LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 11-30-2017, 10:23 AM   #1
devdol
Member
 
Registered: Dec 2005
Distribution: debian (testing/unstable)
Posts: 61

Rep: Reputation: 17
Question Enigmail/GnuPG issue


Hello everyone,

having used Thunderbird (currently 52.3.0 and 52.4.0) and Enigmail (1.9.8.3 at last) since years, recently Enigmail stopped working, as it claims missing secret keys. In fact, looking at "Enigmail/Key mangement", the list is empty.

Trying to reimport pubring.gpg and secring.gpg from a backup fails with
"Error - First OpenPGP block not public key block", and Debugging Console tells us:

Code:
enigmail> /usr/bin/gpg2 --charset utf-8 --display-charset utf-8 --use-agent --batch --no-tty --status-fd 2 --with-fingerprint --fixed-list-mode --with-colons --list-keys
gpg: Fatal: can't open '/home/someone/.gnupg/trustdb.gpg': Permission denied
enigmail> /usr/bin/gpg2 --charset utf-8 --display-charset utf-8 --use-agent --batch --no-tty --status-fd 2 --with-fingerprint --fixed-list-mode --with-colons --list-secret-keys
gpg: Fatal: can't open '/home/someone/.gnupg/trustdb.gpg': Permission denied
enigmail> /usr/bin/gpg2 --charset utf-8 --display-charset utf-8 --use-agent --batch --no-tty --status-fd 2 --no-verbose --list-packets
gpg: processing message failed: Unknown system error
Surprisingly, copying and invoking this "gpg2 --charset utf-8 --display-charset utf-8 --use-agent --batch --no-tty --status-fd 2 --no-verbose --list-packets" to a commandline works fine!

There is also fairly enough disk space on every partition.

~/.gnupg is "drwx------", and contains pubring.gpg, secring.gpg, trustdb.gpg with "-rw-------" mask. All of them belong to my user's account and group, hence rights and owner do not seem the problem here.

Consistently, "gpk -k", kgpg and even sylpheed mail all are functional, using both existing keyrings.

Then I have purged and reinstalled Thunderbird as well as Enigmail, tried the versions from Debian/testing and /stable, and also tried to install Enigmail via Addons instead of apt. No success: None of the combinations worked (in terms of Enigmail).

For testing purposes I renamed ~/.gnupg and created an empty ~/.gnupg, just to rule out the possibility of overwriting locked files. The situation did not change, it is impossible to import any key!

In my profile, I could not find any subfolders or files belonging to Enigmail, which certainly would be a good candidate to remove. There are only 15 Lines staring with 'user_pref("extensions.enigmail.(...)' in prefs.js, which all look unsuspicious.

I could not find a separate location where Enigmail would store a copy of the keys imported (maybe it tries to a non existing directory?).

Any hints and ideas for further troubleshooting welcome!

gpg (GnuPG) is version 2.1.18, libgcrypt 1.8.1, gpgagent is running. Underlying system is Debian GNU/Linux buster/sid with kernel 4.13.0-1-amd64.

Last edited by devdol; 11-30-2017 at 10:26 AM. Reason: added details
 
Old 11-30-2017, 01:45 PM   #2
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,706
Blog Entries: 4

Rep: Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030
Well, which userid is attempting to do this? Can you touch and thereby create a dummy file in this place? Can you rename the file, then of course rename it right back?

Last edited by sundialsvcs; 11-30-2017 at 01:46 PM.
 
Old 12-01-2017, 05:12 AM   #3
devdol
Member
 
Registered: Dec 2005
Distribution: debian (testing/unstable)
Posts: 61

Original Poster
Rep: Reputation: 17
uid is 1000, gid also, the trivial case. It is no problem to create subdirectories and/or files in /tmp.

Therefore, could something else (execCmd, e.g.) go wrong here:

Code:
getKeyListFromKeyBlock: function(keyBlockStr, errorMsgObj) {
    var ret = [];

    let keyTypeObj = this.getKeyFileType(keyBlockStr);

    if (keyTypeObj.keyType === KEY_BLOCK_UNKNOWN) {
      errorMsgObj.value = EnigmailLocale.getString("notFirstBlock");
      return ret;
    }

    if (keyTypeObj.keyType === KEY_BLOCK_REVOCATION) {
      this.importRevocationCert(keyBlockStr, keyTypeObj.packetStr);
      errorMsgObj.value = "";
      return ret;
    }

    const tempDir = EnigmailFiles.createTempSubDir("enigmail_import", true);
    const tempPath = EnigmailFiles.getFilePath(tempDir);
    const args = EnigmailGpg.getStandardArgs(true).concat([
      "--import",
      "--trustdb", tempPath + "/trustdb",
      "--no-default-keyring", "--keyring", tempPath + "/keyring"
    ]);

    const exitCodeObj = {};
    const statusMsgObj = {};

    EnigmailExecution.execCmd(EnigmailGpg.agentPath, args, keyBlockStr, exitCodeObj, {}, statusMsgObj, errorMsgObj);
Somehow it makes me think that not permissions might be the real problem, but the ability to execute an external command...
 
Old 12-01-2017, 05:58 AM   #4
devdol
Member
 
Registered: Dec 2005
Distribution: debian (testing/unstable)
Posts: 61

Original Poster
Rep: Reputation: 17
...Argh!

In /var/log/syslog there it is:
Code:
... apparmor="DENIED" operation="open" profile="thunderbird" ...
and indeed, disabling apparmor service by way of trial:
Code:
sudo service apparmor teardown
brings Enigmail back to normal function. Still unclear why this suddenly fails out of the box, this answered the crucial question.


...Argh!

In /var/log/syslog there it is:
Code:
... apparmor="DENIED" operation="open" profile="thunderbird" ...
and indeed, disabling apparmor service by way of trial:
Code:
sudo service apparmor teardown
brings Enigmail back to normal function. Still unclear why this suddenly failed out of the box, this answered the crucial question.

And the rest is astoundingly straightforward: all neccessary rules normally comes from /etc/apparmor.d/usr.bin.thunderbird, which installs out of package apparmor-profiles. For some strange reason it deinstalled from my system, and as there is no (!) dependency to other packages, you won't take notice of it.

So this issue was painful to troubleshoot, but easy to fix:
Code:
 sudo apt-get install apparmor-profiles
That's all! Hopefully, this thread will help some fellows who also happen to get this package inwardly deinstalled.

Last edited by devdol; 12-01-2017 at 07:57 AM. Reason: Found a solution
 
  


Reply

Tags
enigmail, gnupg, gpg, keyring, thunderbird


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Thunderbird with Enigmail/GnuPG needs Seahorse to work in RHEL 7 w/Gnome3 desktop anthony000 Linux - Newbie 2 10-10-2015 04:24 PM
port over tbird with enigmail & gnupg from one opensuselinux to another: doable`? sayhello_to_the_world Linux - Newbie 2 05-26-2013 08:05 AM
Upgrade to TB 3.1.10 broke Enigmail, Enigmail maintainer sent be home (Here). tallship Slackware 7 06-18-2011 03:45 PM
gnupg and enigmail question.. slackb0t Slackware 4 04-26-2005 06:58 PM
Enigmail on Thunderbird with GnuPG keys Cyb3rKnyght Linux - Software 1 12-17-2004 10:44 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration