This bug was fixed in the package libreoffice - 1:7.0.6-0ubuntu0.20.10.1 --------------- libreoffice (1:7.0.6-0ubuntu0.20.10.1) groovy; urgency=medium
* New upstream release (LP: #1928642) * Update yaru icon style "2021-03-14" * apparmor: Fix signing documents with enforced apparmor * apparmor: Allow one more digit in temp files -- Rico Tzschichholz <ric...@ubuntu.com> Tue, 18 May 2021 11:25:50 +0200 ** Changed in: libreoffice (Ubuntu Groovy) Status: New => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1886092 Title: libreoffice doesn't list gpg private key for a digital signature due to apparmor Status in libreoffice package in Ubuntu: Fix Released Status in libreoffice source package in Focal: Confirmed Status in libreoffice source package in Groovy: Fix Released Status in libreoffice source package in Hirsute: Fix Released Bug description: LibreOffice should be able to digitally sign a document with a GPG private key in the GPG key chain. However, the key is not listed in the list of certificates shown following the menu File - Digital Signatures - Digital Signatures... - Sign Document..., after, e.g., creating and saving a document on LibreOffice Writer. This seems to be because apparmor doesn't allow LibreOffice to communicate with GPG agent. /var/log/syslog shows lines like: Jul 1 15:15:14 misoan kernel: [20238.265212] audit: type=1400 audit(1593652514.311:333): apparmor="DENIED" operation="connect" profile="libreoffice-soffice//gpg" name="/run/user/1001/gnupg/S.gpg- agent" pid=23725 comm="gpg" requested_mask="wr" denied_mask="wr" fsuid=1001 ouid=1001 Locally, I could make LibreOffice show the GPG private key with the following change against /etc/apparmor.d/usr.lib.libreoffice.program.soffice.bin --- apparmor.d.20200702/usr.lib.libreoffice.program.soffice.bin 2019-10-03 10:31:21.000000000 -1000 +++ apparmor.d/usr.lib.libreoffice.program.soffice.bin 2020-07-02 08:59:44.516754728 -1000 @@ -223,6 +223,7 @@ owner @{HOME}/.gnupg/* r, owner @{HOME}/.gnupg/random_seed rk, + owner /{,var/}run/user/*/** rw, } # probably should become a subprofile like gpg above, but then it doesn't Tested with the following packages on Xfce4 $ lsb_release -rd Description: Ubuntu 20.04 LTS Release: 20.04 $ apt-cache policy libreoffice-common | grep Installed Installed: 1:6.4.3-0ubuntu0.20.04.1 $ apt-cache policy gpg gpg-agent | grep -B1 Installed gpg: Installed: 2.2.19-3ubuntu2 -- gpg-agent: Installed: 2.2.19-3ubuntu2 $ apt-cache policy apparmor | grep Installed Installed: 2.13.3-7ubuntu5.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1886092/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp