Thunderbird crashes when using GPGME for smartcard integration on macOS
Categories
(MailNews Core :: Security: OpenPGP, defect)
Tracking
(Not tracked)
People
(Reporter: me, Unassigned, NeedInfo)
References
(Blocks 1 open bug)
Details
(Keywords: crash)
Attachments
(1 file)
8.02 KB,
text/plain
|
Details |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:81.0) Gecko/20100101 Firefox/81.0
Steps to reproduce:
Thunderbird auto-upgraded me to version 78, which broke my GPG smartcard integration with Enigmail. Once I figured out that I need to install GPGME (thanks to https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards), a subprocess of Thunderbird started to crash (noticeable due to the "Report problem to Apple" dialog) whenever I wanted to read an email which was encrypted for a key on my smartcard.
Actual results:
Signing a message also fails with the following message in the error console:
mimeEncrypt.js: caught exception: Error
Message: 'failure in finishCryptoEncapsulation'
File: chrome://openpgp/content/modules/mimeEncrypt.jsm
Line: 588
The report of the crashed process, which I could send to Apple, includes:
Process: thunderbird [4076]
Path: /Applications/Thunderbird.app/Contents/MacOS/thunderbird
Identifier: thunderbird
Version: 78.4.0 (78.4.0)
Code Type: X86-64 (Native)
Parent Process: thunderbird [4073]
Responsible: thunderbird [4073]
User ID: 503
Date/Time: 2020-11-06 12:25:40.928 +0100
OS Version: Mac OS X 10.15.7 (19H2)
Report Version: 12
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: EXC_I386_GPFLT
Exception Note: EXC_CORPSE_NOTIFY
Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [4076]
Application Specific Information:
crashed on child side of fork pre-exec
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_malloc.dylib 0x00007fff727aae41 nanov2_forked_calloc + 7
1 libsystem_malloc.dylib 0x00007fff72795f59 malloc_zone_calloc + 99
2 libsystem_malloc.dylib 0x00007fff72795ed9 calloc + 24
3 libobjc.A.dylib 0x00007fff7142a603 allocateBuckets(unsigned int) + 29
4 libobjc.A.dylib 0x00007fff7142a096 cache_fill + 283
5 libobjc.A.dylib 0x00007fff71429b27 lookUpImpOrForward + 530
6 libobjc.A.dylib 0x00007fff71429399 _objc_msgSend_uncached + 73
7 libsystem_asl.dylib 0x00007fff7261da9a _asl_mt_shim_fork_child + 33
8 libSystem.B.dylib 0x00007fff6f5c3aae libSystem_atfork_child + 49
9 libsystem_c.dylib 0x00007fff7263d8ad fork + 40
10 libgpgme.11.dylib 0x000000012852dd6f _gpgme_io_spawn + 356
11 libgpgme.11.dylib 0x000000012852f895 read_gpgconf_dirs + 208
12 libgpgme.11.dylib 0x000000012852f1a0 get_gpgconf_item + 295
13 libgpgme.11.dylib 0x000000012851d74c gpgme_get_engine_info + 99
14 libgpgme.11.dylib 0x000000012851db52 _gpgme_engine_info_copy + 365
15 libgpgme.11.dylib 0x0000000128530acb gpgme_new + 388
16 XUL 0x000000011434ac3c ffi_call_unix64 + 76
17 XUL 0x000000011434a41f ffi_call + 895
18 XUL 0x0000000113a4b936 0x10f9f4000 + 67467574
Expected results:
To me, this looks like a segmentation fault in GPGME. I thought I can get more information when I enable logging for GPGME (see https://www.gnupg.org/documentation/manuals/gpgme/Debugging.html), so I executed:
export GPGME_DEBUG=9:~/gpgme/log.txt
/Applications/Thunderbird.app/Contents/MacOS/thunderbird-bin
on my command line. To my surprise, everything worked (both decrypting incoming emails and signing outgoing emails). It turned out that the logging wasn't necessary: When I open Thunderbird by double-clicking its icon in the Finder, the GPG integration doesn't work. When I open Thunderbird through the command line (also when calling thunderbird
instead of thunderbird-bin
since the former is in Thunderbird's Info.plist file), it works. My Thunderbird version is 78.4.0 and I installed GPGME with Homebrew in version 1.14.0_1. Maybe it's purely a GPGME problem, which should be reported there. But maybe Thunderbird doesn't use GPGME correctly when opening Thunderbird with a double click.
If you can't do anything about this issue, you can ignore it. I've found a workaround which is acceptable to me. If anyone else encounters this issue, then the workaround is now publicly documented.
Comment 1•4 years ago
|
||
You've never gotten the crash reporter ?
https://support.mozilla.org/en-US/kb/mozilla-crash-reporter-tb
Reporter | ||
Comment 2•4 years ago
|
||
I'm not sure what you mean. Such a window never opened, no. Is this something I have to enable/install? Since I use Thunderbird for sensitive communication (when I have to use GPG), I disabled all reporting to Mozilla. Do you need more stacktrace information?
What I realized: I probably have some environment variable, which Thunderbird doesn't receive when being started directly. Let me know if you have a suggestion of how we can narrow this down.
Comment 3•4 years ago
|
||
The crash reporter is enabled by default. But if something is running in a process not attached to thunderbird then the reporter would not be invoked.
Comment 4•4 years ago
|
||
Thanks for your report.
A while ago we heard a similar report. I believe what had helped the other user was the logging environment variable, and IIUC it was on Windows.
Maybe it's some timing issue.
In order to fix this bug, we need a developer who has access to the relevant hardware and can try to reproduce and debug in detail.
Comment 5•3 years ago
|
||
Got the same case on the macOS.
Prerequisites:
- macOS Catalina 10.15.7
- no Thunderbird/GnuPG/gpgme previously installed.
- Installed Thunderbird and gnupg/gpgme via homebrew.
- Imported keys to the GnuPG, Yubikey works fine from the console.
- Setup Thunderbird as it is described in the Wiki
Result: running Thunderbird and attempting to decrypt messages reports a crash in gpgme.
Signing doesn't work as well, but sure whether it crashes.
Debugged GPGME a bit and here are the details:
- when opening Thunderbird from terminal via
export GPGME_DEBUG=9:~/Temp/gpgme.log
open /Applications/Thunderbird.app`
Got the following log piece:
GPGME 20201201T164713 6113 gpgme-dinfo: gpgconf='/usr/local/bin/gpgconf'
GPGME 20201201T164713 6113 _gpgme_io_pipe: enter: inherit_idx=1 (GPGME uses it for reading)
GPGME 20201201T164713 6113 _gpgme_io_pipe: leave: read fd=63 write fd=64
GPGME 20201201T164713 6113 _gpgme_io_spawn: enter: path=/usr/local/bin/gpgconf
GPGME 20201201T164713 6113 _gpgme_io_spawn: check: argv[ 0] = /usr/local/bin/gpgconf
GPGME 20201201T164713 6113 _gpgme_io_spawn: check: argv[ 1] = --list-dirs
GPGME 20201201T164713 6113 _gpgme_io_spawn: check: fd[0] = 0x40 -> 0x1
GPGME 20201201T164713 6113 _gpgme_io_spawn: check: waiting for child process pid=24860
GPGME 20201201T164713 6113 _gpgme_io_spawn:675: error: Undefined error: 0 (0)
...
GPGME 20201201T164713 6113 gpgme_op_decrypt_ext: enter: ctx=0x00000001341d2600 cipher=0x0000000138058400, plain=0x0000000138058c00
GPGME 20201201T164713 6113 gpgme_op_decrypt_ext:182: error: Unsupported protocol <GPGME>
GPGME 20201201T164713 6113 gpgme_data_release: call: dh=0x0000000138058400
GPGME 20201201T164713 6113 gpgme_data_release_and_get_mem: enter: dh=0x0000000138058c00 r_len=0x000000013bcde4b0
GPGME 20201201T164713 6113 gpgme_data_get_prop: enter: dh=0x0000000138058c00 dserial=0 1
GPGME 20201201T164713 6113 gpgme_data_get_prop: leave:
GPGME 20201201T164713 6113 gpgme_data_release: call: dh=0x0000000138058c00
However, if I run it directly, via /Applications/Thunderbird.app/Contents/MacOS/thunderbird-bin:
GPGME 20201201T171253 6257 gpgme-dinfo: gpgconf='/usr/local/bin/gpgconf'
GPGME 20201201T171253 6257 _gpgme_io_pipe: enter: inherit_idx=1 (GPGME uses it for reading)
GPGME 20201201T171253 6257 _gpgme_io_pipe: leave: read fd=24 write fd=52
GPGME 20201201T171253 6257 _gpgme_io_spawn: enter: path=/usr/local/bin/gpgconf
GPGME 20201201T171253 6257 _gpgme_io_spawn: check: argv[ 0] = /usr/local/bin/gpgconf
GPGME 20201201T171253 6257 _gpgme_io_spawn: check: argv[ 1] = --list-dirs
GPGME 20201201T171253 6257 _gpgme_io_spawn: check: fd[0] = 0x34 -> 0x1
GPGME 20201201T171253 6257 _gpgme_io_spawn: check: waiting for child process pid=25179
GPGME 20201201T171253 6257 _gpgme_io_close: enter: fd=52
GPGME 20201201T171253 6257 _gpgme_io_close: leave: result=0
GPGME 20201201T171253 6257 _gpgme_io_spawn: leave: result=0
So, due to some reasons, running app directly via /Applications/Thunderbird.app fails right at the beginning, unable to launch gpgconf and detect gpg pathes and settings. Then most likely Thunderbird fails to understand this and does something wrong when gpgme returns gpgme_op_decrypt_ext:182: error: Unsupported protocol <GPGME>
, causing the crash.
