| Summary: | Kmail2 ignores signatures of inline PGP messages | ||
|---|---|---|---|
| Product: | [Applications] kmail2 | Reporter: | Thomas Zell <t.zell> |
| Component: | crypto | Assignee: | kdepim bugs <kdepim-bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | kde-bugs, quazgar, sknauss |
| Priority: | NOR | ||
| Version: | 4.7 | ||
| Target Milestone: | --- | ||
| Platform: | openSUSE | ||
| OS: | Linux | ||
| Latest Commit: | http://commits.kde.org/kdepim/25f0b41941e093071cf9cee624b24f30a71047a1 | Version Fixed In: | 4.12 |
| Sentry Crash Report: | |||
|
Description
Thomas Zell
2012-01-18 18:36:46 UTC
I can confirm this on KDE 4.7.3. The same problem hold true for inline-encrypted messages: There's no visual identification that one is looking at an encrypted message. Whoops ... this is a duplicate of bug 247657 !!! In any case, removing the "log-file" entry from ~/.gnupg/gpg.conf fixes things. *** This bug has been marked as a duplicate of bug 247657 *** Probably it's better to leave this as a bug reported against kmail2. So I'm marking the old bug report as a duplicate of this one. *** Bug 247657 has been marked as a duplicate of this bug. *** I listed some details in https://bugzilla.novell.com/show_bug.cgi?id=667717#c8 copy&paste from there: ---------- Your link was quite helpful - removing the "log-file" option solved the problem and KMail displayed the inline-signed mails as signed. But now to the interesting part - who added this line? # tail ~/.gnupg/gpg.conf ###+++--- GPGConf ---+++### utf8-strings debug-level advanced log-file socket:///home/cb/.gnupg/log-socket ###+++--- GPGConf ---+++### Fr 27 Sep 2013 17:51:54 CEST # GPGConf edited this configuration file. # It will disable options before this marked block, but it will # never change anything below these lines. Note that the mentioned time is very close to comment #6. What did I do before writing the comment? Well, I checked what the GnuPG Log watch (binary "watchgnupg", "GnuPG-Protokollanzeige" in german KMail) tells me about an inline-signed mail. And indeed, after starting GnuPG log watch again, I have a fresh "log-file socket://..." line in gpg.conf - and KMail no longer displays the mail as signed. So basically this bug consists of 3 bugs: a) kwatchgnupg changes the gpg.conf in a way that breaks KMail (by adding the lines quoted above) b) kwatchgnupg does not undo its change at exit, which means the then dead socket stays in gpg.conf c) KMail does not display any notice about the failed gpg call - it should display a yellow border and tell me that it couldn't check the signature) For c), see also [1] from comment 7: "If the output from STDERR cannot be parsed due to an error in gpg, kmail internally does not set the flag that the mail was signed at all" BTW: I wasn't aware that some KMail developers listened to my "1001 bugs - or: the golden rules of bad programming" talk at oSC11 or LinuxTag 2012. Rule 21 said: Users hate error messages Conclusion: never print an error message. Fail silently instead ;-)) ---------- To make it clear: The reproducer is to start kwatchgnupg which adds the "log-file socket:///home/cb/.gnupg/log-socket" line to ~/.gnupg/gpg.conf Git commit 25f0b41941e093071cf9cee624b24f30a71047a1 by Sandro Knauß. Committed on 15/10/2013 at 16:44. Pushed by knauss into branch 'master'. use gpgme instead of kpgp for decrypting PGP Inline messages REVIEW: 113348 Related: bug 247657, bug 295217 FIXED-IN: 4.12 M +200 -149 messageviewer/viewer/objecttreeparser.cpp http://commits.kde.org/kdepim/25f0b41941e093071cf9cee624b24f30a71047a1 |