some special sequence in which I should start gpg-agent, pinentry-gtk
and evolution so that it will work? I've tried starting gpg-agent, then
pinentry-gtk and finally evolution, and still no success.
--
Goedson Teixeira Paixao http://mundolivre.wordpress.com/
Debian Project http://www.debian.org/
Jabber ID: goe...@jabber.org http://www.jabber.org/
Yves-Alexis Perez
> Em Qui, 2008-04-17 às 20:09 +0200, Yves-Alexis Perez escreveu:
> > Could you try to install pinentry-gtk and reportback?
> > Maybe there's no standalone window anymore (it works here, but I have
> > pinentry-gtk and gpg-agent running)
>
> I've installed pinentry-gtk and the same problem still happens. Is there
> some special sequence in which I should start gpg-agent, pinentry-gtk
> and evolution so that it will work? I've tried starting gpg-agent, then
> pinentry-gtk and finally evolution, and still no success.
If you start evo from a terminal, do you see some debug output? From this
terminal, do you have the following env var: $GPG_AGENT_INFO
Cheers,
--
Yves-Alexis
Goedson Teixeira Paixao
> If you start evo from a terminal, do you see some debug output?
I get the message below when I click the send button on a message I want
to GPG sign.
(evolution:24197): Gdk-WARNING **: GdkWindow is too large to allow the
use of shape masks or shape regions.
> From this
> terminal, do you have the following env var: $GPG_AGENT_INFO
$env |grep GPG
GPG_AGENT_INFO=/tmp/seahorse-vMaArS/S.gpg-agent:4166:1
Yves-Alexis Perez
> Em Qui, 2008-04-24 às 23:16 +0200, Yves-Alexis Perez escreveu:
> > If you start evo from a terminal, do you see some debug output?
>
> I get the message below when I click the send button on a message I want
> to GPG sign.
>
>
> (evolution:24197): Gdk-WARNING **: GdkWindow is too large to allow the
> use of shape masks or shape regions.
Hmmh, not sure it's gpg-related.
>
> > From this
> > terminal, do you have the following env var: $GPG_AGENT_INFO
>
>
> $env |grep GPG
> GPG_AGENT_INFO=/tmp/seahorse-vMaArS/S.gpg-agent:4166:1
Ok so evolution should be aware of GPG agent running. But as it's
seahorse I don't know how it works nor how it may bug.
If you try to sign something from commandline (using gpg), does a window
popup to ask you your passphrase?
Cheers,
--
Yves-Alexis
Goedson Teixeira Paixao
> > > From this
> > > terminal, do you have the following env var: $GPG_AGENT_INFO
> >
> >
> > $env |grep GPG
> > GPG_AGENT_INFO=/tmp/seahorse-vMaArS/S.gpg-agent:4166:1
>
> Ok so evolution should be aware of GPG agent running. But as it's
> seahorse I don't know how it works nor how it may bug.
>
> If you try to sign something from commandline (using gpg), does a window
> popup to ask you your passphrase?
OK. I've finally found the problem. My ~/.gnupg/gpg.conf had the
"use-agent" option commented out. Enabling it and installing
pinentry-gtk2 made the signing work again.
So I think evolution should at least recomment pinentry-gtk2 and mention
the need for the use-agent option in the README file (or force the
use-agent option).
Thanks for the help in spoting the problem.
Yves-Alexis Perez
> Em Sex, 2008-04-25 às 07:51 +0200, Yves-Alexis Perez escreveu:
> > > > From this
> > > > terminal, do you have the following env var: $GPG_AGENT_INFO
> > >
> > >
> > > $env |grep GPG
> > > GPG_AGENT_INFO=/tmp/seahorse-vMaArS/S.gpg-agent:4166:1
> >
> > Ok so evolution should be aware of GPG agent running. But as it's
> > seahorse I don't know how it works nor how it may bug.
> >
> > If you try to sign something from commandline (using gpg), does a window
> > popup to ask you your passphrase?
>
> OK. I've finally found the problem. My ~/.gnupg/gpg.conf had the
> "use-agent" option commented out. Enabling it and installing
> pinentry-gtk2 made the signing work again.
>
> So I think evolution should at least recomment pinentry-gtk2 and mention
> the need for the use-agent option in the README file (or force the
> use-agent option).
>
> Thanks for the help in spoting the problem.
Well, I dont know how seahorse work. But if you start seahorse and if it
exports the GPG_AGENT_INFO, all apps assume there is a gpg agent running. In
this case, evo wont use it's internal popup to ask you the passphrase, but
will pass this to $GPG_AGENT.
Afaict, it's the agent responsibility to make sure user can enter the
passphrase. gnupg-agent Recommends pinentry, and I dont know about other
agents.
