Dear Maintainer,
What led up to the situation?
=============================
Trying to add a sub-key to my private GPG key via the "Gnome keys"
(a.k.a. seahorse) GUI.
What exactly did you do (or not do) that was effective (or ineffective)?
========================================================================
1. Open "Passwords and Keys" (seahorse) via Gnome shell
2. Select GnuPG keys in the sidebar
3. Select my "Personal PGP key" in the list of keys
4. Right-click on the selected key entry
5. Select "Properties" in the context menu.
6. Select the "Details" tab
7. Click on "Add" in the "Subkeys" area
8. Click on "OK" in the appearing "Add subkey to ..." dialog. The
outcome appears to be the same independent of key type, key length,
or expiration date (including "Never Expires").
What was the outcome of this action?
====================================
A message window appears with the message
,----
| Couldn't add subkey
| General error
`----
and a "Close" button. Upon closing the window, the application
continues to operate without perceivable issues.
What outcome did you expect instead?
====================================
A new subkey to appear in the list of Subkeys.
Hi I have the same issues and I believe this is related to the new "KEYCONSIDERED" status in "recent" gpgme versions. There's an upstream bug report here: https://bugzilla.gnome.org/show_bug.cgi?id=778607 with a patch attached that fixe the issues for me. Best, -- Beren Minor
The same bug happens when I: - check the checkbox "I trust signatures from 'USER' on others key" - change the value of the field "You Trust The Owner:" - "Sign This Key" (whatever option I choose) The upstream patch https://git.gnome.org/browse/seahorse/patch/?id=cdfc5b297d7420e47b9c973e8b8cb1b0fb576421 applies on 3.20.0. The attached debdiff fixes the issue for me.
Hi! Kjö Hansi Glaz: Thanks! I'll look into it and will propose a NMU as this badly affects Tails upcoming 3.0 (Stretch-based) release. Now, I'm a little bit confused: the upstream bug + patch are about something triggered by gpgme 1.7+, but this Debian bug was initially reported against the version of Seahorse that's in Jessie, and Jessie has gpgme 1.5.1. So I'm wondering 1. if they really are the same problem; and 2. whether it's a regression in Stretch (if it is, then it clearly needs to be fixed IMO, and then a freeze exception will be more obviously needed). So, Kjö, Beren and Sebastian: can one of you please confirm whether you've experienced one of the problems this bug report is about on Debian Jessie? If yes, what version of libgpgme11 do you have installed? Cheers,
0. "Add subkey to ..." * 8.2: General Error * stretch: General Error * stretch + patch: General Error 1. check the checkbox "I trust signatures from 'USER' on others key" * 8.2: OK * stretch: General Error * stretch + patch: OK 2. change the value of the field "You Trust The Owner:" * 8.2: OK * stretch: General Error * stretch + patch: OK 3. "Sign This Key" (whatever option I choose) * 8.2: General Error * stretch: General Error * stretch + patch: General Error So you're right, the patch pointed on message #10 does not solve the issue this bug was initially about, nor the error while signing key. However, the patch solves the regressions introduced by Debian Stretch. Debian 8.2 I have libgpgme11 1.5.1-6. I'm trying to find if upstream has patches that solves the subkey and signing issues.
This last line is wrong: 3. "Sign This Key" (whatever option I choose) * stretch + patch: OK According to more tests, I *can* sign keys with the patch under sid and stretch, while I can't without. However, even without the patch, I can't add subkeys.
Hi dear Seahorse maintainers, [now sending to the right bug report, instead of the original, now cloned, one…] Kjö Hansi Glaz: This regression badly affects Tails upcoming 3.0 (Stretch-based) release. It doesn't break *all* Seahorse use cases, so arguably it's not RC, but it breaks enough important features to warrant being fixed in Stretch IMO. So I'd like to do an NMU that cherry-picks the minimal fix that upstream has already applied (and I'll request an unblock to the release team). Is it OK with you, or do you prefer to handle it differently? If I don't hear from you in the next few days, I'll upload to DELAYED/10. Cheers,
Am 02.04.2017 um 16:25 schrieb intrigeri: Feel free to go upload without delay.
We believe that the bug you reported is fixed in the latest version of
seahorse, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 859336@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kjö Hansi Glaz <kjo@a4nancy.net.eu.org> (supplier of updated seahorse package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sat, 01 Apr 2017 16:06:42 +0200
Source: seahorse
Binary: seahorse
Architecture: source
Version: 3.20.0-3.1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Kjö Hansi Glaz <kjo@a4nancy.net.eu.org>
Closes: 859336
Description:
seahorse - GNOME front end for GnuPG
Changes:
seahorse (3.20.0-3.1) unstable; urgency=medium
.
* Non-maintainer upload.
* 01_ignore_KEY_CONSIDERED.patch: new patch, cherry-picked from upstream Git,
to Ignore KEY_CONSIDERED line introduced in GnuPG 2.1.13 (Closes: #859336).
Fixes key signing and editing trust (regression since Jessie).
* Bump libgpgme-dev build-dependency to >= 1.7.0, as required
by the new patch cherry-picked from upstream.
Checksums-Sha1:
264ad2be10ccf9774af20b424ff61bee0d894ea8 2452 seahorse_3.20.0-3.1.dsc
4ec188c24f96164f1707d6920475f78a1086dc5e 14508 seahorse_3.20.0-3.1.debian.tar.xz
Checksums-Sha256:
7829d68a85ee36e91baec0c8a2163fe1255ab68b8a09b8c97a504a34e0d519fa 2452 seahorse_3.20.0-3.1.dsc
7737fce901e088f512c97d309807abeb53ec4f942d0f9091d164b9a171f575f4 14508 seahorse_3.20.0-3.1.debian.tar.xz
Files:
75937b477452b270210c78033ec92ebf 2452 gnome optional seahorse_3.20.0-3.1.dsc
95cbb65bb9404ad85800f2415e00d094 14508 gnome optional seahorse_3.20.0-3.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEcMAxqZeuB0p8dimNy2kI2AAOzf4FAljhE3AACgkQy2kI2AAO
zf4q7BAArLiumW/9GQMLig3sNQU50J6gco41VW5GayvaUA/N9wKSODkpWhkHZEeA
1kN14q0PAG4CeMmpBgSodVWmrGbGjRzCTWJ4dWwE01jqGmZLsCQmgR6S+54G8Fkk
Tva7yS+KNDTA9mHZG4b57qZF76VRYQL5MD6+n+aj05eKqUsYLYL3Waxis66SUbdq
Z6wb9SLjHyaJ9nq6IPzE5F05PMorrkotRAZm5POKNYgcmWyZQNoW5119p6kswoMa
GmEKxrxXlerS7rwbZ/nLphxwg6dIt7/RW6H9/kP2IcoOAXBgsQdbi/wj0FOJyU8k
RWc12jlNfuCHwdfCCe6zoM/fpUoMjMEHRozY1rZrBIhrnb6untK1LkjHRlL68yRa
nM9jER/9OL5Wq6IgpyVq6WcslRu/S2cnxOUhGg7ZItDil0IFHYodfLMKEpbvzmT8
prP8U470iyqVLzh0ggK2HMN5HZkRoZ/nzBGUhNOZ7Lc1JIfdZ92t9vgIehYM1YIA
sEQsiKJKaYPhGtEs/p5zScL5XvkvE4l8bag5IbMgNbAiSt2ub3WJDPkqB7SgZa+t
l7Lk3AOHy+wCG7SZWBS8n5tiW6AcBp84gSpFnpg+Sbx44zrmYn0071RUTW5ke7da
f45NpSkajP4bsMg1xb1suQVktcHRLtR+KfoK7V5qcKxONCytQWs=
=tXYS
-----END PGP SIGNATURE-----
Michael Biebl: Thanks! Uploaded, debdiff attached (I don't think I have access to the Vcs-Svn.) I'll file an unblock request once it has built on all relevant architectures. Cheers,
intrigeri: Niels already unblocked + aged it, so I didn't even have to file such a request :) Cheers,
Hi, I just tried to reproduce that issue using Seahorse 3.20.0-3.1 in both Tails 3.0-beta4 and a fresh install of Debian Stretch and got the "General Error" when trying to sign a key. But interestingly enough, in both setup I only get that error when trying for the first time to sign, every signature after that first error goes fine. Here are logs from Seahorse: ** (seahorse:10389): CRITICAL **: egg_datetime_set_clamp_date: assertion 'minyear <= maxyear' failed (seahorse:10389): seahorse-CRITICAL **: file pgp/seahorse-gpgme-key-op.c: line 551 (sign_transit): should not be reached Cheers.
Hi Kjö, thanks for cloning and retitling! Can you please ensure the tags for #862552 are correct? I see no indication that it's fixed upstream, and I can't find the patch. Cheers,
Hi, intrigeri: Thanks for removing the buggy "fixed-upstream" tag. I still see no patch, so I'm removing the "patch" tag too. Cheers,