claws-mail: seahorse pinentry is blocked #5477
Comments
|
Thank you for opening this ticket. Your use case isn't something we've considered when originally creating the claws-mail profile, so we'll need to do some trial-and-error work to get this covered and functioning properly. It's a bit more complicated than usual for me to test this, due to not having 'real world' PGP-encrypted email traffic at hand. But with your help and some Q&A we'll get there. Looking at the profile the |
|
Thank you for your reply and help! I addend the line above in a .local and the error changed. The original error was "pinentry error" and after adding the line the error switched to (translated) : |
|
Aha, I've seen that error before. Do you |
|
Until now i have not set the environment. After setting GPG_TTY the error changed again to "Error with signature, data signature failed, file or directory not found". $ firejail claws-mail
Reading profile /etc/firejail/claws-mail.profile
Reading profile /etc/firejail/claws-mail.local
Reading profile /etc/firejail/email-common.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-passwdmgr.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/disable-xdg.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-usr-share-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Warning: networking feature is disabled in Firejail configuration file
Parent pid 2437, child pid 2438
Warning: An abstract unix socket for session D-BUS might still be available. Use --net or remove unix from --protocol set.
Blacklist violations are logged to syslog
Child process initialized in 259.92 ms
(claws-mail:4): dbind-WARNING **: 08:36:59.840: Couldn't connect to accessibility bus: Failed to connect to socket /tmp/dbus-Dtw3D1Ma9y: Datei oder Verzeichnis nicht gefunden
** (claws-mail:4): WARNING **: 08:36:59.842: Unable to connect to dbus: Verbindung ist gescheitert: Keine Berechtigung
(claws-mail:4): GLib-GIO-CRITICAL **: 08:37:00.009: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
(claws-mail:4): GLib-GIO-CRITICAL **: 08:37:00.009: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
(claws-mail:4): GLib-GIO-CRITICAL **: 08:37:00.009: g_dbus_connection_get_unique_name: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
(claws-mail:4): GLib-GIO-CRITICAL **: 08:37:00.144: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
(claws-mail:4): GLib-GIO-CRITICAL **: 08:37:00.144: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
(claws-mail:4): GLib-GIO-CRITICAL **: 08:37:00.144: g_dbus_connection_get_unique_name: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
(claws-mail:4): GLib-GIO-CRITICAL **: 08:37:00.145: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
(claws-mail:4): GLib-GIO-CRITICAL **: 08:37:00.145: g_dbus_connection_register_object: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
(claws-mail:4): GLib-GIO-CRITICAL **: 08:37:00.145: g_dbus_connection_get_unique_name: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
(claws-mail:4): Claws-Mail-WARNING **: 08:37:00.493: While connecting to session manager: Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed.
Created directory /home/harry/.bogofilter .
Can't open file 'wordlist.db' in directory '/home/harry/.bogofilter'.
error #2 - No such file or directory.Remember to register some spam and ham messages before you as you can see, there is no prompt in console after closing claws-mail. $ ps -ax | grep firejail
2437 pts/0 S+ 0:00 firejail claws-mail
2438 pts/0 S+ 0:00 firejail claws-mail
2973 pts/1 S+ 0:00 grep firejailEdit by @kmk3: Fix formatting. |
|
(Offtopic) @Xunil73 See the following links for how to format code blocks in markdown: |
Do you have that At the moment I can't come up with a better strategy than trying to comment lines one by one to find the culprit. One thing you might start with is the |
|
I think i have found the solution. Based on your tips, I tried and tried until it finally worked. Annotation: only the entry @glitsj16 many thanks for your help! |
|
@Xunil73 Thanks for digging into this! I've been doing some experimenting with claws-mail too here and have some remarks/pointers. I use a custom GTK2 build with support for the plugins I actually use, so your mileage may vary.
Does that path exist on your machine? It doesn't on my Arch Linux box, so it might not be needed.
If disabling Maybe you can experiment with these, and hopefully keep a tighter sandbox while using these plugins.
Ignoring nonewprivs is not something I like to do. Again, it weakens the sandbox considerably. Try adding I'll keep an eye on this thread so we can add appropriate comments in the relevant profiles for other users who might face this specific problem. IMO it's an important use case we should support 'out of the box'. Thanks again for bringing it to our attention! |
|
ok, thanks for this info! But now i'm really confused, i tried firejail->claws-mail now again with a fresh installed Debian and ArchLinux on an laptop. In both cases all encryption and signing works WITHOUT any workaround on the basic |
|
@Xunil73 Interesting. These things happen, although I cannot explain. Maybe something stale in claws-mail configuration that is now gone. Anyway, I hope it keeps working as expected, in which case we don't need to change our related profiles. I keep checking this encrypting/signing functionality now too as claws-mail is my default mail program on Arch Linux. I'll keep this issue open for now though, just in case. |
Relates to netblue30#5477.
|
I also get: Is there a workaround currently? It works without firejail. Debug logs: Adding the following does not help: |
If you're on Firejail 0.9.72 the following options are already present (either in claws-mail.profile or email-common.profile): whitelist ${RUNUSER}/gnupg Also, 'dbus-user none' isn't used, so ignoring it won't do anything useful. Assuming you have it working on a non-firejailed claws-mail, what you can try is disabling dbus-user filter, to rule out if what you're seeing is indeed D-Bus related: |
|
That works. Thanks for the help! |
kmk3
changed the title
I use claws-mail with the PGP/core PGP/inline and PGP/mime plugins. To pass the pinentry password prompt of the keys i use the "remember password" function of seahorse and the option "use gpg-agent" of claws-mail. The standard firejail profile for claws-mail blocks the pinentry function.
I searched all .profiles for entries like "pinentry" and found things like:
/etc/firejail/psi.profile:# Add "gpg,gpg2,gpg-agent,pinentry-curses,pinentry-emacs,pinentry-fltk,pinentry-gnome3,pinentry-gtk,pinentry-gtk2,pinentry-gtk-2,pinentry-qt,pinentry-qt4,pinentry-tty,pinentry-x2go,pinentry-kwallet" for GPG...i guess this is the right way to force claws-mail.profile to accept a pinentry function but i wasn't able to implement it to the profile, i don't know how to enable this.
Is there a way to solve this?
The text was updated successfully, but these errors were encountered: