Enigmail v2.0 broke split-gpg
zabo...@gmail.com
I've tried with Thunderbird version 52.6.0 on Debian 9 and Thunderbird version 52.4.0 on Fedora 25.
The vault is based on Fedora 25, but I've also tried running it on the Debian 9 template and nothing changed.
Also de-activating PEP and Autocrypt doesn't seem to work.
Thank you for any suggestion.
Eric Barrett
I too am experiencing the same thing. Thunderbird automatically updated Enigmail to version 2.0 and now split gpg is not working. I opened up the Enigmail console and it is using the wrapper, but nothing is happening:
Initializing Enigmail service ...
EnigmailAgentPath=/usr/bin/qubes-gpg-client-wrapper
enigmail> /usr/bin/qubes-gpg-client-wrapper --batch --no-tty --charset utf-8 --display-charset utf-8 --version --version
gpg (GnuPG) 2.2.5
libgcrypt 1.8.2
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/user/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
enigmail> /usr/bin/gpgconf --list-dirs
enigmail> /usr/bin/qubes-gpg-client-wrapper --charset utf-8 --display-charset utf-8 --no-auto-check-trustdb --batch --no-tty --status-fd 2 --with-fingerprint --fixed-list-mode --with-colons --list-keys
enigmail> /usr/bin/qubes-gpg-client-wrapper --charset utf-8 --display-charset utf-8 --no-auto-check-trustdb --batch --no-tty --status-fd 2 --with-fingerprint --fixed-list-mode --with-colons --list-secret-keys
enigmail> /usr/bin/qubes-gpg-client-wrapper --charset utf-8 --display-charset utf-8 --no-auto-check-trustdb --batch --no-tty --status-fd 2 --sender eric@EDITED --max-output 149800 --decrypt
enigmail> /usr/bin/qubes-gpg-client-wrapper --charset utf-8 --display-charset utf-8 --no-auto-check-trustdb --batch --no-tty --status-fd 2 --with-fingerprint --fixed-list-mode --with-colons --list-keys
enigmail> /usr/bin/qubes-gpg-client-wrapper --charset utf-8 --display-charset utf-8 --no-auto-check-trustdb --batch --no-tty --status-fd 2 --with-fingerprint --fixed-list-mode --with-colons --list-secret-keys
Enigmail is using the qubes-gpg-client-wrapper, but nothing is happening and I am not sure where to look next to see why this is the case.
I, too, am interested in a solution.
Eric
Michael Carbone
the time being.
You can do the same by downloading v1.9.9 and manually installing in
thunderbird (and unchecking "update addons automatically"):
https://www.enigmail.net/download/release/1.9/enigmail-1.9.9-sm+tb.xpi?type=application/octet-stream
I will email Enigmail mailing list so that they are aware.
Michael
Eric Barrett
> couldn't figure out a fast solution so I downgraded back to v1.9.9 for
> the time being.
>
> You can do the same by downloading v1.9.9 and manually installing in
> thunderbird (and unchecking "update addons automatically"):
>
> https://www.enigmail.net/download/release/1.9/enigmail-1.9.9-sm+tb.xpi?type=application/octet-stream
Thanks, Michael. That worked for me. How can we follow any updates if this is an Enigmail bug, at least in so far as we can know when we can update to the latest version?
Eric
Michael Carbone
watch for updates:
https://admin.hostpoint.ch/pipermail/enigmail-users_enigmail.net/2018-March/004854.html
Michael
mossy
so many people rely on.
My preferred fix would be for Linux enigmail users *never* to rely on
the Thunderbird Add-ons/Extensions menu to install Enigmail -- instead,
uninstall Engimail from Thunderbird Add-ons/Extensions menu, shut down
Thunderbrid, then install Enigmail from your Linux distribution
repository. In Qubes, shut down your email client Qube/AppVm, the from
its templateVM:
[user@debian-9 ~]$ sudo apt-get install enigmail
[user@fedora-26 ]$ sudo dnf install thunderbird-enigmail
The version is still 1.99 in the repos. Once 2.0 lands in
debian-unstable I'll see if it breaks and file a qubes bug report, so
that the qubes split-gpg community can be on top of this when the
"stable" repos go to Enigmail 2.x -- note that debian only has 2.0 in
the "experimental (rc-buggy)" repository, so it seems best not to
trouble Qubes devs with this issue just yet.
Some things for others on this thread to consider:
* you shouldn't be using fedora-25 templates anymore, mate! They've not
received security updates for many months now. Upgrade your template
like so:
https://www.qubes-os.org/doc/template/fedora/upgrade-25-to-26
Or install from scratch and change your AppVM templates and system-wide
default template. From a dom0 terminal:
[username@dom0 ~] sudo qubes-dom0-update qubes-template-fedora-26
* over years of doing community group thunderbird+enigmail trainings
I've found that almost invariably Linux users will have some random
problem using the Thunderbird Add-on/Extension version, and that the
distro repo version fixes this.
* using qubes split-gpg in some cases it seems that the passphrase
prompt is broken, so you may have to clear the passphrase. Qubes
developers consider the gpg passphrase to add no significant protection
(i.e. an attacker of gaining access to your machine to obtain your
private key would find it trivial to also obtain the passphrase; an
exception might be for external backups, in which case your backup
images and/or drive should be protected with a strong passphrase anyway).
Stay safe out there,
-m0ssy
cubit
couldn't figure out a fast solution so I downgraded back to v1.9.9 for
the time being.
You can do the same by downloading v1.9.9 and manually installing in
thunderbird (and unchecking "update addons automatically"):
https://www.enigmail.net/download/release/1.9/enigmail-1.9.9-sm+tb.xpi?type=application/octet-stream
I will email Enigmail mailing list so that they are aware.
Is anyone else who downgraded back to 1.9.9 getting stuck with a big autocrypt header being displayed and a missing email body when receiving emails from enigmail 2.0 users?
Any persons got the workaround listed here: https://github.com/QubesOS/qubes-issues/issues/3750 to work in 3.2? Is there a particular line it needs to be done on. When I add it to the file, all that happens is my work VM connects to my vault VM and I get a blank email no decrypted message
cubit.
TFQOS
--You received this message because you are subscribed to the Google Groups "qubes-users" group.To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.To post to this group, send email to qubes...@googlegroups.com.To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/L8c6SKz--3-0%40tutanota.com.For more options, visit https://groups.google.com/d/optout.
Michael Carbone
https://github.com/QubesOS/qubes-issues/issues/3750
Thanks TFQOS for clarifying what the issue is.
Michael Carbone
On 03/27/2018 01:58 PM, 'TFQOS' via qubes-users wrote:
> On 27 March 2018 5:40 PM, cubit <cu...@tutanota.com> wrote:
>
>> 27. Mar 2018 09:45 by mic...@qubes-os.org:
>>
>>> couldn't figure out a fast solution so I downgraded back to v1.9.9 for
>>> the time being.
>>>
>>> You can do the same by downloading v1.9.9 and manually installing in
>>> thunderbird (and unchecking "update addons automatically"):
>>>
>>> https://www.enigmail.net/download/release/1.9/enigmail-1.9.9-sm+tb.xpi?type=application/octet-stream
>>>
>>> I will email Enigmail mailing list so that they are aware.
>>
>> Is anyone else who downgraded back to 1.9.9 getting stuck with a big autocrypt header being displayed and a missing email body when receiving emails from enigmail 2.0 users?
>>
>> Any persons got the workaround listed here: https://github.com/QubesOS/qubes-issues/issues/3750 to work in 3.2? Is there a particular line it needs to be done on. When I add it to the file, all that happens is my work VM connects to my vault VM and I get a blank email no decrypted message
>
https://github.com/QubesOS/qubes-issues/issues/3750 works for me in R3.2
> I added a well formatted patch in the comments.
>
> TFQOS - Thanks For Qubes OS
>
Just to update/close the thread, Marek pushed some patches into all
testing repos and closed the issue:
https://github.com/QubesOS/qubes-issues/issues/3750
You can apply the patches immediately by enabling the testing repos:
https://www.qubes-os.org/doc/software-update-dom0/#testing-repositories
https://www.qubes-os.org/doc/software-update-vm/#testing-repositories
or wait for them to land in stable/current.
The underlying bug is upstream of Enigmail in GnuPG, which Enigmail was
trying to work around:
https://admin.hostpoint.ch/pipermail/enigmail-users_enigmail.net/2018-March/004870.html
https://dev.gnupg.org/T2019
Thanks all for the contributions and for the quick patches Marek.
Michael
mossy
cubit
Any persons got the workaround listed here: https://github.com/QubesOS/qubes-issues/issues/3750 to work in 3.2? Is there a particular line it needs to be done on. When I add it to the file, all that happens is my work VM connects to my vault VM and I get a blank email no decrypted message
Is there plans to move the patch from r3.2 testing to stable any time soon?