Your message dated Sun, 25 Sep 2016 08:31:00 +0000
with message-id <[email protected]>
and subject line Re: Bug#810855: mutt fails with BAD signature error if 
pgp_retainable_sigs = yes
has caused the Debian Bug report #810855,
regarding mutt fails with BAD signature error if pgp_retainable_sigs = yes
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
810855: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810855
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: mutt
Version: 1.5.23-3
Severity: normal

Dear Maintainer,

   * What led up to the situation?

.. configuring gpg2 to NOT have --no-sig-create-check set
  (ie, gpg2 verifies each signature right after construction)

.. configuring mutt with (lines broken for readability)

    pgp_retainable_sigs = yes

    pgp_sign_command = "gpg2 --no-verbose -q --batch -a -t -o - \
                        --detach-sign %?p?--passphrase-fd 0? \
                        %?a?-u %a? %f"
    pgp_encrypt_only_command = "/usr/lib/mutt/pgpewrap gpg2 \
                                --no-verbose -q --batch -a -t -o - \
                                -- -r %r -- %f"
    pgp_verify_command = "gpg2 --no-verbose -q --batch -o - \
                          --status-fd 2 --verify %s %f"

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

.. preparing an email
.. selecting the recipient's public encryption key from the PGP menu
.. selecting (b)oth to the question of PGP/MIME signing and/or encrypting
.. entering the password for the private master key that contains the
  signing key
.. giving the [yes] to have the email sent off

   * What was the outcome of this action?

Mutt responding on the terminal (via STDERR, I suppose) with

gpg: Signature made Di 12 Jan 2016 01:25:32 CET
gpg:                using RSA key DEADBEEF
gpg: BAD signature from "Name <[email protected]>" [ultimate]
Press any key to continue...

   * What outcome did you expect instead?

The progress message that mutt issues on the ncurses UI to tell us it
is shipping out an email.

*** End of the template - remove these template lines ***

Having mutt run in debug mode while doing the above clearly showed that
gpg2 is called exactly three times:

  1. when listing public encryption keys (pgp_list_pubring_command),
  2. when detach-signing the message (pgp_sign_command), and
  3. when encrypting it (pgp_encrypt_only_command);

nowhere is it invoked to verify something.

Performing the detach-signing, encrypting, and verifying sequence
with the commands above on the command line does produce the desired
result without any "BAD signature" complaints.


-- Package-specific info:
Mutt 1.5.23 (2014-03-12)
Copyright (C) 1996-2009 Michael R. Elkins and others.
Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'.
Mutt is free software, and you are welcome to redistribute it
under certain conditions; type `mutt -vv' for details.

System: Linux 3.19.7-apple-mbp4.1-gpt-ext4 (x86_64)
ncurses: ncurses 6.0.20151024 (compiled with 5.9)
libidn: 1.32 (compiled with 1.29)
hcache backend: tokyocabinet 1.4.48

Compiler:
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.9/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 4.9.2-4' 
--with-bugurl=file:///usr/share/doc/gcc-4.9/README.Bugs 
--enable-languages=c,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr 
--program-suffix=-4.9 --enable-shared --enable-linker-build-id 
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix 
--with-gxx-include-dir=/usr/include/c++/4.9 --libdir=/usr/lib --enable-nls 
--with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug 
--enable-libstdcxx-time=yes --enable-gnu-unique-object --disable-vtable-verify 
--enable-plugin --with-system-zlib --disable-browser-plugin 
--enable-java-awt=gtk --enable-gtk-cairo 
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-4.9-amd64/jre --enable-java-home 
--with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-4.9-amd64 
--with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-4.9-amd64 
--with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar 
--enable-objc-gc --enable-multiarch --with-arch-32=i586 --with-abi=m64 
 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic 
--enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu 
--target=x86_64-linux-gnu
Thread model: posix
gcc version 4.9.2 (Debian 4.9.2-4) 

Configure options: '--prefix=/usr' '--sysconfdir=/etc' 
'--mandir=/usr/share/man' '--with-docdir=/usr/share/doc' 
'--with-mailpath=/var/mail' '--disable-dependency-tracking' 
'--enable-compressed' '--enable-debug' '--enable-fcntl' '--enable-hcache' 
'--enable-gpgme' '--enable-imap' '--enable-smtp' '--enable-pop' '--with-curses' 
'--with-gnutls' '--with-gss' '--with-idn' '--with-mixmaster' '--with-sasl' 
'--without-gdbm' '--without-bdb' '--without-qdbm' '--build' 'x86_64-linux-gnu' 
'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fstack-protector-strong -Wformat 
-Werror=format-security -Wall' 'LDFLAGS=-Wl,-z,relro' 
'CPPFLAGS=-D_FORTIFY_SOURCE=2 -I/usr/include/qdbm'

Compilation CFLAGS: -g -O2 -fstack-protector-strong -Wformat 
-Werror=format-security -Wall

Compile options:
-DOMAIN
+DEBUG
-HOMESPOOL  +USE_SETGID  +USE_DOTLOCK  +DL_STANDALONE  +USE_FCNTL  -USE_FLOCK   
+USE_POP  +USE_IMAP  +USE_SMTP  
-USE_SSL_OPENSSL  +USE_SSL_GNUTLS  +USE_SASL  +USE_GSS  +HAVE_GETADDRINFO  
+HAVE_REGCOMP  -USE_GNU_REGEX  
+HAVE_COLOR  +HAVE_START_COLOR  +HAVE_TYPEAHEAD  +HAVE_BKGDSET  
+HAVE_CURS_SET  +HAVE_META  +HAVE_RESIZETERM  
+CRYPT_BACKEND_CLASSIC_PGP  +CRYPT_BACKEND_CLASSIC_SMIME  +CRYPT_BACKEND_GPGME  
-EXACT_ADDRESS  -SUN_ATTACHMENT  
+ENABLE_NLS  -LOCALES_HACK  +COMPRESSED  +HAVE_WC_FUNCS  +HAVE_LANGINFO_CODESET 
 +HAVE_LANGINFO_YESEXPR  
+HAVE_ICONV  -ICONV_NONTRANS  +HAVE_LIBIDN  +HAVE_GETSID  +USE_HCACHE  
-ISPELL
SENDMAIL="/usr/sbin/sendmail"
MAILPATH="/var/mail"
PKGDATADIR="/usr/share/mutt"
SYSCONFDIR="/etc"
EXECSHELL="/bin/sh"
MIXMASTER="mixmaster"
To contact the developers, please mail to <[email protected]>.
To report a bug, please visit http://bugs.mutt.org/.

misc/am-maintainer-mode.patch
features/ifdef.patch
features/xtitles.patch
features/trash-folder.patch
features/purge-message.patch
features/imap_fast_trash.patch
features/sensible_browser_position.patch
features-old/patch-1.5.4.vk.pgp_verbose_mime.patch
features/compressed-folders.patch
features/compressed-folders.debian.patch
debian-specific/Muttrc.patch
debian-specific/Md.etc_mailname_gethostbyname.patch
debian-specific/use_usr_bin_editor.patch
debian-specific/correct_docdir_in_man_page.patch
debian-specific/dont_document_not_present_features.patch
debian-specific/document_debian_defaults.patch
debian-specific/assumed_charset-compat.patch
debian-specific/467432-write_bcc.patch
debian-specific/566076-build_doc_adjustments.patch
misc/define-pgp_getkeys_command.patch
misc/gpg.rc-paths.patch
misc/smime.rc.patch
misc/fix-configure-test-operator.patch
upstream/531430-imapuser.patch
upstream/543467-thread-segfault.patch
upstream/542817-smimekeys-tmpdir.patch
upstream/548577-gpgme-1.2.patch
upstream/553321-ansi-escape-segfault.patch
upstream/547980-smime_keys-chaining.patch
upstream/528233-readonly-open.patch
upstream/228671-pipe-mime.patch
upstream/383769-score-match.patch
upstream/603288-split-fetches.patch
upstream/611410-no-implicit_autoview-for-text-html.patch
upstream/path_max.patch
translations/update_german_translation.patch
upstream/771125-CVE-2014-9116-jessie.patch
__separator__mutt.org.patch

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.19.7-apple-mbp4.1-gpt-ext4 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=POSIX, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages mutt depends on:
ii  libassuan0         2.4.2-1
ii  libc6              2.19-22
ii  libcomerr2         1.42.13-1
ii  libgnutls-deb0-28  3.3.15-5
ii  libgpg-error0      1.20-1
ii  libgpgme11         1.6.0-1
ii  libgssapi-krb5-2   1.13.2+dfsg-4
ii  libidn11           1.32-3
ii  libk5crypto3       1.13.2+dfsg-4
ii  libkrb5-3          1.13.2+dfsg-4
ii  libncursesw5       6.0+20151024-2
ii  libsasl2-2         2.1.26.dfsg1-14
ii  libtinfo5          6.0+20151024-2
ii  libtokyocabinet9   1.4.48-3

Versions of packages mutt recommends:
ii  exim4-daemon-light [mail-transport-agent]  4.86-7
ii  libsasl2-modules                           2.1.26.dfsg1-14
ii  locales                                    2.19-22
ii  mime-support                               3.59

Versions of packages mutt suggests:
pn  aspell | ispell  <none>
ii  ca-certificates  20150426
ii  gnupg            1.4.19-6
pn  mixmaster        <none>
ii  openssl          1.0.2d-1
pn  urlview          <none>

Versions of packages mutt is related to:
ii  mutt          1.5.23-3
pn  mutt-dbg      <none>
pn  mutt-patched  <none>

-- no debconf information

--- End Message ---
--- Begin Message ---
Version: 1.7.0-5

On Tue, Jan 12, 2016 at 09:56:29PM +0100, Christian Böhme wrote:
> .. configuring gpg2 to NOT have --no-sig-create-check set
>   (ie, gpg2 verifies each signature right after construction)
> 
> .. configuring mutt with (lines broken for readability)
> 
>     pgp_retainable_sigs = yes
> 
>     pgp_sign_command = "gpg2 --no-verbose -q --batch -a -t -o - \
>                         --detach-sign %?p?--passphrase-fd 0? \
>                         %?a?-u %a? %f"
>     pgp_encrypt_only_command = "/usr/lib/mutt/pgpewrap gpg2 \
>                                 --no-verbose -q --batch -a -t -o - \
>                                 -- -r %r -- %f"
>     pgp_verify_command = "gpg2 --no-verbose -q --batch -o - \
>                           --status-fd 2 --verify %s %f"
> 

Those commands are now deprecated, starting from 1.7.0-2.
I believe this bug is not there anymore, if you still see it with gpgme enabled
please let us know.

--- End Message ---

Reply via email to