Summary: | kmail doesn t sign/encrypt e-mails, broken pipe | ||
---|---|---|---|
Product: | [Unmaintained] kmail | Reporter: | Achim Wößner <boldii> |
Component: | general | Assignee: | kdepim bugs <kdepim-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | amantia, andreak, mpyne, trejkaz |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Gentoo Packages | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: | |||
Attachments: | gpgme.log |
Description
Achim Wößner
2004-07-12 15:35:02 UTC
I can confirm that this happens to me as well, KDE HEAD from 20040712. Relevant output: Format info for openpgp/mime: Signing keys: 8027DF50 SplitInfo #0 encryption keys: SplitInfo #0 recipients: mpyne@graNOSPAMmmarian.homelinux.net GpgME::Data(): DataProvider supports: read, write, seek, release GpgME::Data(): DataProvider supports: read, write, seek, release QGpgME::QByteArrayDataProvider::read( 0x84c1500, 4096 ) kmail: signing failed: Broken pipe QGpgME::QByteArrayDataProvider::release() QGpgME::QByteArrayDataProvider::release() kmail: signature was empty Do have gnupg-1.2.x or 1.9.x ? If you are using 1.9.x, you need to apply the patch that I posted to http://bugs.kde.org/show_bug.cgi?id=83086 Apparently this fix hasn't been released in any gnupg-1.9.x yet, even 1.9.9 has the bug. You might also need to start gpg-agent first. Add `eval gpg-agent` at the top of startkde. This is a temporary solution, hopefully (https://intevation.de/roundup/aegypten/issue88) But the broken pipe problem is *definitely* the gnupg-1.9.x bug in jnlib/logging.c I have the stable branch of gpg running here gpg (GnuPG) 1.2.4 I will try with remerging everything and the gpg-agent thing if the problem still exists I will write again. > I have the stable branch of gpg running here gpg (GnuPG) 1.2.4
Hmm, OK. #84269 seems to indicate that for 1.2.4 the only thing to do is run gpg-agent.
For sure 1.2.4 doesn't have the logging.c bug.
I've tried running gpg-agent and KMail and receive the same problem, with the same console output. I'm also on Gentoo, also using gnupg 1.2.4. Gentoo doesn't appear to apply any patches to the package however. Is there any other libraries that may be at fault? *** Bug 85046 has been marked as a duplicate of this bug. *** Strange. Well I'll have to try with gnupg-1.2.4 tomorrow then, after recompiling gpgme to use that one. Meanwhile maybe someone can try GPGME_DEBUG=5:/tmp/gpgme.log kmail and sending the /tmp/gpgme.log file. This is what the gnupg people want to see to debug problems. Ah, one thing Werner Koch mentionned in the past, is that gpg-1.2.x is too old. An upgrade to gpg-1.3.x might be a good idea. I'll try to figure out what's the exact requirement. David Faure wrote: | Ah, one thing Werner Koch mentionned in the past, is that gpg-1.2.x | is too old. An upgrade to gpg-1.3.x might be a good idea. | I'll try to figure out what's the exact requirement. | Ok? According to the gpg homepage, 1.2.4 tha the latest stable releas. Shouldn't KMail depend on the latest stable gpg? BTW: I got signing working by compiling gpg-1.9.7 and copying the gpg-agent program from $HOME/dev/gnupg-1.9.7/agent/gpg-agent to a directory in my $PATH, but this seems dirty to me... Now, only bug 85047 is keeping me from switching back to KMail:-) - -- Andreas Joseph Krogh <andreak@officenet.no> Senior Software Developer / Manager gpg public_key: http://dev.officenet.no/~andreak/public_key.asc - ------------------------+---------------------------------------------+ OfficeNet AS | - a tool should do one job, and do it well. | Hoffsveien 17 | | PO. Box 425 Skøyen | | 0213 Oslo | | NORWAY | | Phone : +47 22 13 01 00 | | Direct: +47 22 13 10 03 | | Mobile: +47 909 56 963 | | - ------------------------+---------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFA8yEKUopImDh2gfQRArNqAKCbiG03qVB5xJZ0U3/fQy9r4Zh1mgCeJH4D c5aEBE6FFI9Ul3v1fwCM4nU= =o9YH -----END PGP SIGNATURE----- Created attachment 6649 [details]
gpgme.log
this is the log file you wanted David, I wrote a new email and then tried to
encrypt it and this is what I got. Hope it helps.
OK, it seems that gnupg-1.2.x can't work (it has no gpgconf support), please try upgrading to gnupg-1.3.x http://lists.gnupg.org/pipermail/gnupg-announce/2004q2/000168.html On Tuesday 13 July 2004 01:41, Andreas Joseph Krogh wrote:
> Ok? According to the gpg homepage, 1.2.4 tha the latest stable releas.
> Shouldn't KMail depend on the latest stable gpg?
Yes, the _stable_ version of kmail will depend on the latest stable gpg.
The gnupg developers are about to release a 1.2.5 version soon, to provide
the needed support in the stable 1.2 branch.
For now gnupg-1.3.x is needed for OpenPGP support in kmail-cvs.
OK. maybe then there should be a popup with a warning / message when starting kmail. Because I don t think that everybody using >=beta1 will read cvs announces. I will tell you soon if it works with 1.3.x On Tuesday 13 July 2004 13:45, David Faure wrote: > OK, it seems that gnupg-1.2.x can't work (it has no gpgconf support), > please try upgrading to gnupg-1.3.x > > http://lists.gnupg.org/pipermail/gnupg-announce/2004q2/000168.html Ok, maybe a configure-check should spit out a warning that "no suitable gpg-version found, gnupg >= 1.2.5 or >= 1.3.6 needed". I agree that my version of KMail is not a STABLE release, but a beta should include such warnings I think. It would reduce the number of bug-reports on this issue:-) BTW: I now have gnupg-1.2.4 with gpg-agnet from gnupg-1.9.7 and everything works perfetcly(with eval "$(gpg-agent --daemon)" in my startkde script). On Tuesday 13 July 2004 14:03, Andreas Joseph Krogh wrote: > Ok, maybe a configure-check should spit out a warning that "no suitable > gpg-version found, gnupg >= 1.2.5 or >= 1.3.6 needed". I agree. I just asked the gpgme developers to upgrade their min. required version (and possibly provide a runtime warning). > I agree that my version of KMail is not a STABLE release, but a beta should > include such warnings I think. It would reduce the number of bug-reports on > this issue:-) I agree. > BTW: I now have gnupg-1.2.4 with gpg-agnet from gnupg-1.9.7 and everything > works perfetcly(with eval "$(gpg-agent --daemon)" in my startkde script). Oh. Ah, and gpgconf is also provided by gnupg-1.9.7, I see. What's needed is gnupg-1.2.x+gpgconf, which is exactly what gnupg-1.3.x provides (and what gnupg-1.2.5 will provide). On Tuesday 13 July 2004 14:08, David Faure wrote: > I agree. I just asked the gpgme developers to upgrade their min. required > version (and possibly provide a runtime warning). Good. > Oh. Ah, and gpgconf is also provided by gnupg-1.9.7, I see. > > What's needed is gnupg-1.2.x+gpgconf, which is exactly what gnupg-1.3.x > provides (and what gnupg-1.2.5 will provide). Actually, I only installed gpg-agent, not gpgconf, from gnupg-1.9.7 (cp ~/dev/gnupg-1.9.7/agent/gpg-agent $KDEDIR/bin/gpg-agent). gpgconf is not in my(or KDE's) $PATH, it's only compiled in gnupg-1.9.7 src-dir(~/dev/gnupg-1.9.7/tools/gpgconf). ok. now I have installed gnupg-1.3.6 and I get a crash: steps to reproduce: 1.) write a new mail 2.) try to sign it. 3.) see it crashing. gdb: (gdb) QObject::connect: No such slot KMLineEdit::loadContacts() QObject::connect: (sender name: 'unnamed') QObject::connect: (receiver name: 'unnamed') *** KMail got signal 11 (Crashing) gcc: gcc (GCC) 3.3.3 20040412 (Gentoo Linux 3.3.3-r6, ssp-3.3.2-2, pie-8.7.6) kernel: Linux keller 2.6.7-rc2-love2 #1 Sun Jun 6 19:24:14 CEST 2004 i686 Intel(R) Pentium(R) 4 CPU 1.80GHz GenuineIntel GNU/Linux cflags: CXXFLAGS="-O2 -march=pentium4 -ftracer -fprefetch-loop-arrays -pipe -fomit-frame-pointer -mmmx -msse2 -mfpmath=sse -funroll-loops -frerun-cse-after-loop -frerun-loop-opt -falign-functions=4" if you need any further information just ask. CVS commit by faure: loadContacts needs to be a slot. CCMAIL: 85009@bugs.kde.org M +2 -1 addresseelineedit.h 1.12 --- kdepim/libkdepim/addresseelineedit.h #1.11:1.12 @@ -65,6 +65,7 @@ class AddresseeLineEdit : public ClickLi void enableCompletion( bool enable ); - protected: + protected slots: virtual void loadContacts(); + protected: void addContact( const KABC::Addressee&, int weight ); virtual void keyPressEvent( QKeyEvent* ); On Tuesday 13 July 2004 14:37, achim woessner wrote:
> *** KMail got signal 11 (Crashing)
kdepim 3.3-beta1, right? It had the assert when signing failed (it's now a messagebox instead)
Please try running gpg-agent?
Type this in the same terminal:
eval `gpg-agent --daemon`
kmail (or kontact)
(if it works, add the eval line to startkde)
in #gnupg on irc.freenode.net they told me that 1.3.x has no gpg-agent so what else can I do? OK, Marc Mutz just explained to me that we can do without gpg-agent, he will implement this tonight or tomorrow. (meanwhile if you need it to work, you have to compile gnupg-1.9.x to get gpg-agent from it). *** Bug 83086 has been marked as a duplicate of this bug. *** On Tuesday 13 July 2004 16:46, David Faure wrote: > OK, Marc Mutz just explained to me that we can do without gpg-agent, he > will implement this tonight or tomorrow. > > (meanwhile if you need it to work, you have to compile gnupg-1.9.x to get > gpg-agent from it). That's good news! I finally got it working with gpg 1.9.8 and a program called pinentry and an entry in ~/.gnupg/gpg-agent.conf: pinentry-program /usr/bin/pinentry-qt so this will be my workaround as long as it is needed ;) maybe it also works with 1.3.x but I guess it doesn t yet because of the missing gpg-agent. so long. greets achim wößner aka boldii This works for me too. I had gpg-1.9.9 and eval `gpg-agent --daemon` but apparently the pinentry program was missing. Adding pinentry as stated above solved the problem. CVS commit by faure: Applied patch from Marc Mutz which implements a passphrase dialog in KMail, shown when gpg-agent isn't running. I adjusted the text of the dialog to explain that "This dialog will reappear every time the passphrase is needed. For a more secure solution that also allows caching the passphrase, install gpg-agent. gpg-agent is part of gnupg-1.9, which you can download from http://www.gnupg.org/download" [would be nice to make the URL clickable] What remains is to tell people how to set up gpg-agent, but that's a bit too much for a dialog :) CCMAIL: 85009@bugs.kde.org M +28 -1 qgpgmejob.cpp 1.5 M +4 -1 qgpgmejob.h 1.5 --- kdepim/certmanager/lib/backends/qgpgme/qgpgmejob.cpp #1.4:1.5 @@ -39,4 +39,5 @@ #include <kleo/job.h> +#include <ui/passphrasedialog.h> #include <qgpgme/eventloopinteractor.h> @@ -46,4 +47,6 @@ #include <gpgmepp/data.h> +#include <klocale.h> + #include <qstring.h> #include <qstringlist.h> @@ -54,4 +57,5 @@ Kleo::QGpgMEJob::QGpgMEJob( Kleo::Job * _this, GpgME::Context * context ) : GpgME::ProgressProvider(), + GpgME::PassphraseProvider(), mThis( _this ), mCtx( context ), @@ -65,4 +69,6 @@ Kleo::QGpgMEJob::QGpgMEJob( Kleo::Job * QObject::connect( QGpgME::EventLoopInteractor::instance(), SIGNAL(aboutToDestroy()), _this, SLOT(slotCancel()) ); + context->setProgressProvider( this ); + context->setPassphraseProvider( this ); } @@ -84,5 +90,4 @@ void Kleo::QGpgMEJob::hookupContextToEve SIGNAL(operationDoneEventSignal(GpgME::Context*,const GpgME::Error&)), mThis, SLOT(slotOperationDoneEvent(GpgME::Context*,const GpgME::Error&)) ); - mCtx->setProgressProvider( this ); } @@ -140,2 +145,24 @@ void Kleo::QGpgMEJob::showProgress( cons } +char * Kleo::QGpgMEJob::getPassphrase( const char * useridHint, const char * /*description*/, + bool previousWasBad, bool & canceled ) { + // DF: here, description is the key fingerprint, twice, then "17 0". Not really descriptive. + // So I'm ignoring QString::fromLocal8Bit( description ) ) + QString msg = previousWasBad ? + i18n( "You