Upgrading to gnupg-2.0.7 does not work with the squirrelmail GPG plugin. After I enter my password, squirrelmail hangs and I have to press stop and restart apache2 to get it back. Downgrading to gnupg-1.4.7-r1 fixes it.
Which version of the software you are using? How does this product prompt for passphrase? Does it has its own dialog?
I'm using squirrelmail-1.4.10a-r2. It prompts for a passphrase with a small pop-up window containing HTML.
Thanks. I will see if I can come up with a patch until next week.
Created attachment 138697 [details, diff] gpg-2.1-gpg2.diff Oh... I hate php!!!! Maybe this will solve the issue, but... There was a comment in ChangeLog that it should mess something else: * Revision 1.17 2004/03/23 20:58:16 ke * -added cases for subkey revocation interactions * -removed --batch from non-pipe commands, to allow for more operations to function properly But if it works, we can ask upstream for a proper solution. Also, please modify gpg.php::GnuPG::debug to true, so that there would be a debug log to help us know how gpg is run, and attach the output. Please also add the following to ~/.gnupg/gpg.conf: debug-all logger-file /tmp/gpg.log And attach the result. Thanks!
I applied the patch but the problem remains. With debugging I get the following in the browser: Adding homedir to parameter list. *SENSITIVE* Executing action decrypt with GnuPG Object. Using pipes to communicate with gpg. Saving previously set environmental variable LC_ALL=en_US.ISO8859-1 Setting environmental variable LC_ALL=en_US Setting environmental variable LC_LANG=en_US Setting environmental variable LC_LANGUAGE=en_US opengpg - executing "/usr/bin/gpg --batch --command-fd 7 --status-fd 5 --no-tty --yes --openpgp --homedir *SENSITIVE* --decrypt" Resetting environmental variable LC_ALL=en_US.ISO8859-1 proc_open commandline executed, pipes open Data available, sending to gpg: *SENSITIVE* entering writeData Pipe 0 open for writing, checking to see if it would block on write Sending Data!... (913) Data written 913 of 913 Closing Pipe 0 readStatus() Starting read status loop. Checking if read would block on pipes Streams read for reading: 1 Reading Status readStatus: [GNUPG:] ENC_TO *SENSITIVE* 16 0 Starting read status loop. Checking if read would block on pipes Streams read for reading: 1 Reading Status readStatus: [GNUPG:] USERID_HINT *SENSITIVE* Starting read status loop. Checking if read would block on pipes Streams read for reading: 1 Reading Status readStatus: [GNUPG:] NEED_PASSPHRASE *SENSITIVE* Looking for key fingerprint: *SENSITIVE* Couldn't match key! GPG requests passphrase for key *SENSITIVE* setting as active Key Starting read status loop. Checking if read would block on pipes Streams read for reading: 0 Starting read status loop. Checking if read would block on pipes Streams read for reading: 0 Starting read status loop. Checking if read would block on pipes Streams read for reading: 0 Starting read status loop. Checking if read would block on pipes Streams read for reading: 0 Starting read status loop. Checking if read would block on pipes These last three lines are repeated over and over as the browser hangs. /tmp/gpg.log is never created.
Created attachment 138904 [details, diff] gpg-2.1-gpg2.diff Oh... It gets some more complicated. I tried to separate the command-fd and passphrase-fd, but I don't know php so well...
Comment on attachment 138904 [details, diff] gpg-2.1-gpg2.diff Oops
Comment on attachment 138697 [details, diff] gpg-2.1-gpg2.diff Oops
Tried to contact upstream, bugzilla is down and: ----- The following addresses had permanent fatal errors ----- "|/usr/lib/mailman/mail/mailman post gpg" (reason: 1) (expanded from: <gpg@braverock.com>) ----- Transcript of session follows ----- post script, list not found: gpg 554 5.3.0 unknown mailer error 1 Final-Recipient: RFC822; gpg@braverock.com X-Actual-Recipient: X-Unix; |/usr/lib/mailman/mail/mailman post gpg Action: failed Status: 5.0.0 Diagnostic-Code: X-Unix; 1 Last-Attempt-Date: Wed, 19 Dec 2007 13:58:02 -0600
I hate PHP too. Do you know of another webmail client with gpg support?
I was very surprised that gpg integration is done one SERVER side... I expected this to be more like: http://firegpg.tuxfamily.org/ http://richard.jones.name/google-hacks/gmail-smime/gmail-smime.html Maybe one of these tools may be modified to support this webmail too... But crypto operations should be done on client side and not on server side, as keys cannot be transported to server, and unencrypted text cannot be transported either.
OK, are we unable to make this work?
Have you tried attachment#138904 [details, diff]
eradicator: Do you know how to contact upstream?
Alon, I'm going to try your patch ASAP.
I sent an email to the squirrelmail-gpg guys months ago regarding another bug (a security bug IIRC) in their plugin and got no response... I'll try again.
Upstream: > The GPG plugin should be able to work with gnupg-2 by changing the > use_proc_open=true > setting in the gpg_local_prefs.txt file to 'false' > If you could test this and get back to me I would appreciate it. Can anyone check this out?
Testing now.
Not fixed. Problem remains unfortunately.
Alon, how were you able to get ahold of upstream? Can you CC me when you contact them? For some reason, I wasn't getting any response from them. Thanks.
OK. Upstream did not reply to my latest message... :( Modified ebuilds to depend on gnupg-1.4* I hope upstream will resolve this issue... I don't think this product is worth the effort of us fixing it.
Hi, that modifucation caused another problem after sync: merc ~ # emerge -uDalN world These are the packages that would be merged, in order: Calculating world dependencies - !!! Multiple versions within a single package slot have been !!! pulled into the dependency graph: app-crypt/gnupg:0 ('ebuild', '/', 'app-crypt/gnupg-1.4.8-r1', 'merge') pulled in by ('installed', '/', 'mail-client/squirrelmail-1.4.13', 'nomerge') ('installed', '/', 'app-crypt/gnupg-2.0.8', 'nomerge') pulled in by ('installed', '/', 'mail-filter/spamassassin-3.2.4', 'nomerge') It may be possible to solve this problem by using package.mask to prevent one of those packages from being selected. However, it is also possible that conflicting dependencies exist such that they are impossible to satisfy simultaneously. If such a conflict exists in the dependencies of two different packages, then those packages can not be installed simultaneously. For more information, see MASKED PACKAGES section in the emerge man page or refer to the Gentoo Handbook. !!! Depgraph creation failed. I think for it to work gnupg has to be slotted. Please fix again as this breaks currently working systems.
This is due to old bug#1343. You should use package.mask to solve this until this bug is resolved. Having both versions of gnupg around causes too many other problems... If you know some php and would like to help, please checkout attachment#138904 [details, diff], help in fixing it up so it work with gnupg-2. If you send traces, I will glad to help making it work.
We should stop shipping this plugin and be done with it. If someone wants it, they are on their own. It *never* ever worked properly for me even w/ gpg-1.4. I contacted upstream about issues and never heard back from then. And as noted in Comment #11, the design is plain broken.
Yeah, I agree with Jakub. I punted the gpg plugin from revbumps in ~arch.
So...exactly what do we mask so that both squirrelmail and spamassassin work? gnupg-2.0.7? On my system, gnupg-2.0.7 is already installed: ('ebuild', '/', 'app-crypt/gnupg-1.4.7-r1', 'merge') pulled in by ('installed', '/', 'mail-client/squirrelmail-1.4.10a-r2', 'nomerge') ('installed', '/', 'app-crypt/gnupg-2.0.7', 'nomerge') pulled in by ('installed', '/', 'mail-filter/spamassassin-3.2.1-r1', 'nomerge')
You add the following to your /etc/portage/package.mask >=app-crypt/gnupg-2.0.0