Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 510608

Summary: mail-client/pinepgp-0.18.0-r1 should use "gpg --clearsign" for signed-only emails
Product: Gentoo Linux Reporter: brant williams <brant>
Component: Current packagesAssignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed>
Status: RESOLVED OBSOLETE    
Severity: normal CC: mgorny, net-mail+disabled
Priority: Low    
Version: unspecified   
Hardware: AMD64   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description brant williams 2014-05-18 01:28:01 UTC 
Hello!

When sending email with Alpine (after pinepgp is installed), I noticed that any email which was digitally signed (and not also encrypted) would result in a blob of crypto-text.

Previously, the behavior was to send a separate, "ascii-armored" digital signature inline with the plaintext message.

It's because gpg is called with the "-s" ("--sign") flag, instead of "--clearsign":

brant@fresh ~ $ grep -- -sign\, .pinerc
	/usr/bin/gpg-sign,

brant@fresh ~ $ file /usr/bin/gpg-sign
/usr/bin/gpg-sign: symbolic link to `pinegpg'

brant@fresh ~ $ grep "/usr/bin/gpg" /usr/bin/pinegpg
ces="/usr/bin/gpg -at -s"
cee="/usr/bin/gpg -at -e"
cese="/usr/bin/gpg -at -se"
cec="/usr/bin/gpg"
brant@fresh ~ $ 



Reproducible: Always

Steps to Reproduce:
1. echo "mail-client/alpine chappa" >> /etc/portage/package.use

2. emerge "mail-client/alpine"

3. /usr/bin/pinegpg-install

4. gpg --gen-key ## 2048-bit DSA/Elgamal is what I used.

5. alpine

6. Compose an email, ideally to another personal email address. At send-time, select "gpg-sign" from the filter list.

7. Enter passphrase to unlock secret key and sign the message (gpg -s).

8. Check the received message or check the alpine "sent-mail" file.
Actual Results:  
User-Agent: Alpine 2.00 (LNX 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII

-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.0.22 (GNU/Linux)

owGbwMvMyCF4eiGHuTO7mwHjacUShuAK7vaSjMxiheKM/NKcFIWkVIWyzOLMpJxU
PV4uXq6OOBZGQQ4GNlYmkEIGLk4BmO6tpxn+V+rfZpz7+pFN9eGrFbZ6UnVJSTy/
/nDMWdqRtEksqrxvN8M/jYm/9v/avHjutuhfy/adbJvy7fK7kp1b5hoFsHb5hDjF
xwAA
=Lx0g
-----END PGP MESSAGE-----


Expected Results:  
User-Agent: Alpine 2.00 (LNX 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

this should be visible.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iF4EAREIAAYFAlN4Ct8ACgkQy6EIN0MHRjAG1gD+M9GpeW4Rnhnq0GfcN/UI2A8Q
WjbQO/dkG2Y9n5HaBLIBAIaixBvkKu9akxZ0GLlwsEIPTYYwj5MtcAkmiDh3AT4g
=HT7k
-----END PGP SIGNATURE-----


As a workaround, I simply copied "/usr/bin/pinegpg" to my home directory and modified it.

brant@fresh ~ $ grep "/usr/bin/gpg" /home/brant/gpg-sign 
ces="/usr/bin/gpg -at --clearsign"
cee="/usr/bin/gpg -at -e"
cese="/usr/bin/gpg -at -se"
cec="/usr/bin/gpg"
brant@fresh ~ $

Next, I modified the .pinerc file:

brant@fresh ~ $ grep -- -sign\, .pinerc
	/home/brant/gpg-sign,

And now it works expectedly.

Thanks for your time.

-Brant
Comment 1 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2019-11-05 22:32:30 UTC 
removing.