need a passphrase to unlock the secret key for user:<br/> %1 (retry)" ) : + i18n( "You need a passphrase to unlock the secret key for user:<br/> %1" ); + msg = msg.arg( QString::fromUtf8( useridHint ) ) + "<br/><br/>"; + msg.prepend( "<qt>" ); + msg += i18n( "This dialog will reappear every time the passphrase is needed. For a more secure solution that also allows caching the passphrase, install gpg-agent." ); + msg += i18n( "gpg-agent is part of gnupg-%1, which you can download from %2" ) + .arg( "1.9" ) + .arg( "http://www.gnupg.org/download" ); // add #gnupg2 if you can make this a real link + Kleo::PassphraseDialog dlg( msg, i18n("Passphrase Dialog") ); + if ( dlg.exec() != QDialog::Accepted ) { + canceled = true; + return 0; + } + canceled = false; + // gpgme++ free()s it, and we need to copy as long as dlg isn't deleted :o + return strdup( dlg.passphrase() ); +} --- kdepim/certmanager/lib/backends/qgpgme/qgpgmejob.h #1.4:1.5 @@ -35,4 +35,5 @@ #include <gpgmepp/interfaces/progressprovider.h> +#include <gpgmepp/interfaces/passphraseprovider.h> #include <gpgmepp/key.h> @@ -74,5 +75,5 @@ namespace Kleo { ctor. The rest is dealt with automatically. */ - class QGpgMEJob : public GpgME::ProgressProvider { + class QGpgMEJob : public GpgME::ProgressProvider, public GpgME::PassphraseProvider { public: QGpgMEJob( Kleo::Job * _this, GpgME::Context * context ); @@ -109,4 +110,6 @@ namespace Kleo { /*! \reimp from GpgME::ProgressProvider */ void showProgress( const char * what, int type, int current, int total ); + char * getPassphrase( const char * useridHint, const char * description, + bool previousWasBad, bool & canceled ); protected: On Thursday 15 July 2004 23:17, David Faure wrote: > Applied patch from Marc Mutz which implements a passphrase dialog in KMail, > shown when gpg-agent isn't running. > I adjusted the text of the dialog to explain that > "This dialog will reappear every time the passphrase is needed. > For a more secure solution that also allows caching the passphrase, install > gpg-agent. gpg-agent is part of gnupg-1.9, which you can download from > http://www.gnupg.org/download" [would be nice to make the URL clickable] > > What remains is to tell people how to set up gpg-agent, but that's a bit > too much for a dialog :) > CCMAIL: 85009 bugs kde org This dialog pops up even tho I have gpg-agent running. It also doesn't pop up more than once, so I cant read enc. messages after signing an outgoing one. I only get a "Encrypted data not shown."-message. This is with CVS-HEAD from Jul 16. around 03 CEST. A question: How come there are so many problems with GPG now, it worked perfectly with KMail in KDE-3.2, *with* caching. Why must KMail now use gpg-agent to cache passphrases? > This dialog pops up even tho I have gpg-agent running. It also doesn't pop
> up more than once, so I cant read enc. messages after signing an outgoing
> one. I only get a "Encrypted data not shown."-message. This is with
> CVS-HEAD from Jul 16. around 03 CEST.
I'll add my experience:
I do indeed get the message 'encrypted data not shown' message when trying to
read an encrypted message, without the dialog (but maybe that was because I
already signed before). When I send e-mail I get the dialog each time (so not
only once as you experience) and it works perfect.
