gnome-keyring integration breaks some GPG functions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNOME Keyring |
Fix Released
|
Wishlist
|
|||
gnome-keyring (Debian) |
New
|
Undecided
|
Unassigned | ||
gnome-keyring (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm.
Steps to reproduce (smartcard):
1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite
2. Start a normal new Ubuntu desktop session
3. strace gpg --card-status
Actual results:
...
socket(PF_FILE, SOCK_STREAM, 0) = 3
connect(3, {sa_family=AF_FILE, path="/
...
write(3, "SCD SERIALNO openpgp", 20) = 20
write(3, "\n", 1) = 1
read(3, "ERR 103 unknown command\n", 1002) = 24
...
The printout on stdout is
selecting openpgp failed: unknown command
OpenPGP card not available: general error
Expected results: The agent should know the SCD command and act accordingly.
Steps to reproduce(gpgsm):
1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm.
2. strace gpgsm -K
Actual results:
...
socket(PF_FILE, SOCK_STREAM, 0) = 4
connect(4, {sa_family=AF_FILE, path="/
...
write(4, "HAVEKEY 62B64B58FF1BD7E
write(4, "\n", 1) = 1
read(4, "ERR 103 unknown command\n", 1002) = 24
...
Expected results: The agent should know the HAVEKEY command and act accordingly.
Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-
But currently the gnome-keyring-
Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner.
ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: gnome-keyring 3.2.1-0ubuntu1
ProcVersionSign
Uname: Linux 3.0.0-12-generic x86_64
ApportVersion: 1.23-0ubuntu3
Architecture: amd64
Date: Mon Oct 31 05:41:24 2011
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
ProcEnviron:
LANGUAGE=en_GB:en
PATH=(custom, no user)
LANG=de_DE.utf8
SHELL=/bin/bash
SourcePackage: gnome-keyring
UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago)
Changed in gnome-keyring: | |
importance: | Unknown → Wishlist |
status: | Unknown → New |
Changed in gnome-keyring: | |
status: | New → Confirmed |
Changed in gnome-keyring: | |
status: | Confirmed → Fix Released |
Thank you for taking the time to report this bug and helping to make Ubuntu better. The issue you are reporting is an upstream one and it would be nice if somebody having it could send the bug to the developers of the software by following the instructions at https:/ /wiki.ubuntu. com/Bugs/ Upstream/ GNOME. If you have done so, please tell us the number of the upstream bug (or the link), so we can add a bugwatch that will inform us about its status. Thanks in advance.