Bug #15213

Tails signing key can't be imported from Seahorse with the default key files filter

Added by goupille 2018-01-22 15:33:55 . Updated 2019-05-06 18:15:40 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Installation
Target version:
Start date:
2018-01-22
Due date:
% Done:

100%

Feature Branch:
bugfix/15213-signing-key-cant-be-imported-from-seahorse+force-all-tests
Type of work:
Code
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

Tails signing key as we propose to download it (https://tails.boum.org/tails-signing.key) can’t be imported in Seahorse without changing its extension to “.asc”

It seems to be a Seahorse issue (same behavior in Debian Sid), since .key is supposed to be a valid mime type.


Subtasks


Related issues

Related to Tails - Bug #10889: shared-mime-info associates .key files with LibreOffice Writer in GNOME Files Resolved 2016-01-09
Related to Tails - Bug #10571: The 'application/pgp-keys' MIME type has bad application associations Resolved 2015-11-17
Blocks Tails - Feature #16209: Core work: Foundations Team Confirmed

History

#1 Updated by intrigeri 2018-02-08 07:47:12

  • related to Bug #10889: shared-mime-info associates .key files with LibreOffice Writer in GNOME Files added

#2 Updated by intrigeri 2018-02-08 07:47:16

  • related to Bug #10571: The 'application/pgp-keys' MIME type has bad application associations added

#3 Updated by intrigeri 2018-02-08 07:55:26

  • Assignee changed from intrigeri to goupille
  • Target version set to Tails_3.6
  • QA Check set to Info Needed

This seems to be the same as Bug #10571 and Bug #10889 and the current status is:

  • this works fine for me in Tails 3.5 (thanks to the fix we applied 2 years ago in config/chroot_local-includes/etc/skel/.local/share/applications/mimeapps.list); goupille, can you reproduce this problem on Tails?
  • no update on the upstream bug (https://bugs.freedesktop.org/show_bug.cgi?id=93656) which explains why the problem still exists outside of Tails.

Now, I suspect our reasons for using the .key extension are obsolete: IIRC we did that so the web server would set the correct MIME type, so when clicking on the link the user would be proposed to import the key with seahorse-tool:

  • in current Tails this is irrelevant as we never propose the user to open files downloaded with Tor Browser using an external app
  • on current Debian sid, Chromium proposes me to save the key to disk, not to open it
  • on current Debian sid, Firefox proposes me to open the key with “Import key” (i.e. seahorse-tool)
  • I didn’t test with Tor Browser in a less constrained environment, where opening downloads with an external app is allowed.

Once goupille confirms this bug does not affect current Tails, let’s reassign to our tech writers so they can test what happens if we renamed the file to .asc and decide what to do. Another option could be to configure the web server to force the correct MIME type for these files, regardless of their extension; I don’t know if this will override the file association used by Chromium, Firefox or Tor Browser outside of Tails.

#4 Updated by intrigeri 2018-02-08 07:55:37

  • Category set to Installation

#5 Updated by goupille 2018-02-08 13:00:20

With tails 3.5, in a sense, I’m still affected by this bug : in nautilus the file is seen as a libreoffice file, and when I open seahorse>file>import the file is not listed by default. I need to switch “All key files” to “All files” to see it, then I can import it. I think it was the case also with previous versions.

so the signing key can be imported into seahorse, but not as easily as it should imo.

anonym told me that the .key extension was maybe chosen over .asc to make it explicit it was not a signature file.

#6 Updated by goupille 2018-02-08 13:01:01

  • Assignee changed from goupille to sajolida
  • QA Check deleted (Info Needed)

#7 Updated by sajolida 2018-03-13 13:08:17

  • Target version changed from Tails_3.6 to Tails_3.7

#8 Updated by sajolida 2018-05-04 18:43:18

  • Assignee changed from sajolida to intrigeri
  • QA Check set to Info Needed

Adding to what goupille described: in Tails tails-signing.key is displayed as a LibreOffice presentation but, when I double-click on it, it gets imported by Seahorse. Still, I confirm that it is not listed in Seahorse when doing File → Import…

I think the “.key” extension was chosen to both explicit that the file is a key (with GnuPG “.asc” can mean pretty much anything). Maybe also to help our web server assigning to correct MIME/Type.

Shall I switch to using “.asc”?

#9 Updated by intrigeri 2018-05-05 13:24:02

  • Target version changed from Tails_3.7 to Tails_3.8

#10 Updated by intrigeri 2018-05-07 12:18:23

  • Subject changed from Tails signing key can't be imported into Seahorse to Tails signing key can't be imported from Seahorse with the default key files filter
  • Target version changed from Tails_3.8 to Tails_3.9
  • QA Check deleted (Info Needed)
  • Type of work changed from Research to Communicate

sajolida wrote:
> Still, I confirm that it is not listed in Seahorse when doing File → Import…

FTR this is because of https://bugs.freedesktop.org/show_bug.cgi?id=93656 that I’ve mentioned above (corresponding Seahorse source code. A patch was proposed upstream a month ago. I’ve juste pinged on the bug report.

