seahorse does not recognize seahorse-agent/ssh-agent as a caching agent

Forgot to mention the version of seahorse: 2.22.1-0ubuntu1, on Hardy.

I also get the same errors:

$ seahorse
** Message: init gpgme version 1.1.5
** (seahorse:10556): WARNING **: Invalid or no GPG agent is running. Disabling cache preferences.

$ ps aux | grep agent
mmiller 5746 0.0 0.0 4032 848 ? Ss 08:33 0:00 /usr/bin/gpg-agent --daemon --sh --write-env-file=/home/mmiller/.gnupg/gpg-agent-info-bragg /usr/bin/seahorse-agent --execute x-session-manager
mmiller 5752 0.0 0.3 23052 6808 ? Ss 08:33 0:00 /usr/bin/seahorse-agent --execute x-session-manager
mmiller 8899 0.0 0.3 23928 7868 ? Ss 10:26 0:00 seahorse-agent
mmiller 10697 0.0 0.0 3004 760 pts/1 R+ 10:55 0:00 grep agent

And the error in the attached pic when trying to send encrypted or signed email with Enigmail (2:0.95.0-0ubuntu5) and Thunderbird (2.0.0.12+nobinonly0ubuntu1)

I found a fix in the comments for bug #183514, located here: https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/183514/comments/5

Basically, the fix is deleting the file /etc/X11/Xsession.d/90gpg-agent and restarting X (CTRL+ALT+Backspace).

Having this file there is a bug, especially for a fresh install.

Thanks Matt! That solved the Thunderbird (Enigmail) constantly forgetting my GPG passphrase issue.
Ubuntu HH, upgraded from GG, running KDE desktop.
The hole gpg, gpg2, gpg-agent, seahorse-agent thing is a bit confusing.

Thank you for taking the time to report this bug and helping to make Ubuntu better. You reported this bug a while ago and there hasn't been any activity in it recently. We were wondering is this still an issue for you? Can you try with Intrepid Ibex? Thanks in advance.

I can't reproduce this with seahorse 2.22.2-0ubuntu1 on up-to-date Hardy.

The reason I can't reproduce it seems to be that with this version, the files in /etc/X11/Xsession.d/ are:
20x11-common_process-args
30x11-common_xresources
40x11-common_xsessionrc
50x11-common_determine-startup
55gnome-session_gnomerc
60sabayon_apply
60seahorse
60xdg-user-dirs-update
80im-switch
90-console-kit
90x11-common_ssh-agent
99x11-common_start

Can others confirm that this is fixed in current Hardy?

Closing since the issue can't seem to be replicated anymore.

I can replicate this on Intrepid. It looks like the problem is a conflict between gpg-agent and seahorse, when the "gnupg-agent" package is installed, it installs the /etc/X11/Xsession.d/90gpg-agent mentioned in the comments, which breaks seahorse. Remove gnupg-agent fixes the issue.

Removing gnupg-agent also forces a removal of these packages : kde kdepim kleopatra kmail kmailcvt kontact
Diverting the file with a "dpkg-divert --local --rename /etc/X11/Xsession.d/90gpg-agent" will archieve the same results, without the hassle of dissuading APT from doing that.

Anyway, as disabling that script will probably break things in KDE GnuPG usage, gnupg and KDE maintainters should be notified of this bug and test the solutions for collateral damage.

could you explain why you think that's a seahorse bug?

Hi Sebastien,

I don't think it's necessarily a seahorse bug, that's just what this was originally filed under before I got here, and I just wanted to reopen the bug so people would start looking at it again.

It's likely that this is either a problem with the gnupg-agent package, or it's a conflict between the two that must be resolved in both, but I haven't investigated the details far enough to see which.

Kmail needs gnupg-agent for GPG and S/MIME signing. It's been part of the default install for Kubuntu since Gutsy. It seems to me that seahorse ought to either co-exist with the standard Gnupg tools or provide an equivalent functionality so gnupg-agent is not required (I'm certainly willing to add it as an alternate depends if it would do that - I understand it currently doesn't).

the comments suggest that gpg-agent hijack seahorse there and is creating the issue

the bug has been reassigned for a reason no need to reopen a seahorse task there

I don't think it's that simple. The addition of seahorse was done in an incomplete way to not work with the pre-existing tools.

You can't add seahorse, have it not work and arbitrarily declare what existed before.

