[opensuse] Using GPG in XFCE (L 42.2)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, The release notes for Leap 42.2 say: +++...................... 2.1.3 GNOME Keyring Does Not Integrate with GPG Anymore The integrated GPG agent of GNOME Keyring has been removed. Therefore, GNOME Keyring cannot be used to manage GPG keys anymore. You can still manage GPG keys on the command line using the gpg tool. ......................++- This means that enigmail does not work. I can no longer send signed emails on Thunderbird, because it complains there is no agent. What is the alternative? Command line GPG with Thunderbird? Really? - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlhifzkACgkQja8UbcUWM1waDwD/V1JZedEkMGu0OGNZg5mQ15zk G96ISRCuQGJhlcJozNsA/0F+olIhpQ6JgQW2t9g/tRXQErQsvFWDbMgq4xw6wgEg =2NS0 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 12/27/16 08:48, Carlos E. R. wrote:
+++...................... 2.1.3 GNOME Keyring Does Not Integrate with GPG Anymore
The integrated GPG agent of GNOME Keyring has been removed. Therefore, GNOME Keyring cannot be used to manage GPG keys anymore. You can still manage GPG keys on the command line using the gpg tool. ......................++-
This means that enigmail does not work. I can no longer send signed emails on Thunderbird, because it complains there is no agent.
I'm sending this with KDE. I have not tested enigmail in XFCE, though I assume that it still works. Checking, I see that "gpg-agent" is running for me when I login to XFCE. It is not the gnome-keyring emulation. It is the real gpg-agent. And since that works for me in KDE and enigmail, it should also work with XFCE and enigmail. To check, I verified that "GPG_AGENT_INFO" is defined in my environment, and that the process it identifies is running. Is your problem maybe because of your switch to "lxdm"? I tested with both "gdm" and "lightdm", and "gpg-agent" is automatically started with each of those on login to XFCE (and to other desktops). I'm not about to test with "lxdm" since that is not installed here.
27.12.2016 19:46, Neil Rickert пишет:
On 12/27/16 08:48, Carlos E. R. wrote:
+++...................... 2.1.3 GNOME Keyring Does Not Integrate with GPG Anymore
The integrated GPG agent of GNOME Keyring has been removed. Therefore, GNOME Keyring cannot be used to manage GPG keys anymore. You can still manage GPG keys on the command line using the gpg tool. ......................++-
This means that enigmail does not work. I can no longer send signed emails on Thunderbird, because it complains there is no agent.
I'm sending this with KDE. I have not tested enigmail in XFCE, though I assume that it still works.
Checking, I see that "gpg-agent" is running for me when I login to XFCE. It is not the gnome-keyring emulation. It is the real gpg-agent. And since that works for me in KDE and enigmail, it should also work with XFCE and enigmail.
To check, I verified that "GPG_AGENT_INFO" is defined in my environment, and that the process it identifies is running.
Is your problem maybe because of your switch to "lxdm"?
I tested with both "gdm" and "lightdm", and "gpg-agent" is automatically started with each of those on login to XFCE (and to other desktops). I'm not about to test with "lxdm" since that is not installed here.
gpg-agent is started by /etc/X11/xdm/sys.xsession which is called by /etc/X11/xdm/Xsession which is called by at least lightdm (and IIRC gdm); check lxdm what session it is configured to start.
On 2016-12-27 17:46, Neil Rickert wrote:
On 12/27/16 08:48, Carlos E. R. wrote:
+++...................... 2.1.3 GNOME Keyring Does Not Integrate with GPG Anymore
The integrated GPG agent of GNOME Keyring has been removed. Therefore, GNOME Keyring cannot be used to manage GPG keys anymore. You can still manage GPG keys on the command line using the gpg tool. ......................++-
This means that enigmail does not work. I can no longer send signed emails on Thunderbird, because it complains there is no agent.
I'm sending this with KDE. I have not tested enigmail in XFCE, though I assume that it still works.
Checking, I see that "gpg-agent" is running for me when I login to XFCE. It is not the gnome-keyring emulation. It is the real gpg-agent. And since that works for me in KDE and enigmail, it should also work with XFCE and enigmail.
Not here. This machine is my main desktop machine and has been updated yesterday from 13.1 to L42.2. Previously (on 13.1) it used gnome services to run pinentry to ask for the password and provide it to applications. I see these processes: root 3411 0.6 2.2 398920 186388 tty7 Ss+ 13:36 3:28 \_ /usr/bin/X :0 -seat seat0 -auth /run/lightdm/root/:0 -nolisten tcp vt7 -novtswi tch root 3469 0.0 0.1 246536 8632 ? Sl 13:36 0:00 \_ lightdm --session-child 12 19 cer 3496 0.0 0.0 10748 720 ? Ss 13:36 0:00 \_ /usr/bin/ck-launch-session /usr/bin/dbus-launch --sh-syntax --exit-with-session /usr/bin/ssh-agent /usr/bin/gpg-agent --sh --daemon --keep-display --write-env-file /home/cer/.gnupg/agent.info-Telcontar:0 /home/cer/.xinitrc cer 3636 0.0 0.0 13156 2752 ? S 13:36 0:00 \_ /bin/sh /etc/xdg/xfce4/xinitrc -- /etc/X11/xinit/xserverrc cer 3650 0.0 0.5 394532 43912 ? Sl 13:36 0:01 \_ xfce4-session cer 3660 0.0 0.5 480192 46772 ? Sl 13:36 0:03 \_ xfwm4 --display :0.0 --sm-client-id 2981b20ab-cad4-4a61-a0a8-de cer 3639 0.0 0.0 14044 1904 ? S 13:36 0:00 /usr/bin/dbus-launch --sh-syntax --exit-with-session /usr/bin/ssh-agent /usr/bin/gpg-agent --sh --daemon --keep-display --write-env-file /home/cer/.gnupg/agent.info-Telcontar:0 /home/cer/.xinitrc So I see that 'lightdm' starts 'ck-launch-session' whith '/usr/bin/gpg-agent' as parameter. I also see '/usr/bin/dbus-launch' doing the same thing. But 'gpg-agent' is not running. What is running is the gtk agent: cer 4732 0.0 0.4 371032 38600 ? Sl 13:37 0:00 \_ /usr/lib/polkit-gnome-authentication-agent-1 And indeed, it does handle "ssh" passwords, but not "gpg" passwords. Now I need somehow to tell it to start another agent that does handle gpg. There is this file: cer@Telcontar:~> l /home/cer/.gnupg/agent.info-Telcontar\:0 -rw-r--r-- 1 cer users 50 Dec 27 13:36 /home/cer/.gnupg/agent.info-Telcontar:0 cer@Telcontar:~> cer@Telcontar:~> env | grep GPG GPG_AGENT_INFO=/tmp/gpg-pCZh8v/S.gpg-agent:3643:1 GPG_TTY=/dev/pts/41 cer@Telcontar:~> But: cer@Telcontar:~> l /tmp/gpg-pCZh8v/* ls: cannot access '/tmp/gpg-pCZh8v/*': No such file or directory cer@Telcontar:~>
To check, I verified that "GPG_AGENT_INFO" is defined in my environment, and that the process it identifies is running.
Is your problem maybe because of your switch to "lxdm"?
No, this is a different machine.
I tested with both "gdm" and "lightdm", and "gpg-agent" is automatically started with each of those on login to XFCE (and to other desktops). I'm not about to test with "lxdm" since that is not installed here.
I will have to try with a new user and see how it goes. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-12-27 23:08, Carlos E. R. wrote:
I will have to try with a new user and see how it goes.
Well, I have a new user, but now the problem is how do I create a new GPG key, with what. carlos@Telcontar:~> env | grep GPG GPG_TTY=/dev/pts/1 carlos@Telcontar:~> carlos@Telcontar:~> ps afxu | grep agent carlos 13988 0.0 0.5 371016 45340 ? Sl 23:26 0:00 \_ /usr/lib/polkit-gnome-authentication-agent-1 carlos 14766 0.0 0.0 9328 1548 pts/1 S+ 23:32 0:00 | \_ grep --color=auto agent carlos@Telcontar:~> Ok, I see Seahorse. [...] It fails creating a key! Couldn't generate PGP key General error Close Then what? Kleopatra? That's a KDE tool! -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-12-27 23:44, Carlos E. R. wrote:
On 2016-12-27 23:08, Carlos E. R. wrote:
I will have to try with a new user and see how it goes.
Well, I have a new user, but now the problem is how do I create a new GPG key, with what.
With Thunderbird... Enigmail can create a key pair. But there is no agent, it asks for the password on every mail sent. So, how do I setup a GPG agent on this new user? Seahorse does not have one any longer, the release notes says so. And they don't give alternative instructions, either. I new how to do this a decade ago, before Gnome created seahorse... -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/27/16 16:57, Carlos E. R. wrote:
Enigmail can create a key pair. But there is no agent, it asks for the password on every mail sent.
So, how do I setup a GPG agent on this new user?
It should be sufficient to logout and then login again. As far as I know, gpg-agent is started if $HOME/.gnupg exists. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJYYw80AAoJEGSXLIzRJwiFVyEH/A0p45m18KpULnJTlf0iZ9jy cGaYkbLIM8iF+KzJnUNTT5fbgjId2Ns30wYkx/IAhgUt6YW1A+waPuJtsTu/oUND EIjlT7Mc8m5J+itJ9ztfhZ4EumMATjHW6YmOXKBLVB4FINpxMA8bQ2Zpxv6ZBsEd 7aN8L3kdMpi8U97BblZOPnV2WvMAgTw94VhtPyuq7LJl6OC4Ye93bcf6gxpnEDSS 61T9pVa2PBBZ4q+cjQEz63H3H1iKN6uMdsvQUmVqSROu+yDEX8kUlpYw7nC/itgv VOHQ7VWPTytFNC+y+YWhbhmw+TLeP685JRtXLW3upZJlxzh4bhPMWTIhmzoTRVg= =hSJg -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-12-28 02:02, Neil Rickert wrote:
On 12/27/16 16:57, Carlos E. R. wrote:
Enigmail can create a key pair. But there is no agent, it asks for the password on every mail sent.