On Friday 16 July 2004 10:28, Andreas Joseph Krogh wrote: > This dialog pops up even tho I have gpg-agent running. Strange, I have checked that it doesn't. > It also doesn't pop up more than once Are you sure this is the one that pops up (the one saying "you should install gpg-agent") and not the pineentry-qt dialog from gpg-agent? Sorry for asking, but one of us is confused :) > so I cant read enc. messages after signing an outgoing one. I > only get a "Encrypted data not shown."-message. Reading is.... another problem. It hasn't been ported to gpgme yet. But this seems to indicate that gpg-agent isn't used indeed (sure it's running _and_ available via $GPG_AGENT_INFO?). > A question: How come there are so many problems with GPG now, it worked > perfectly with KMail in KDE-3.2, *with* caching. Why must KMail now use > gpg-agent to cache passphrases? For security reasons. If KMail cached the passphrase itself, someone could find it after e.g. stealing your laptop. gpg-agent's pineentry-qt uses special widgets and secure memory so that this can't happen. On Friday 16 July 2004 10:45, David Faure wrote: > On Friday 16 July 2004 10:28, Andreas Joseph Krogh wrote: > > This dialog pops up even tho I have gpg-agent running. > > Strange, I have checked that it doesn't. > > > It also doesn't pop up more than once > > Are you sure this is the one that pops up (the one saying "you should > install gpg-agent") and not the pineentry-qt dialog from gpg-agent? Sorry > for asking, but one of us is confused :) > > > so I cant read enc. messages after signing an outgoing one. I > > only get a "Encrypted data not shown."-message. > > Reading is.... another problem. It hasn't been ported to gpgme yet. > But this seems to indicate that gpg-agent isn't used indeed (sure it's > running _and_ available via $GPG_AGENT_INFO?). Ops, the problem was that I installed a fresh KDE from CVS and restarted my session. KDE then started from the new startkde-script which didn't have the eval gpg line in it. But gpg-agent was running from the previous session, but that didn't help obviously(maybe because then the $GPG_AGENT_INFO was missing). Another strange thing is that even tho I've typed in my passphrase when reading an encrypted message, KMail still asks me for my passphrase when sending one(signed and/or enc.). Is that because there are 2 different processes which doesn't share som info about the passphrase? Can(will) this be fixed? > > A question: How come there are so many problems with GPG now, it worked > > perfectly with KMail in KDE-3.2, *with* caching. Why must KMail now use > > gpg-agent to cache passphrases? > > For security reasons. If KMail cached the passphrase itself, someone could > find it after e.g. stealing your laptop. gpg-agent's pineentry-qt uses > special widgets and secure memory so that this can't happen. Ok, thanks. On Friday 16 July 2004 11:41, Andreas Joseph Krogh wrote: > KDE then started from the new startkde-script which didn't have the > eval gpg line in it. I strongly suggest to put the gpg-agent line in ~/.kde/env/agents.sh Then it will work even when you reinstall KDE. (Note to other readers: ~/.kde/env is only evaluated with kdebase-3.3-cvs, not with 3.2.x or earlier) > Another strange thing is that even tho I've typed in my passphrase when > reading an encrypted message, KMail still asks me for my passphrase when > sending one(signed and/or enc.). Is that because there are 2 different > processes which doesn't share som info about the passphrase? Can(will) this > be fixed? As I said, the reader window hasn't been ported to gpgme yet... Still waiting for KHZ to do that... But this bug makes it more urgent than I thought, indeed. Op vrijdag 16 juli 2004 11:51, schreef David Faure:
> I strongly suggest to put the gpg-agent line in ~/.kde/env/agents.sh
Is this then executed as root? As a user I cannot start the pgp-agent.
On Friday 16 July 2004 11:57, Tom Albers wrote: > > I strongly suggest to put the gpg-agent line in ~/.kde/env/agents.sh > Is this then executed as root? No this is executed from startkde, i.e. as user. > As a user I cannot start the gpg-agent. Why?? This works fine here. David, I've adjusted some default debian paths to find all the libraries for pgp-agent. That gave me the right $ENV. After adjusting the path to the pinentry-qt binary in the pgp conf I got it to work. Thanks for the answers. Should there be a howto for the kmail-site? I'm willing to write one if this is desirable. > I've adjusted some default debian paths to find all the libraries for pgp-agent. That gave me the right $ENV. > After adjusting the path to the pinentry-qt binary in the pgp conf I got it to work. Thanks for the answers. Great. > Should there be a howto for the kmail-site? I'm willing to write one if this is desirable. Yes, I think this would be a good idea. [I'm currently trying to convince the gpg developers to make this easier (e.g. by packaging gpg-agent separately to increase portability; but OTOH you also need pineentry, and gnupg's dependencies: gpg-error and gcrypt, so this isn't really as easy as a single package). They also talked about making the pineentry thing set up by default, but I think it won't help people using gnupg-1.2.x] I think the best thing to do would be to update http://kmail.kde.org/kmail-pgpmime-howto.html indeed. Hmm, looking at it - it looks pretty correct, except for the "CryptPlug" bit at the end, doesn't it? Yes indeed, it looks very complete, no need for an additional manual, although a missing part is that you need to use your patch patch for certain versions of gnupg. I think that if you put your message in <qt> tags, you can have full html in the dialog.. so: Kleo::PassphraseDialog dlg( "<qt>hey there, click <a href='http://slashdot.org'>me</a></qt>", i18n("Passphrase Dialog") ); or something like that anyway. > Kleo::PassphraseDialog dlg( "<qt>hey there, click <a href='http://slashdot.org'>me</a></qt>", i18n("Passphrase Dialog") );
Yeah that displays a blue link (I did try that), but clicking on it does nothing, one needs a QTextBrowser for that AFAIK :)
Should be OK now. Yes, it is. Thanks! |