[Bug 1036736] New: [Build 137.2] openQA test fails in kontact
http://bugzilla.opensuse.org/show_bug.cgi?id=1036736 Bug ID: 1036736 Summary: [Build 137.2] openQA test fails in kontact Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: http://openqa.opensuse.org/tests/394103/modules/kontac t/steps/14 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: pmonrealgonzalez@suse.com Reporter: lnussel@suse.com QA Contact: qa-bugs@suse.de CC: astieger@suse.com, crrodriguez@opensuse.org, lbeltrame@kde.org, meissner@suse.com, tchvatal@suse.com, vcizek@suse.com Found By: --- Blocker: --- ## Observation openQA test in scenario opensuse-42.3:S:B-Staging2-DVD-x86_64-kde@64bit fails in [kontact](http://openqa.opensuse.org/tests/394103/modules/kontact/steps/14) Looks like gpg installs a number of root ca certificates by default that are not trusted. I'd like to confirm what the correct behavior is here? Kleopatra prompts to trust all such certificates on startup. Is this expected and correct? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1036736 Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|[Build 137.2] openQA test |gpg untrusted root CAs |fails in kontact | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1036736 http://bugzilla.opensuse.org/show_bug.cgi?id=1036736#c1 --- Comment #1 from Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> --- Since gpg2 2.1.14 (version 2.1.20 in Factory), no more root certificates are installed by default. See the 12th comment in: https://lists.gnupg.org/pipermail/gnupg-ru/2016-July/000490.html Could this be related to the the configuration of the validation options in Kleopatra?: https://docs.kde.org/trunk5/en/pim/kleopatra/configuration-smime-validation.... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1036736 http://bugzilla.opensuse.org/show_bug.cgi?id=1036736#c2 --- Comment #2 from Luca Beltrame <lbeltrame@kde.org> --- I talked this over with Andre Heinecke, kleopatra and gpg4win maintainer, on IRC, and he said (I'll post a longer write-up on his behalf later, if possible): [11:18] <aheinecke> einar77_work: Getting the dialog is expected and sadly a GnuPG feature. My reccomendation would be not to install the default certificates from GnuPG. They were removed in newer GnuPG versions. And on why we didn't see this before, it is due to a new feature in KMail (added as part of the "Easy GPG" project): <aheinecke> einar77_work: Ah I saw now the screenshot Ok that is new. Because now accountwizard starts a keylisting and that triggers the "Do you trust question" -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1036736 http://bugzilla.opensuse.org/show_bug.cgi?id=1036736#c3 --- Comment #3 from Luca Beltrame <lbeltrame@kde.org> --- Posting on behalf of Andre: Hi, this is expected behavior and sadly comes from a GnuPG problem. The Popup would also show up if you did a "gpgsm --with-validation -k" on the command line in that test environment. Which KMail's account wizard is doing to get a list of keys that may be offered to configure with the identity. For GnuPG it thinks that the certificates are new as it sees them for the first time and asks the user about it. It would also happen if you start Kleopatra for the first time. Upstream no longer ships default certificates. So maybe a Bug against your GnuPG Package to include: https://dev.gnupg.org/rGc19b2061274cd50838e62a2acbdc7e7d24888e7e This would solve the problem not just for KMail but in general. Regards, Andre -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1036736 http://bugzilla.opensuse.org/show_bug.cgi?id=1036736#c4 Antonio Larrosa <alarrosa@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS CC| |alarrosa@suse.com --- Comment #4 from Antonio Larrosa <alarrosa@suse.com> --- I submitted https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/2818/commits... to make kontact5 also start without the first-time wizard (which starts the pinentry dialog): Also submitted the patch at https://dev.gnupg.org/rGc19b2061274cd50838e62a2acbdc7e7d24888e7e (thanks Luca!) to gpg2 in SLE, so it should reach Leap soon after it's approved -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com