X2Go Bug report logs - #857
Thunderbird Enigmail fails to access password-protected GPG key in pubapps or single app mode

Full log

Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):

Received: (at submit) by bugs.x2go.org; 27 Apr 2015 03:18:20 +0000
From mikedep333@gmail.com  Mon Apr 27 05:18:12 2015
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM,
	T_DKIM_INVALID autolearn=ham version=3.3.2
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id E037D5DA98
	for <submit@bugs.x2go.org>; Mon, 27 Apr 2015 05:18:11 +0200 (CEST)
Received: by obbeb7 with SMTP id eb7so74079448obb.3
        for <submit@bugs.x2go.org>; Sun, 26 Apr 2015 20:18:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=52kmUGs7EbYFhz6PeYrsiHftdehM5vq0kh/VbwQYT/k=;
        b=MYqsvp/B09GqQa0Mc6JCp+7T9wJZ2/WDffpZQsaBz85vaY86O3uyi/OP0gNM4xKMKh
         oylACnbjmBhu1flHckenG3uUGY8V+ZKANt3kPNC0ly8YcIDcQ8XW1xVAXjk8CGJDRSPY
         aOyj/4o2VsAGDwHP/3D2RgljRcwWxxgd3S7Cf8/orabyshLAtmtaAaZgMmbdd8d9Teks
         QQ5pxnsqhfhRbf5lHB19hV/IBFpq/oUzgN6C8TK73Qtk2Zq4bvSbCySoSg7FjxKAo2pJ
         ZzVm/6hUDIMiFtTTf8uLXq5QuP/JzNp54SCW3XMInCfa23rcwyZVYl/V46m1in42t7pX
         0bHw==
MIME-Version: 1.0
X-Received: by 10.60.78.162 with SMTP id c2mr8340852oex.2.1430104690165; Sun,
 26 Apr 2015 20:18:10 -0700 (PDT)
Received: by 10.202.88.195 with HTTP; Sun, 26 Apr 2015 20:18:10 -0700 (PDT)
Date: Sun, 26 Apr 2015 23:18:10 -0400
Message-ID: <CAMKht8jt87kesS_LOw9mKEWyQOHmW6VO9aU-b13wY_oqWtSmtg@mail.gmail.com>
Subject: Thunderbird Enigmail fails to access password-protected GPG key in
 pubapps or single app mode
From: Michael DePaulo <mikedep333@gmail.com>
To: "submit@bugs.x2go.org" <submit@bugs.x2go.org>
Content-Type: text/plain; charset=UTF-8

Package: x2goserver
Version: 4.0.1.19
Severity: normal

Client: x2goclient 4.0.4.0-2015.04.25-ee11aa4 (nightly build)
Client OS: Windows 10 64-bit build 10049

Server OS: Fedora 21 64-bit with latest updates
Server Desktop Environment: MATE 1.8.2
Thunderbird: 31.6.0-1.fc21
Enigmail version: 1.8.2 (20150416-1748)
Enigmail "About" states: Using gpg executable /usr/bin/gpg2 to encrypt
and decrypt
x2goagent: 3.5.0.31
x2goserver: 4.0.1.19
x2goserver-extensions: 4.0.1.19
x2goserver-fmbindings: 4.0.1.19
x2goserver-xsession: 4.0.1.19

Note: Using Fedora packaging for x2goserver components. Version is:
4.0.1.19-1.fc21
Note: using x2go release build for nx-libs components. Version is:
3.5.0.31-0.0x2go1.1.git20150318.671.main.fc21

For those who do not know, Enigmail is a plugin that adds GPG support
for signing and encryption to Thunderbird.

Description of Problem:

The problem is that when I launch Thunderbird under pubapps mode or
single application mode, Enigmail fails to access my
password-protected private key. So it fails to things decrypt
encrypted emails.

I see error messages like:
enigmail Error - no matching private/secret key found to decrypt
message; click on 'Details' button for more information

When I click on "Eetails" and then "Enigmail Security Info", I see the error:

Error - no matching private/secret key found to decrypt message

gpg: decryption failed: No secret key

However, when I launch Thunderbird under a MATE session, I do not have
this problem. I am prompted for my passphrase for my private key by a
pop-up window, which appears to be the "gcr-prompter" executable. Then
Enigmail is able to access the key.

Investigation I've done so far:

This appears to be related to GPG agent(s).

I was able to produce this bug under a MATE session by unsetting this
environment variable:
GPG_AGENT_INFO=/run/user/40001103/keyring/gpg:0:1
Where 40001103 is my UID.
That file "gpg" is a socket.

Under pubapps mode, I launched a terminal, set that env var, and then
launched Thunderbird, but the problem was still present. However, the
directory /run/user/40001103/keyring did not exist, so the "gpg"
socket under it did not exist.

I figured I should try to determine what process MATE or x2goserver is
starting under a MATE session that enabled Thunderbird to work by
disabling that process for a MATE session.

So I tried disabling these all of these user background applications
(every applications that appeared to be related to keyrings) under
MATE" startup applications", but it still did not cause the problem.
The "keyring" dir still existed, and so did the "gpg" socket
underneath it. And the env var was still set. I do not know what
process is creating these and setting the env var.

Note that I tried disabling all of them at once.

Note I killed any leftover processes from prior sessions too:

Name: Certificate and Key Storage
Command: /usr/bin/gnome-keyring-daemon --start --components=pkcs11
Comment: GNOME Keyring: PKCS#11 Component

Name: GPG Password Agent
Command: /usr/bin/gnome-keyring-daemon --start --components=gpg
Comment: GNOME Keyring: GPG Agent

Name: Secret Storage Service
Command: /usr/bin/gnome-keyring-daemon --start --components=secrets
Comment: GNOME Keyring: Secret Service

Name: SSH Key Agent
Command: /usr/bin/gnome-keyring-daemon --start --components=ssh
Comment: GNOME Keyring: SSH Agent

Send a report that this bug log contains spam.