#862552 seahorse: first attempt to sign a key fails with "General Error"

Package:
seahorse
Source:
seahorse
Description:
GNOME front end for GnuPG
Submitter:
Sebastian Scheurer
Date:
2021-03-04 17:21:13 UTC
Severity:
important
Tags:
#862552#5
Date:
2015-11-27 14:31:16 UTC
From:
To:
Dear Maintainer,

What led up to the situation?
=============================

  Trying to add a sub-key to my private GPG key via the "Gnome keys"
  (a.k.a. seahorse) GUI.


What exactly did you do (or not do) that was effective (or ineffective)?
========================================================================

  1. Open "Passwords and Keys" (seahorse) via Gnome shell
  2. Select GnuPG keys in the sidebar
  3. Select my "Personal PGP key" in the list of keys
  4. Right-click on the selected key entry
  5. Select "Properties" in the context menu.
  6. Select the "Details" tab
  7. Click on "Add" in the "Subkeys" area
  8. Click on "OK" in the appearing "Add subkey to ..." dialog. The
     outcome appears to be the same independent of key type, key length,
     or expiration date (including "Never Expires").


What was the outcome of this action?
====================================

  A message window appears with the message
  ,----
  | Couldn't add subkey
  | General error
  `----
  and a "Close" button. Upon closing the window, the application
  continues to operate without perceivable issues.


What outcome did you expect instead?
====================================

  A new subkey to appear in the list of Subkeys.

#862552#10
Date:
2017-03-11 17:40:34 UTC
From:
To:
Hi

I have the same issues and I believe this is related to the new
"KEYCONSIDERED" status in "recent" gpgme versions.

There's an upstream bug report here:
https://bugzilla.gnome.org/show_bug.cgi?id=778607 with a patch
attached that fixe  the issues for me.

Best,
--
Beren Minor

#862552#15
Date:
2017-04-01 15:19:00 UTC
From:
To:
The same bug happens when I:

- check the checkbox "I trust signatures from 'USER' on others key"
- change the value of the field "You Trust The Owner:"
- "Sign This Key" (whatever option I choose)

The upstream patch
https://git.gnome.org/browse/seahorse/patch/?id=cdfc5b297d7420e47b9c973e8b8cb1b0fb576421
applies on 3.20.0.

The attached debdiff fixes the issue for me.

#862552#30
Date:
2017-04-02 05:54:13 UTC
From:
To:
Hi!

Kjö Hansi Glaz:

Thanks! I'll look into it and will propose a NMU as this badly affects
Tails upcoming 3.0 (Stretch-based) release.

Now, I'm a little bit confused: the upstream bug + patch are about
something triggered by gpgme 1.7+, but this Debian bug was initially
reported against the version of Seahorse that's in Jessie, and Jessie
has gpgme 1.5.1. So I'm wondering 1. if they really are the same
problem; and 2. whether it's a regression in Stretch (if it is, then
it clearly needs to be fixed IMO, and then a freeze exception will be
more obviously needed).

So, Kjö, Beren and Sebastian: can one of you please confirm whether
you've experienced one of the problems this bug report is about on
Debian Jessie? If yes, what version of libgpgme11 do you
have installed?

Cheers,

#862552#37
Date:
2017-04-02 12:47:00 UTC
From:
To:
0. "Add subkey to ..."
   * 8.2: General Error
   * stretch: General Error
   * stretch + patch: General Error

1. check the checkbox "I trust signatures from 'USER' on others key"
   * 8.2: OK
   * stretch: General Error
   * stretch + patch: OK

2. change the value of the field "You Trust The Owner:"
   * 8.2: OK
   * stretch: General Error
   * stretch + patch: OK

3. "Sign This Key" (whatever option I choose)
   * 8.2: General Error
   * stretch: General Error
   * stretch + patch: General Error

So you're right, the patch pointed on message #10 does not solve the
issue this bug was initially about, nor the error while signing key.
However, the patch solves the regressions introduced by Debian Stretch.

Debian 8.2 I have libgpgme11 1.5.1-6.

I'm trying to find if upstream has patches that solves the subkey and
signing issues.

#862552#42
Date:
2017-04-02 13:35:00 UTC
From:
To:
This last line is wrong:

3. "Sign This Key" (whatever option I choose)
   * stretch + patch: OK

According to more tests, I *can* sign keys with the patch under sid and
stretch, while I can't without.

However, even without the patch, I can't add subkeys.

#862552#55
Date:
2017-04-02 14:25:57 UTC
From:
To:
Hi dear Seahorse maintainers,

[now sending to the right bug report, instead of the original, now
cloned, one…]

Kjö Hansi Glaz:

This regression badly affects Tails upcoming 3.0 (Stretch-based)
release. It doesn't break *all* Seahorse use cases, so arguably it's
not RC, but it breaks enough important features to warrant being fixed
in Stretch IMO.

So I'd like to do an NMU that cherry-picks the minimal fix that
upstream has already applied (and I'll request an unblock to the
release team). Is it OK with you, or do you prefer to handle
it differently?

If I don't hear from you in the next few days, I'll upload to
DELAYED/10.

Cheers,

#862552#60
Date:
2017-04-02 14:33:07 UTC
From:
To:
Am 02.04.2017 um 16:25 schrieb intrigeri:

Feel free to go upload without delay.

#862552#65
Date:
2017-04-02 15:21:18 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
seahorse, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 859336@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kjö Hansi Glaz <kjo@a4nancy.net.eu.org> (supplier of updated seahorse package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Sat, 01 Apr 2017 16:06:42 +0200
Source: seahorse
Binary: seahorse
Architecture: source
Version: 3.20.0-3.1
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>
Changed-By: Kjö Hansi Glaz <kjo@a4nancy.net.eu.org>
Closes: 859336
Description:
 seahorse   - GNOME front end for GnuPG
Changes:
 seahorse (3.20.0-3.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * 01_ignore_KEY_CONSIDERED.patch: new patch, cherry-picked from upstream Git,
     to Ignore KEY_CONSIDERED line introduced in GnuPG 2.1.13 (Closes: #859336).
     Fixes key signing and editing trust (regression since Jessie).
   * Bump libgpgme-dev build-dependency to >= 1.7.0, as required
     by the new patch cherry-picked from upstream.
Checksums-Sha1:
 264ad2be10ccf9774af20b424ff61bee0d894ea8 2452 seahorse_3.20.0-3.1.dsc
 4ec188c24f96164f1707d6920475f78a1086dc5e 14508 seahorse_3.20.0-3.1.debian.tar.xz
Checksums-Sha256:
 7829d68a85ee36e91baec0c8a2163fe1255ab68b8a09b8c97a504a34e0d519fa 2452 seahorse_3.20.0-3.1.dsc
 7737fce901e088f512c97d309807abeb53ec4f942d0f9091d164b9a171f575f4 14508 seahorse_3.20.0-3.1.debian.tar.xz
Files:
 75937b477452b270210c78033ec92ebf 2452 gnome optional seahorse_3.20.0-3.1.dsc
 95cbb65bb9404ad85800f2415e00d094 14508 gnome optional seahorse_3.20.0-3.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEcMAxqZeuB0p8dimNy2kI2AAOzf4FAljhE3AACgkQy2kI2AAO
zf4q7BAArLiumW/9GQMLig3sNQU50J6gco41VW5GayvaUA/N9wKSODkpWhkHZEeA
1kN14q0PAG4CeMmpBgSodVWmrGbGjRzCTWJ4dWwE01jqGmZLsCQmgR6S+54G8Fkk
Tva7yS+KNDTA9mHZG4b57qZF76VRYQL5MD6+n+aj05eKqUsYLYL3Waxis66SUbdq
Z6wb9SLjHyaJ9nq6IPzE5F05PMorrkotRAZm5POKNYgcmWyZQNoW5119p6kswoMa
GmEKxrxXlerS7rwbZ/nLphxwg6dIt7/RW6H9/kP2IcoOAXBgsQdbi/wj0FOJyU8k
RWc12jlNfuCHwdfCCe6zoM/fpUoMjMEHRozY1rZrBIhrnb6untK1LkjHRlL68yRa
nM9jER/9OL5Wq6IgpyVq6WcslRu/S2cnxOUhGg7ZItDil0IFHYodfLMKEpbvzmT8
prP8U470iyqVLzh0ggK2HMN5HZkRoZ/nzBGUhNOZ7Lc1JIfdZ92t9vgIehYM1YIA
sEQsiKJKaYPhGtEs/p5zScL5XvkvE4l8bag5IbMgNbAiSt2ub3WJDPkqB7SgZa+t
l7Lk3AOHy+wCG7SZWBS8n5tiW6AcBp84gSpFnpg+Sbx44zrmYn0071RUTW5ke7da
f45NpSkajP4bsMg1xb1suQVktcHRLtR+KfoK7V5qcKxONCytQWs=
=tXYS
-----END PGP SIGNATURE-----

#862552#70
Date:
2017-04-02 15:24:01 UTC
From:
To:
Michael Biebl:

Thanks!

Uploaded, debdiff attached (I don't think I have access to the Vcs-Svn.)

I'll file an unblock request once it has built on all
relevant architectures.

Cheers,

#862552#75
Date:
2017-04-03 04:51:25 UTC
From:
To:
intrigeri:

Niels already unblocked + aged it, so I didn't even have to file such
a request :)

Cheers,

#862552#80
Date:
2017-04-23 11:17:00 UTC
From:
To:
Hi,

I just tried to reproduce that issue using Seahorse 3.20.0-3.1 in both
Tails 3.0-beta4 and a fresh install of Debian Stretch and got the
"General Error" when trying to sign a key.

But interestingly enough, in both setup I only get that error when
trying for the first time to sign, every signature after that first
error goes fine.

Here are logs from Seahorse:

** (seahorse:10389): CRITICAL **: egg_datetime_set_clamp_date: assertion
'minyear <= maxyear' failed

(seahorse:10389): seahorse-CRITICAL **: file
pgp/seahorse-gpgme-key-op.c: line 551 (sign_transit): should not be reached

Cheers.

#862552#93
Date:
2017-05-16 07:16:18 UTC
From:
To:
Hi Kjö,

thanks for cloning and retitling!

Can you please ensure the tags for #862552 are correct? I see no
indication that it's fixed upstream, and I can't find the patch.

Cheers,

#862552#102
Date:
2017-06-29 18:54:57 UTC
From:
To:
Hi,

intrigeri:

Thanks for removing the buggy "fixed-upstream" tag.
I still see no patch, so I'm removing the "patch" tag too.

Cheers,