Your message dated Sun, 25 Sep 2016 08:31:00 +0000 with message-id <[email protected]> and subject line Re: Bug#810855: mutt fails with BAD signature error if pgp_retainable_sigs = yes has caused the Debian Bug report #810855, regarding mutt fails with BAD signature error if pgp_retainable_sigs = yes to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 810855: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810855 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: mutt Version: 1.5.23-3 Severity: normal Dear Maintainer, * What led up to the situation? .. configuring gpg2 to NOT have --no-sig-create-check set (ie, gpg2 verifies each signature right after construction) .. configuring mutt with (lines broken for readability) pgp_retainable_sigs = yes pgp_sign_command = "gpg2 --no-verbose -q --batch -a -t -o - \ --detach-sign %?p?--passphrase-fd 0? \ %?a?-u %a? %f" pgp_encrypt_only_command = "/usr/lib/mutt/pgpewrap gpg2 \ --no-verbose -q --batch -a -t -o - \ -- -r %r -- %f" pgp_verify_command = "gpg2 --no-verbose -q --batch -o - \ --status-fd 2 --verify %s %f" * What exactly did you do (or not do) that was effective (or ineffective)? .. preparing an email .. selecting the recipient's public encryption key from the PGP menu .. selecting (b)oth to the question of PGP/MIME signing and/or encrypting .. entering the password for the private master key that contains the signing key .. giving the [yes] to have the email sent off * What was the outcome of this action? Mutt responding on the terminal (via STDERR, I suppose) with gpg: Signature made Di 12 Jan 2016 01:25:32 CET gpg: using RSA key DEADBEEF gpg: BAD signature from "Name <[email protected]>" [ultimate] Press any key to continue... * What outcome did you expect instead? The progress message that mutt issues on the ncurses UI to tell us it is shipping out an email. *** End of the template - remove these template lines *** Having mutt run in debug mode while doing the above clearly showed that gpg2 is called exactly three times: 1. when listing public encryption keys (pgp_list_pubring_command), 2. when detach-signing the message (pgp_sign_command), and 3. when encrypting it (pgp_encrypt_only_command); nowhere is it invoked to verify something. Performing the detach-signing, encrypting, and verifying sequence with the commands above on the command line does produce the desired result without any "BAD signature" complaints. -- Package-specific info: Mutt 1.5.23 (2014-03-12) Copyright (C) 1996-2009 Michael R. Elkins and others. Mutt comes with ABSOLUTELY NO WARRANTY; for details type `mutt -vv'. Mutt is free software, and you are welcome to redistribute it under certain conditions; type `mutt -vv' for details. System: Linux 3.19.7-apple-mbp4.1-gpt-ext4 (x86_64) ncurses: ncurses 6.0.20151024 (compiled with 5.9) libidn: 1.32 (compiled with 1.29) hcache backend: tokyocabinet 1.4.48 Compiler: Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.9/lto-wrapper Target: x86_64-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Debian 4.9.2-4' --with-bugurl=file:///usr/share/doc/gcc-4.9/README.Bugs --enable-languages=c,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-4.9 --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.9 --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-gnu-unique-object --disable-vtable-verify --enable-plugin --with-system-zlib --disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-4.9-amd64/jre --enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-4.9-amd64 --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-4.9-amd64 --with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --enable-objc-gc --enable-multiarch --with-arch-32=i586 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu Thread model: posix gcc version 4.9.2 (Debian 4.9.2-4) Configure options: '--prefix=/usr' '--sysconfdir=/etc' '--mandir=/usr/share/man' '--with-docdir=/usr/share/doc' '--with-mailpath=/var/mail' '--disable-dependency-tracking' '--enable-compressed' '--enable-debug' '--enable-fcntl' '--enable-hcache' '--enable-gpgme' '--enable-imap' '--enable-smtp' '--enable-pop' '--with-curses' '--with-gnutls' '--with-gss' '--with-idn' '--with-mixmaster' '--with-sasl' '--without-gdbm' '--without-bdb' '--without-qdbm' '--build' 'x86_64-linux-gnu' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2 -I/usr/include/qdbm' Compilation CFLAGS: -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall Compile options: -DOMAIN +DEBUG -HOMESPOOL +USE_SETGID +USE_DOTLOCK +DL_STANDALONE +USE_FCNTL -USE_FLOCK +USE_POP +USE_IMAP +USE_SMTP -USE_SSL_OPENSSL +USE_SSL_GNUTLS +USE_SASL +USE_GSS +HAVE_GETADDRINFO +HAVE_REGCOMP -USE_GNU_REGEX +HAVE_COLOR +HAVE_START_COLOR +HAVE_TYPEAHEAD +HAVE_BKGDSET +HAVE_CURS_SET +HAVE_META +HAVE_RESIZETERM +CRYPT_BACKEND_CLASSIC_PGP +CRYPT_BACKEND_CLASSIC_SMIME +CRYPT_BACKEND_GPGME -EXACT_ADDRESS -SUN_ATTACHMENT +ENABLE_NLS -LOCALES_HACK +COMPRESSED +HAVE_WC_FUNCS +HAVE_LANGINFO_CODESET +HAVE_LANGINFO_YESEXPR +HAVE_ICONV -ICONV_NONTRANS +HAVE_LIBIDN +HAVE_GETSID +USE_HCACHE -ISPELL SENDMAIL="/usr/sbin/sendmail" MAILPATH="/var/mail" PKGDATADIR="/usr/share/mutt" SYSCONFDIR="/etc" EXECSHELL="/bin/sh" MIXMASTER="mixmaster" To contact the developers, please mail to <[email protected]>. To report a bug, please visit http://bugs.mutt.org/. misc/am-maintainer-mode.patch features/ifdef.patch features/xtitles.patch features/trash-folder.patch features/purge-message.patch features/imap_fast_trash.patch features/sensible_browser_position.patch features-old/patch-1.5.4.vk.pgp_verbose_mime.patch features/compressed-folders.patch features/compressed-folders.debian.patch debian-specific/Muttrc.patch debian-specific/Md.etc_mailname_gethostbyname.patch debian-specific/use_usr_bin_editor.patch debian-specific/correct_docdir_in_man_page.patch debian-specific/dont_document_not_present_features.patch debian-specific/document_debian_defaults.patch debian-specific/assumed_charset-compat.patch debian-specific/467432-write_bcc.patch debian-specific/566076-build_doc_adjustments.patch misc/define-pgp_getkeys_command.patch misc/gpg.rc-paths.patch misc/smime.rc.patch misc/fix-configure-test-operator.patch upstream/531430-imapuser.patch upstream/543467-thread-segfault.patch upstream/542817-smimekeys-tmpdir.patch upstream/548577-gpgme-1.2.patch upstream/553321-ansi-escape-segfault.patch upstream/547980-smime_keys-chaining.patch upstream/528233-readonly-open.patch upstream/228671-pipe-mime.patch upstream/383769-score-match.patch upstream/603288-split-fetches.patch upstream/611410-no-implicit_autoview-for-text-html.patch upstream/path_max.patch translations/update_german_translation.patch upstream/771125-CVE-2014-9116-jessie.patch __separator__mutt.org.patch -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.19.7-apple-mbp4.1-gpt-ext4 (SMP w/2 CPU cores; PREEMPT) Locale: LANG=POSIX, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages mutt depends on: ii libassuan0 2.4.2-1 ii libc6 2.19-22 ii libcomerr2 1.42.13-1 ii libgnutls-deb0-28 3.3.15-5 ii libgpg-error0 1.20-1 ii libgpgme11 1.6.0-1 ii libgssapi-krb5-2 1.13.2+dfsg-4 ii libidn11 1.32-3 ii libk5crypto3 1.13.2+dfsg-4 ii libkrb5-3 1.13.2+dfsg-4 ii libncursesw5 6.0+20151024-2 ii libsasl2-2 2.1.26.dfsg1-14 ii libtinfo5 6.0+20151024-2 ii libtokyocabinet9 1.4.48-3 Versions of packages mutt recommends: ii exim4-daemon-light [mail-transport-agent] 4.86-7 ii libsasl2-modules 2.1.26.dfsg1-14 ii locales 2.19-22 ii mime-support 3.59 Versions of packages mutt suggests: pn aspell | ispell <none> ii ca-certificates 20150426 ii gnupg 1.4.19-6 pn mixmaster <none> ii openssl 1.0.2d-1 pn urlview <none> Versions of packages mutt is related to: ii mutt 1.5.23-3 pn mutt-dbg <none> pn mutt-patched <none> -- no debconf information
--- End Message ---
--- Begin Message ---Version: 1.7.0-5 On Tue, Jan 12, 2016 at 09:56:29PM +0100, Christian Böhme wrote: > .. configuring gpg2 to NOT have --no-sig-create-check set > (ie, gpg2 verifies each signature right after construction) > > .. configuring mutt with (lines broken for readability) > > pgp_retainable_sigs = yes > > pgp_sign_command = "gpg2 --no-verbose -q --batch -a -t -o - \ > --detach-sign %?p?--passphrase-fd 0? \ > %?a?-u %a? %f" > pgp_encrypt_only_command = "/usr/lib/mutt/pgpewrap gpg2 \ > --no-verbose -q --batch -a -t -o - \ > -- -r %r -- %f" > pgp_verify_command = "gpg2 --no-verbose -q --batch -o - \ > --status-fd 2 --verify %s %f" > Those commands are now deprecated, starting from 1.7.0-2. I believe this bug is not there anymore, if you still see it with gpgme enabled please let us know.
--- End Message ---

