Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 777678 - mail-client/claws-mail-3.17.8: When decrypting mails it searches for /usr/bin/pinentry-gtk-2 which was removed from gentoo
Summary: mail-client/claws-mail-3.17.8: When decrypting mails it searches for /usr/bin...
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Bernard Cafarelli
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-03-22 09:11 UTC by Uwe Scholz
Modified: 2022-07-10 18:41 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Output of my local "emerge --info mail-client/claws-mail" command (claws-mail-emerge-info.txt,7.34 KB, text/plain)
2021-03-22 10:44 UTC, Uwe Scholz
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Uwe Scholz 2021-03-22 09:11:56 UTC
As stated in a gentoo-user list email, pinentry-gtk-2 is missing since some months[*]. The binary was located under /usr/bin/pinentry-gtk-2.

This causes claws-mail to be unable to decrypt gpg-encrypted emails. A look into the claws-mail logs when clicking on an encrypted emails shows this:

messageview.c:1400:decrypting message part
sgpgme.c:469:data 0x7ffc6431b2f0 (11068 7632)
prefs_gpg.c:671:Can't disable gpg agent (no GPG_AGENT_INFO)
sgpgme.c:509:can't decrypt (No pinentry)
pgpmime.c:343:plain is null!

This results in being unable to read the encrypted email in claws-mail. A workaround for me was to create a symlink from pinentry-gnome3 to pinentry-gtk-2 via "ln -s /usr/bin/pinentry-gnome3 /usr/bin/pinentry-gtk-2"

After doing that, when clicking on an encrypted email in claws-mail, a popup opened where I could enter my gpg-key password and I could read the decrypted email.


[*] https://www.mail-archive.com/gentoo-user@lists.gentoo.org/msg184481.html

Reproducible: Always

Steps to Reproduce:
1. Install app-crypt/gnupg, mail-client/claws-mail (+pgp), app-crypt/pinentry (+gtk) and app-crypt/gcr (+gtk)
2. Open claws-mail, configure it correctly to decrypt emails via gpg
3. Click on an encrypted email
Actual Results:  
A warning shows up in the mail window above the email text, saying "Couldn't decrypt: No pinentry"

Expected Results:  
A popup should open up asking me to enter my gpg-key password.

Doing a 

"ln -s /usr/bin/pinentry-gnome3 /usr/bin/pinentry-gtk-2"

as root, a popup shows up when clicking on an encrypted email where I can enter my gpg-key password.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-22 09:26:59 UTC
Can we have emerge --info mail-client/claws-mail for completeness?
Comment 2 Uwe Scholz 2021-03-22 10:44:31 UTC
Created attachment 692940 [details]
Output of my local "emerge --info mail-client/claws-mail" command
Comment 3 Bernard Cafarelli gentoo-dev 2022-07-10 13:33:22 UTC
claws-mail itself does not specify which tool to use, it leaves it to gpgme/gpg.
If the issue still happens for you, can you run "eselect pinentry" to use another one? (pinentry-gnome3 probably in your case)
Comment 4 Uwe Scholz 2022-07-10 14:08:40 UTC
I did not know that there exists a pinentry module for eselect. But unfortunately it seems as if claws-mail does only look for /usr/bin/pinentry-gtk-2.

For example, when I remove the symbolic link /usr/bin/pinentry-gtk-2 -> /usr/bin/pinentry-gnome3 again and then I do the following:

$ # eselect pinentry list
Available pinentry binary implementations:
  [1]   pinentry-gnome3 *
  [2]   pinentry-qt5
  [3]   pinentry-curses
  [4]   pinentry-tty

$ # eselect pinentry set 2

I still get:

prefs_gpg.c:671:Can't disable gpg agent (no GPG_AGENT_INFO)
sgpgme.c:696:can't decrypt (Kein Pinentry)
pgpmime.c:251:plain is null!

Instead, when manually setting the symbolic link through

ln -s /usr/bin/pinentry-qt5 /usr/bin/pinentry-gtk-2

claws-mail shows the qt-password box immediately when clicking on the encrypted email.
Comment 5 Bernard Cafarelli gentoo-dev 2022-07-10 15:15:00 UTC
Thanks for the quick test!

This is interesting, as seen here:
https://git.claws-mail.org/?p=claws.git;a=blob;f=src/plugins/pgpcore/sgpgme.c;h=4b3a978e28b1d6902f77bb196df2cd682fde2dfd;hb=HEAD#l696

This is reported by gpgme (wrapper around GPG), do other gpg commands work fine locally? Like "gpg --decrypt" (you can run it on full mail saved to file from claws-mail)
Also, if you use eselect to set another pinentry (like QT), is it respected when running "gpg --decrypt"?

If you use gpg-agent, it may override the system pinentry:
https://superuser.com/questions/520980/how-to-force-gpg-to-use-console-mode-pinentry-to-prompt-for-passwords
Comment 6 Uwe Scholz 2022-07-10 16:18:32 UTC
Okay, found the issue. I had configured

uwe @ /tmp - [] $ cat ~/.gnupg/gpg-agent.conf
default-cache-ttl 300
max-cache-ttl 999999
allow-loopback-pinentry
pinentry-program /usr/bin/pinentry-gtk-2

and obviously the last line here was the problem.

I don't know since when I have this setting, but now, when looking into the GnuPG HowTo (https://wiki.gentoo.org/wiki/GnuPG#Configuring_gpg-agent_and_pinentry) it says we have to use 

pinentry-program /usr/bin/pinentry

instead, which makes sense. Indeed, with this setting I don't have an issue anymore and the selection of pinentry through eselect is reflected by claws-mail when clicking on the encrypted email (and also executing "gpg --decrypt").

Thanks for pointing me to the correct direction :)

Closing this bug.
Comment 7 Bernard Cafarelli gentoo-dev 2022-07-10 18:41:06 UTC
Glad that I could help! (and learned a few internals on GPG internals)