So, how do I setup a GPG agent on this new user?
It should be sufficient to logout and then login again.
As far as I know, gpg-agent is started if $HOME/.gnupg exists.
Gosh. Didn’t think of that. So simple... and it works :-) Now I have to compare config files on both old and new users. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-12-28 02:39, Carlos E. R. wrote:
On 2016-12-28 02:02, Neil Rickert wrote:
On 12/27/16 16:57, Carlos E. R. wrote:
Enigmail can create a key pair. But there is no agent, it asks for the password on every mail sent.
So, how do I setup a GPG agent on this new user?
It should be sufficient to logout and then login again.
As far as I know, gpg-agent is started if $HOME/.gnupg exists.
Gosh. Didn’t think of that. So simple... and it works :-)
Now I have to compare config files on both old and new users.
Ok, I compared the .gnupg/gpg.conf and gpg-agent.conf files and found possible problems. Also in .xinitrc. Then started a session for the old user, tried send an email with pine, the agent appeared. It works with emacs, and now I'm going to try with thunderbird with this email. Thanks! :-) -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/27/16 16:08, Carlos E. R. wrote:
Not here.
Okay. I am going to guess. I'm logged into XFCE on one box (not this one). I am looking at Session and Startup --> Application Autostart It shows two entries related to Gnome Keyring: Certificate and Key Storage (GNOME Keyring PKCS#11 Component) SSH Key Agent (GNOME Keyring: SSH Agent) Actually, it shows another saying that Gnome Keyring service itself should start. Both of the above are checked. It does not show anything related to gpg and Gnome keyring. My guess is that you do have such an entry. If you do, try unchecking it. You probably kept your XFCE settings from an earlier version where there was such an entry. I also notice, when I look, that the standard "ssh-agent" is running. But my session is actually using the ssh-agent emulation from Gnome keyring rather than the standard ssh-agent. If I uncheck the box for that, then I'm guessing that my session will then use the standard ssh-agent instead of the Gnome keyring emulation. My normal practice, for a new opensuse version, is the do a complete session reconfiguration instead of inheriting settings from an earlier version. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJYYvJXAAoJEGSXLIzRJwiFoN0H/25RLKwkjy5bbC8ev0nOX96a RyM/09c7Em79hQueHHof36dEgJJ9FDqfgEKPXzzqy30Eyt1o9Idq2uNj9Q4UWhWA 3pD/EfwOwvtiMwjg0w0IC2nTrh8chLwYyM2VW+pA0jU05m/r35gt7yQjVI3tWhQH LJsEnJSYNfpHdOE1DHf3TpHG71cDyXOsZOpFHt/CVl14kumacEamFSMiBQYxFVva hWZpNaRyrA9jcBuFisl4xUdZS+OSCi5cXph3qkGQzg44UZ9A/yxU/24WzNFNSTOQ BbD2XiYvLPQHMe2j6HT14HMh90Xy9diWwX1dnMnpGqiM7Q49OOqVENH70redlEk= =3vBh -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2016-12-27 23:59, Neil Rickert wrote:
On 12/27/16 16:08, Carlos E. R. wrote:
Not here.
Okay. I am going to guess.
I'm logged into XFCE on one box (not this one). I am looking at Session and Startup --> Application Autostart
It shows two entries related to Gnome Keyring:
Certificate and Key Storage (GNOME Keyring PKCS#11 Component) SSH Key Agent (GNOME Keyring: SSH Agent)
Actually, it shows another saying that Gnome Keyring service itself should start. Both of the above are checked.
It does not show anything related to gpg and Gnome keyring.
The application name of those is "/usr/bin/gnome-keyring-daemon"
My guess is that you do have such an entry. If you do, try unchecking it. You probably kept your XFCE settings from an earlier version where there was such an entry.
But I need them, to cache ssh pasphrases. I'm looking at a new user, so that setting is the default in XFCE. Has been for ages.
I also notice, when I look, that the standard "ssh-agent" is running.
Not here.
But my session is actually using the ssh-agent emulation from Gnome keyring rather than the standard ssh-agent. If I uncheck the box for that, then I'm guessing that my session will then use the standard ssh-agent instead of the Gnome keyring emulation.
My normal practice, for a new opensuse version, is the do a complete session reconfiguration instead of inheriting settings from an earlier version.
Now I'm using a new user. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Andrei Borzenkov
-
Carlos E. R.
-
Neil Rickert