Seahorse also does "fun" things like remove a user's pre-existing gnupg.conf file and replace it with ones that are blank except for a comment that the file was created by seahorse. This breaks anything (like using gnupg-agent) that depends on the config file.

If seahorse would actually provide a compatible, functional agent that could be an alternative, we could handle this quite easily for alternate recommends/depends as we do with the various pinentry variants.

should be sent to bugzilla.gnome.org by somebody with interest in that and able to explain what seahorse does wrongly

Note: Due to the was LP bugmail gets sent and I'm on a slow connection, the also affects bugmail went out without my explanation, you changed the status and then when I finally managed to save my explanation, it stepped on your status change.

Please consider that this is an integration issue that should not just be blamed on one package.

Scott:
I talked to Adam (upstream) about that gnupg.conf over-writing, and he
said it shouldn't happen in any version of Seahorse released in the last
year (pointed out the commit that removed it, too). He asked about
patches Ubuntu has applied. Is it possible we have some old n crufty
patch sitting around breakin it?

there is no ubuntu change, did anybody try on intrepid or jaunty?

Seb, I'm using Jaunty. I created a new user. As soon as that user
logged into GNOME for the first time (really, I think it was as soon as
the gnome-session started seahorse-agent) that user's gpg.conf was
edited to say:
# FILE CREATED BY SEAHORSE

Just that comment and a blank line. That means a conflict when GNOME
and KDE are both installed. gpg-agent won't run in KDE then, and so
KMail can't sign emails (KMail cannot use seahorse-agent which will in
this case automatically run since gpg-agent isn't).

grepping in the seahorse source shows that the upstream code still write that and that's not a distro change you can let upstream know about that

I don't know. I do think it might be useful if you tried to force remove
gnupg-agent and see how well seahorse-agent works for stuff like gpg
singing mail (kmail), signing packages, etc.

I think seahorse-agent either needs to fully replace gnupg-agent or work
along side it.

Seb & I talked to Adam again.

Seahorse adds gpg.conf if it does not exist when seahorse-agent runs.
Seahorse's caching preferences set use-agent in gconf but not in the
file.

KMail and Evolution *both* claim "bad passphrase" if I use
seahorse-agent inside KDE. Evolution additionally uses 98% CPU for
about a minute before even bringing up the password prompt.
Seahorse-agent is definitely not playing nice inside KDE sessions.

Adam said he thinks telling the caching preferences to automatically
make gpg.conf match gconf should fix it. I took that to mean he's going
to try it.

There seem currently to be at least three agents which can act as a gpg and/or ssh agent:
- gpg-agent
- seahorse-agent
- gnome-keyring-daemon

Depending on the order in which they are started the last setting the specific environment variables seems to win.
There should exist an easy way to select which agent ones want to use.

As I have an OpenPGP card, I need gpg-agent and can also use it as a ssh agent. But unfortunately gnome-keyring-daemon overwrites the ssh agent settings, so I need to change them manually back when I want to use my OpenPGP card for ssh authentication.

As I don't have seahorse installed, I don't know how much more an additional agent would disturb it.

gnome-keyring-daemon and ssh-agent share a purpose
seahorse-agent (s-a) and gpg-agent (g-a) share a purpose

The first on each line to start "wins".

gnome-keyring-daemon means we have pretty passphrase boxes and the
password is remembered, unlike ssh-agent.

seahorse-agent...I don't see any advantages over gpg-agent, unless the
fact that Evolution + s-a lets you choose whether to save the passphrase
counts. Evolution + g-a, when used inside KDE, uses a KDE passphrase
box and always stores the passphrase (I wish it didn't). I haven't
tried Evolution + s-a in GNOME.

> gnome-keyring-daemon and ssh-agent share a purpose
> seahorse-agent (s-a) and gpg-agent (g-a) share a purpose
>
> The first on each line to start "wins".

How can I make my session start the gnome-keyring-daemon before the ssh-agent?
Same question for the seahorse-agent and the gpg-agent.

Thanks in advance.

I *think* if you change the numbers in /etc/X11/Xsession.d/ that'll do it.
The lower numbers start first, higher numbers start last. Seahorse-plugins is
by default a lower number, so it should be starting first. If you have "use-
agent" in your gpg.conf this *may* vary.

The hacky way:
In your GNOME session autostart, have it kill gpg-agent and ssh-agent, then
start the ones you want.

I'm going to mark this bug a duplicate to bug #183514 . I have taken together the useful information from both #217270 and #352154. Feel free to add missing information. Thanks.