> I think the “.key” extension was chosen to both explicit that the file is a key (with GnuPG “.asc” can mean pretty much anything).

Indeed.

> Shall I switch to using “.asc”?

tl;dr: not yet (and hopefully never).

It’s not obvious to me that the usability improvement we would get from this change compensates the usability regression it would cause. Regardless, given there’s a patch proposed upstream that fixes the root cause of this problem, I’d rather work on fixing that root cause there instead of seeing us spend time on workarounds that might become unneeded in a year (and then if we keep these workarounds in place, we’ll still have the usability regression but it won’t be justified anymore with another improvement).

#11 Updated by intrigeri 2018-06-27 08:01:41

#12 Updated by intrigeri 2018-06-27 08:02:15

  • Type of work changed from Communicate to Code

Upstream has reviewed the patch and requested changes. The author of the patch proposed upstream wrote “I’m probably not going to follow up beyond this”. So let’s take it over and try to get the patch into a shape that can be applied upstream, released and packaged in time for the Buster freeze. This is a good candidate for our new FT members so let’s reassign it during our meeting tomorrow.

#13 Updated by intrigeri 2018-06-28 16:53:00

  • Assignee deleted (intrigeri)

I’ll assign it to the next FT member who asks for more work before our next meeting.

#14 Updated by intrigeri 2018-07-27 09:23:25

  • Assignee set to lamby
  • Estimated time set to 2 h

#16 Updated by intrigeri 2018-07-27 12:45:48

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 20

#17 Updated by lamby 2018-08-03 00:34:15

Pinged upstream bug.

#19 Updated by lamby 2018-08-17 14:30:40

  • Assignee changed from lamby to intrigeri

After a ping earlier today, this was just marked as “WONTFIX”:

https://bugzilla.gnome.org/show_bug.cgi?id=784738#c3

Advice on how to proceed?

#20 Updated by intrigeri 2018-08-17 15:47:52

  • Assignee changed from intrigeri to lamby

> After a ping earlier today, this was just marked as “WONTFIX”:

> https://bugzilla.gnome.org/show_bug.cgi?id=784738#c3

Wrong URL or wrong ticket?

#21 Updated by lamby 2018-08-17 15:59:43

Wrong ticket! I pinged another tails-related bug on freedesktop.org a few hours ago and, when this one came through, I naturally assumed it was this one.. especially after receiving no response for weeks…

To clarify, https://bugs.freedesktop.org/show_bug.cgi?id=93656#c7 remains the latest status (keeping hold of this one)

#22 Updated by intrigeri 2018-08-17 16:29:46

OK!

(Wrt. GConf we don’t care much, we’ve removed it from Tails.)

#23 Updated by intrigeri 2018-09-05 16:27:00

  • Target version changed from Tails_3.9 to Tails_3.10.1

#24 Updated by intrigeri 2018-10-08 13:58:59

  • blocked by deleted (Feature #15334: Core work 2018Q3: Foundations Team)

#25 Updated by intrigeri 2018-10-08 13:59:02

#26 Updated by lamby 2018-10-18 20:41:17

This was recently “closed” upstream due to freedesktop.org moving to GitLab. I have thus re-created the patch and submitted a merge request:

https://gitlab.freedesktop.org/xdg/shared-mime-info/merge_requests/5

Enjoy.

#28 Updated by lamby 2018-10-20 00:52:20

This has now been merged upstream:

https://gitlab.freedesktop.org/xdg/shared-mime-info/merge_requests/5#note_51542

I will request a release in ~10 days.

#29 Updated by intrigeri 2018-10-21 08:44:31

  • Target version changed from Tails_3.10.1 to Tails_4.0

> This has now been merged upstream:

\o/

Given Buster is getting close on the horizon, nobody ever reported this bug in Debian, and it affects only a small minority of our users, IMO it’s not worth us proposing this as a Stretch update or even patching shared-mime-info in Tails. So I think the best course of action is:

  1. Get this released upstream (which you’re already on :)
  2. Ensure this is released with Buster
  3. Drop the corresponding workarounds in config/chroot_local-includes/etc/skel/.local/share/applications/mimeapps.list on our feature/buster branch.

#32 Updated by lamby 2018-11-12 08:51:53

Upstream say they don’t have time to do a release: https://gitlab.freedesktop.org/xdg/shared-mime-info/merge_requests/5#note_76365

I’ve therefore filed it in Debian here: https://bugs.debian.org/913550

#33 Updated by lamby 2018-12-10 16:40:56

I’ve pinged the Debian bug: https://bugs.debian.org/913550#19

#34 Updated by lamby 2019-01-04 12:24:23

Pinged Debian bug, offering to do an upload: https://bugs.debian.org/913550#24

Also:

#35 Updated by intrigeri 2019-01-04 15:03:26

#36 Updated by intrigeri 2019-01-04 15:04:16

  • blocked by deleted (Feature #15506: Core work 2018Q4: Foundations Team)

#37 Updated by intrigeri 2019-01-19 13:36:29

  • Estimated time changed from 2 h to 0 h

Removing what’s been accounted for in 2018Q4.

#38 Updated by intrigeri 2019-03-12 16:11:06

#39 Updated by intrigeri 2019-03-12 16:11:09

  • blocked by deleted (Feature #15507: Core work 2019Q1: Foundations Team)

#40 Updated by intrigeri 2019-04-02 15:25:46

  • Target version changed from Tails_4.0 to Tails_3.14

It’s almost the last minute to get this fixed in Buster proper. If that doesn’t work, let’s apply the patch on our side.

#41 Updated by intrigeri 2019-04-05 13:06:34

  • Assignee deleted (lamby)

Let’s apply the patch!

#42 Updated by segfault 2019-04-20 08:10:35

  • Assignee set to segfault
  • % Done changed from 20 to 50

I applied the patch. After building and testing, I noticed that we also have to update the mime-info cache after applying the patch. Pushed another commit for that, now building and testing again.

#43 Updated by segfault 2019-04-20 09:14:32

  • Assignee deleted (segfault)
  • % Done changed from 50 to 60
  • QA Check set to Ready for QA
  • Feature Branch set to bugfix/15213-signing-key-cant-be-imported-from-seahorse

In an image built from the feature branch, when I download the tails-signing.key:

  • In Nautilus, it has as an icon like a text file
  • On double click, it is opened via seahorse (but the import fails because it’s already imported)
  • It is shown in the seahorse “Import Key” file chooser dialog

I think that’s all the expected behavior, so marking for ready for QA.

#44 Updated by segfault 2019-04-20 09:16:14

(We still have to wait for and check Jenkins test results)

#45 Updated by segfault 2019-04-20 23:16:49

  • Feature Branch changed from bugfix/15213-signing-key-cant-be-imported-from-seahorse to bugfix/15213-signing-key-cant-be-imported-from-seahorse+force-all-tests

segfault wrote:
> (We still have to wait for and check Jenkins test results)

The PGP related scenarios were not run, retrying with +force-all-tests

#46 Updated by intrigeri 2019-04-26 11:40:53

  • Assignee set to intrigeri

#47 Updated by intrigeri 2019-04-26 11:48:29

Code review passes, will build & give it a try.

#48 Updated by intrigeri 2019-04-26 12:32:20

  • QA Check changed from Ready for QA to Pass

segfault wrote:
> In an image built from the feature branch, when I download the tails-signing.key:
>
> * In Nautilus, it has as an icon like a text file

Confirmed.

> * On double click, it is opened via seahorse (but the import fails because it’s already imported)

The import also fails after deleting the key from the keyring: I see a notification that says “keys were found but not imported”. And indeed the key is not in the keyring. Same if I run seahorse-tool --import tails-signing.key by hand so I think that’s another issue, revealed by fixing the problem this ticket is about. Same when trying to import my own key so it’s not specific to the Tails signing key. I’m not going to bother trying to reproduce on sid nor ensuring this is known upstream: Seahorse is basically unmaintained and I doubt this will lead anywhere.

> * It is shown in the seahorse “Import Key” file chooser dialog

Confirmed, works fine.

Will merge!

#49 Updated by intrigeri 2019-04-26 12:32:49

  • Status changed from In Progress to Fix committed
  • % Done changed from 60 to 100

Applied in changeset commit:tails|90ffe6251c5b1b5c54e35a8412419381a829ee3f.

#50 Updated by intrigeri 2019-04-26 12:33:27

  • Assignee deleted (intrigeri)

#51 Updated by intrigeri 2019-04-28 09:18:05

@segfault, it would be sweet if you merged devel into feature/buster and made this new patch apply cleanly at build time: it currently makes feature/buster FTBFS. Feel free to push the resulting fix straight to feature/buster. Thanks in advance!

#52 Updated by segfault 2019-04-28 15:34:16

  • Status changed from Fix committed to In Progress

Applied in changeset commit:tails|56bb74277b790ad6b98dbb83e5702a0dc4a2981e.

#53 Updated by segfault 2019-04-28 15:34:51

  • Status changed from In Progress to Fix committed

intrigeri wrote:
> @segfault, it would be sweet if you merged devel into feature/buster and made this new patch apply cleanly at build time: it currently makes feature/buster FTBFS. Feel free to push the resulting fix straight to feature/buster. Thanks in advance!

Done

#54 Updated by intrigeri 2019-05-05 08:23:57

  • Target version changed from Tails_3.14 to Tails_3.13.2

#55 Updated by anonym 2019-05-06 15:00:46

  • Status changed from Fix committed to Resolved

#56 Updated by anonym 2019-05-06 15:03:15

  • Target version changed from Tails_3.13.2 to Tails_3.14

#57 Updated by intrigeri 2019-05-06 18:15:40

  • Target version changed from Tails_3.14 to Tails_3.13.2