Bug #15551
Generating a revocation certificate with Enigmail fails
100%
Description
Open thunderbird, open Enigmail>Key Management, select you key pair and open Generate>Revocation Certificate, choose a place to save this certificate.
Enigmail pops up the following error message :
The revocation certificate could not be created.
There is an apparmor DENIED message, I guess related to that, in the logs :
amnesia audit[8253]: AVC apparmor="DENIED" operation="mknod" profile="thunderbird//gpg" name=<Some very long hexadecimal number> pid=8253 comm="gpg2" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
Since it is not possible to generate a revocation certificate with Seahorse, there is no other options for the user than opening a terminal and starting
gpg --generate-revocation <user-id>
Subtasks
Related issues
Blocks Tails - |
Resolved | 2018-02-20 | |
Blocked by Tails - |
Resolved | 2018-05-09 |
History
#1 Updated by goupille 2018-04-22 17:25:59
- Subject changed from geneating a revocation certificate with enigmail fails to Generating a revocation certificate with Enigmail fails
#2 Updated by intrigeri 2018-05-28 16:52:41
- Target version set to Tails_3.8
- Affected tool set to Email Client
#3 Updated by intrigeri 2018-05-28 16:52:58
- blocks
Feature #15139: Core work 2018Q2: Foundations Team added
#4 Updated by intrigeri 2018-06-16 08:14:45
Interestingly, on bugfix/15602-efail the Enigmail setup wizard is able to save a revokation certificate to the default location (~/test
boum.org (0x815EBDF9A8A8A268DDDDA8D2AAEA1140B21F1077) rev.asc@) => I think this is lower priority than I initially thought (the main path we want users to take is already covered and there’s a command-line workaround).
But indeed, trying to do so after the fact fails as goupille reported:
apparmor="DENIED" operation="mknod" profile="thunderbird//gpg" name=2F686F6D652F616D6E657369612F7465737432207465737440626F756D2E6F7267202830784141454131313430423231463130373729207265762E617363 pid=7847 comm="gpg" requested_mask="c" denied_mask="c" fsuid=1000 ouid=1000
I was not asked for the passphrase so I think gpg fails to connect to the agent. I’ve seen these long hex strings before but cannot remember what they’re about and how to fix it => I’ll need to ask help to my upstream AppArmor team-mates.
#5 Updated by intrigeri 2018-06-16 08:28:29
- Target version changed from Tails_3.8 to Tails_3.9
intrigeri wrote:
> I’ve seen these long hex strings before but cannot remember what they’re about and how to fix it => I’ll need to ask help to my upstream AppArmor team-mates.
Done: https://gitlab.com/apparmor/apparmor-profiles/issues/1. I’ll come back to it during next cycle.
#6 Updated by intrigeri 2018-06-16 09:08:19
- Status changed from Confirmed to In Progress
- % Done changed from 0 to 20
Send a MR upstream that fixes this: https://gitlab.com/apparmor/apparmor-profiles/merge_requests/18. Relevant commit is https://gitlab.com/apparmor/apparmor-profiles/merge_requests/18/diffs?commit_id=b5a85063f3a2f087b1838855fbb779ac53381156. IMO it’s not worth spending time on importing this patch on our side, let’s just fix this upstream and let this flow into Tails by way of Debian and then our patched Thunderbird package.
#7 Updated by intrigeri 2018-06-27 07:56:42
- % Done changed from 20 to 50
- Type of work changed from Research to Wait
Merged upstream and imported into src:thunderbird’s Vcs-Git (debian/sid and debian/experimental branches) => we’ll get these changes once the Thunderbird package is updated in Debian and we rebuild our own package of top of it.
#8 Updated by intrigeri 2018-06-27 07:57:13
- blocked by deleted (
)Feature #15139: Core work 2018Q2: Foundations Team
#9 Updated by intrigeri 2018-06-27 07:57:25
- blocks
Feature #15334: Core work 2018Q3: Foundations Team added
#10 Updated by intrigeri 2018-08-08 15:05:08
- blocked by
Feature #15091: Upgrade to Thunderbird 60 added
#11 Updated by intrigeri 2018-08-10 14:15:21
- % Done changed from 50 to 100
- QA Check set to Pass
- Feature Branch set to feature/15091-thunderbird-60
- Type of work changed from Wait to Code
I confirm this is fixed on feature/15091-thunderbird-60.
#12 Updated by intrigeri 2018-08-15 19:20:58
- Status changed from In Progress to Fix committed
- Assignee deleted (
intrigeri)
… at the same time as Feature #15091.
#13 Updated by intrigeri 2018-09-05 16:24:08
- Status changed from Fix committed to Resolved