GnuPG can't find /usr/bin/dirmngr

Bug #1623087 reported by Colan Schwartz on 2016-09-13
24
This bug affects 5 people
Affects Status Importance Assigned to Milestone
One Hundred Papercuts
Medium
Unassigned
enigmail (Ubuntu)
Medium
Unassigned
gnupg2 (Ubuntu)
Medium
Unassigned

Bug Description

1. Enigmail -> Key Management.
2. Key server -> Refresh all public keys.
3. One of the following messages is displayed:

Downloading of keys failed
gpg: failed to start the dirmngr '/usr/bin/dirmngr': No such file or directory
gpg: connecting dirmngr at '/home/colan/.gnupg/S.dirmngr' failed: No such file or directory

Key(s) updated successfully
gpg: failed to start the dirmngr '/usr/bin/dirmngr': No such file or directory
gpg: connecting dirmngr at '/home/colan/.gnupg/S.dirmngr' failed: No such file or directory

So it either succeeds or fails, but the GPG error is the same.

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: enigmail 2:1.9.1-1
ProcVersionSignature: Ubuntu 4.4.0-36.55-generic 4.4.16
Uname: Linux 4.4.0-36-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: Unity
Date: Tue Sep 13 11:03:53 2016
EcryptfsInUse: Yes
PackageArchitecture: all
SourcePackage: enigmail
UpgradeStatus: No upgrade log present (probably fresh install)

Colan Schwartz (colan) wrote :
Colan Schwartz (colan) wrote :

I was able to fix with the following commands:

1. sudo apt remove gnupg
2. sudo apt install --reinstall gnupg2 (possibly not necessary, but doesn't hurt)
3. sudo apt install dirmngr

Colan Schwartz (colan) wrote :

If both gnupgs, 1 & 2, are on the system, it should default to the binary for 2. If gnupg 1 is all there is, there should be a warning/error. Also, dirmngr should be a dependency (along with gnupg2).

Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in enigmail (Ubuntu):
status: New → Confirmed
Sworddragon (sworddragon) wrote :

Not sure if it is intended that enigmail shows a fail and a success, maybe this is just a separate issue. But the gnupg error because /usr/bin/dirmngr is missing also appears for example on using apt-key.

Dimitri John Ledkov (xnox) wrote :

dirmngr is now an optional component.

most uses of apt-key do not require dirmngr.

if you want dirmngr (ie. fetching keys from remote key servers) please install dirmngr package.

By default it is a recommends and should be pulled in on most installations.

Maybe enigmail package should add dirmngr as dependency, if it is expected functionaly for those users.

Dimitri John Ledkov (xnox) wrote :

Or e.g. enigmail should use packagekit to request installation of dirmngr or some such.

Changed in enigmail (Ubuntu):
importance: Undecided → Medium
Changed in gnupg2 (Ubuntu):
importance: Undecided → Medium
status: New → Confirmed
Changed in hundredpapercuts:
status: New → Confirmed
importance: Undecided → Medium
Alan Franzoni (alanfranz) wrote :

This is related to https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1634464 as well, where the maintainer says the "apt-key adv" is deprecated ("like everything else"). Not easy to understand what's deprecated.

By the way, "gpg --keyserver YYY --recv-key XXX" works 100% in Ubuntu Xenial, with no deprecation or warning whatsoever. It should not break in such unexpected way on Yakkety. It seems a gnupg->gnupg2 migration issue to me; I think that at least for Yakkety dirmngr should be included as a required dependency from gnupg2, a warning on the deprecation of such feature could be issues, then the dirmngr package could be switched to an optional dep LATER.

Even though IMHO such behaviour is still bad. If I do "gpg --help" in ubuntu yakkety, I clearly see the "--recv-keys" option. Then it breaks when using it if dirmngr is not installed. I would not list such option and let the user employ a different command altogether for fetching remote keys, instead: that would be WAY easier.

By the way, PLEASE consider that

"apt-key adv --keyserver ..."

is a VERY widely used and recommended command for installing keys. And some keyservers may not even expose a decent way of fetching public keys without the HKP protocol, making gpg --keyserver "the right choice".

Seth Arnold (seth-arnold) wrote :

"apt-key adv --recv-key" may be common advice but after the introduction of /etc/apt/trusted.gpg.d/ it is also bad advice.

We should definitely edit the apt-key(8) manpage to include the right commands to use to populate /etc/apt/trusted.gpg.d/ instead of adv --recv-key.

Thanks

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers