This also breaks GPA ( https://bugs.launchpad.net/ubuntu/+source/gpa/+bug/1381926 ) and S/MIME support in Kontact.
It has required that there is a section about this in the GnuPG Wiki ( http://wiki.gnupg.org/PlatformNotes ). And related problems are regularly raised on the gnupg-users mailing list. There was a thread on the gnupg-devel mailing list involving the gnome- keyring maintainer that shows some standpoints of this problem: http://lists.gnupg.org/pipermail/gnupg-devel/2014-August/028690.html Imho it is an Ubuntu problem and not an Upstream problem. Ubuntu decides to create: /etc/xdg/autostart/gnome-keyring-gpg.desktop And thus deliberately breaks gnupg2 by default. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu. https://bugs.launchpad.net/bugs/884856 Title: gnome-keyring integration breaks some GPG functions Status in GNOME keyring services: New Status in “gnome-keyring” package in Ubuntu: Confirmed Bug description: In recent Ubuntu releases (not sure how far back, but at least Oneiric) gnome-keyring offers gpg-agent integration and is enabled by default. The gpg-agent protocol implementation of gnome-keyring is very incomplete and hence breaks at least the smartcard functions of gpg and most functions of gpgsm. Steps to reproduce (smartcard): 1. Acquire a smartcard reader, an OpenPGP smartcard and install pcsc-lite 2. Start a normal new Ubuntu desktop session 3. strace gpg --card-status Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 3 connect(3, {sa_family=AF_FILE, path="/tmp/keyring-p6oNWL/gpg"}, 25) = 0 ... write(3, "SCD SERIALNO openpgp", 20) = 20 write(3, "\n", 1) = 1 read(3, "ERR 103 unknown command\n", 1002) = 24 ... The printout on stdout is selecting openpgp failed: unknown command OpenPGP card not available: general error Expected results: The agent should know the SCD command and act accordingly. Steps to reproduce(gpgsm): 1. Migrate from an old installation that includes X.509 certificates and private keys in gpgsm. 2. strace gpgsm -K Actual results: ... socket(PF_FILE, SOCK_STREAM, 0) = 4 connect(4, {sa_family=AF_FILE, path="/tmp/keyring-p6oNWL/gpg"}, 25) = 0 ... write(4, "HAVEKEY 62B64B58FF1BD7E0B48FE51A"..., 48) = 48 write(4, "\n", 1) = 1 read(4, "ERR 103 unknown command\n", 1002) = 24 ... Expected results: The agent should know the HAVEKEY command and act accordingly. Due to the way the gnome-keyring is activated in recent releases no easy workaround is possible. Removing the GPG_AGENT_INFO environment variable makes the individual examples work (they will just start their own agent if necessary), but that's not possible (and certainly not configurable) on a system level. gnome-keyring-daemon allows in principle to deactivate the faulty gpg module (there is a command line option --components that accepts a list of any combination of pkcs11,secrets,ssh,gpg). But currently the gnome-keyring-daemon is started through the pam_gnome_keyring.so PAM module which uses a hard-coded command line ("--daemonize --login"). Steps to resolve this problem: At least a) disable the gpg gnome-keyring module by default in the PAM module, and/or b) make the command line options that the module uses user configurable. Or c) extend gnome-keyring with all the missing functionality (and play a constant game of catch-up), or d) leave gpg-agent operations to the gpg-agent and try to solve whatever problem the gnome-keyring gpg-agent emulation was meant to solve in another manner. ProblemType: Bug DistroRelease: Ubuntu 11.10 Package: gnome-keyring 3.2.1-0ubuntu1 ProcVersionSignature: Ubuntu 3.0.0-12.20-generic 3.0.4 Uname: Linux 3.0.0-12-generic x86_64 ApportVersion: 1.23-0ubuntu3 Architecture: amd64 Date: Mon Oct 31 05:41:24 2011 InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007) ProcEnviron: LANGUAGE=en_GB:en PATH=(custom, no user) LANG=de_DE.utf8 SHELL=/bin/bash SourcePackage: gnome-keyring UpgradeStatus: Upgraded to oneiric on 2011-10-14 (17 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/gnome-keyring/+bug/884856/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