If $GPG_AGENT_INFO isn't detected (user doesnt run a gpg agent), evo takes
care of this, so in this case the bug may lie in evo. Can you try running evo
with $GPG_AGENT_INFO unset? If it asks you a passphrase, no problem in evo.
Cheers,
--
Yves-Alexis
Florian Ludwig
i ran into the same problem. When I first installed seahorse it worked
out of the box with evolution just since the last upgrade of evo it
stopped working. I can still sign files directly with seahorse.
My ~/.gnupg/gpg.conf looks like this:
# FILE CREATED BY SEAHORSE
gpg-agent-info /home/dino/.gnome2/seahorse-pWH3iP/S.gpg-agent:5210:1
and installing pinentry-gtk2 doesnt change it.
greetings,
Florian
Goedson Teixeira Paixao
> Well, I dont know how seahorse work. But if you start seahorse and if it
> exports the GPG_AGENT_INFO, all apps assume there is a gpg agent running. In
> this case, evo wont use it's internal popup to ask you the passphrase, but
> will pass this to $GPG_AGENT.
Seahorse does export GPG_AGENT_INFO but evolution won't use the GPG
agent unless we set use-agent in ~/.gnupg/gpg.conf
> Afaict, it's the agent responsibility to make sure user can enter the
> passphrase. gnupg-agent Recommends pinentry, and I dont know about other
> agents.
Agreed. So seahorse should recommend pinentry-gtk2. But I think it is
the responsibility of the application to make sure the agent will be
called when needed.
This is the command evolution executes when trying to sign a message:
gpg --verbose --no-secmem-warning --no-greeting --no-tty --status-fd=64
--command-fd=65 --sign --detach --armor --digest-algo=SHA1 -u 1DEB8EAE
--output -
If we add the --use-agent option to this command, then we will guarantee
the agent is called even if the user doesn't have use-agent set in his
gpg.conf.
> If $GPG_AGENT_INFO isn't detected (user doesnt run a gpg agent), evo takes
> care of this, so in this case the bug may lie in evo. Can you try running evo
> with $GPG_AGENT_INFO unset? If it asks you a passphrase, no problem in evo.
if I unset GPG_AGENT_INFO and then launch evolution, it won't ask me for
a password when trying to sign a message and fails the same way as
before.
Yves-Alexis Perez
> My ~/.gnupg/gpg.conf looks like this:
> # FILE CREATED BY SEAHORSE
>
>
> gpg-agent-info /home/dino/.gnome2/seahorse-pWH3iP/S.gpg-agent:5210:1
>
>
> and installing pinentry-gtk2 doesnt change it.
Can you set use-agent in the .gnupg/gpg.conf and retry?
--
Yves-Alexis
Yves-Alexis Perez
> Em Sex, 2008-04-25 às 15:58 +0200, Yves-Alexis Perez escreveu:
> > Well, I dont know how seahorse work. But if you start seahorse and if it
> > exports the GPG_AGENT_INFO, all apps assume there is a gpg agent running. In
> > this case, evo wont use it's internal popup to ask you the passphrase, but
> > will pass this to $GPG_AGENT.
>
> Seahorse does export GPG_AGENT_INFO but evolution won't use the GPG
> agent unless we set use-agent in ~/.gnupg/gpg.conf
Mhmh ok.
>
> > Afaict, it's the agent responsibility to make sure user can enter the
> > passphrase. gnupg-agent Recommends pinentry, and I dont know about other
> > agents.
>
> Agreed. So seahorse should recommend pinentry-gtk2. But I think it is
> the responsibility of the application to make sure the agent will be
> called when needed.
Evo shouldn't require the agent running. If it is (detected via the
use-agent and GPG_AGENT_INFO), fine, use it. It not, fallback.
> if I unset GPG_AGENT_INFO and then launch evolution, it won't ask me for
> a password when trying to sign a message and fails the same way as
> before.
_That_ is weird. Afaik it should fallback to the integrated one. I'll
try to investigate and report back.
--
Yves-Alexis
Yves-Alexis Perez
> > If $GPG_AGENT_INFO isn't detected (user doesnt run a gpg agent), evo
> takes
> > care of this, so in this case the bug may lie in evo. Can you try
> running evo
> > with $GPG_AGENT_INFO unset? If it asks you a passphrase, no problem
> in evo.
>
> if I unset GPG_AGENT_INFO and then launch evolution, it won't ask me
> for
> a password when trying to sign a message and fails the same way as
> before.
I just unset'ed GPG_AGENT_INFO and run evolution again.
It sure asks me the passphrase correctly.
http://molly.corsac.net/~corsac/debian/evo-gpg.png
Cheers,
--
Yves-Alexis