However the main question is why spawn of gpgconf fails? I'll try to debug it more, it could be some sort of permissions problems, piping whatever else.
Maybe Patrick has some ideas about it/experienced something similar with Enigmail/macOS?
Comment 6•3 years ago
|
||
Some more information:
During failure gpgconf process exits with WIFSIGNALED(status) and WTERMSIG(status) is 11, i.e. SIGSEGV.
Comment 7•3 years ago
|
||
(In reply to Nickolay Olshevsky from comment #5)
Maybe Patrick has some ideas about it/experienced something similar with Enigmail/macOS?
I'm sorry, but I can't help here. Enigmail does not use gpgme, and I'm not using macOS.
Comment 8•3 years ago
|
||
Oops, sorry, Patrick, for bugging you. Due to some unknown reasons I believed that Enigmail works via gpgme interface.
Comment 9•3 years ago
|
||
I am having the same exact issue. Installed GPGME via homebrew. (Only had GPG Tools before.)
Everything works if Thunderbird is launched via /Applications/Thunderbird.app/Contents/MacOS/thunderbird-bin.
When launching /Applications/Thunderbird.app, get the "failure in finishCryptoEncapsulation" error.
By the way, I am going the external GnuPG key route because Thunderbird doesn't yet support subkeys with primary key being offline.
Comment 10•3 years ago
|
||
(In reply to Patrick Nagurny from comment #9)
By the way, I am going the external GnuPG key route because Thunderbird doesn't yet support subkeys with primary key being offline.
Hopefully Thunderbird will support offline primary key + subkeys case soon, as we already implemented it in the RNP library.
Anyway, that strange SIGSEGV should be resolved as well, I'll try to invest some more time into investigation later.
Comment 11•3 years ago
|
||
I don't know if GPGME from homebrew is compatible with GPGTools.
You could try to use a single build that contains both component, which would then be known to be compatible with each other.
For example from here:
https://sourceforge.net/projects/gpgosx/files/
(Make sure to download the correct platform, don't use arm64 unless you're sure that's what you need.)
Reporter | ||
Comment 12•3 years ago
|
||
In my case (and I assume in Nickolay's case as well), I have both gnupg
and gpgme
installed via Homebrew. (At least both appear when I call brew list
and the path of which gpg
also seems to be right, namely /usr/local/bin/gpg
.) For my Yubikey, I also have pinentry-mac
from GPGTools installed via Homebrew but this doesn't seem to be the problem here.
Comment 13•3 years ago
|
||
It also worked for me (when run from Terminal of course) with standard pinentry-curses, so no GPGTools was involved.
Theoretically it could be something wrong with terminal allocation when run as a GUI application or so.
Comment 14•3 years ago
|
||
I'm scared when I read pinentry-curses. You have to configure gpg-agent such that a graphical version of pinentry is used. Neither Thunderbird nor gpgme can open a console window to use with pinentry.
Comment 15•3 years ago
|
||
(In reply to Patrick Brunschwig from comment #14)
I'm scared when I read pinentry-curses. You have to configure gpg-agent such that a graphical version of pinentry is used. Neither Thunderbird nor gpgme can open a console window to use with pinentry.
Yeah, it worked only when Thunderbird was run via the terminal. I meant that it's not a problem of GPGTools/pinentry-mac but something different.
Comment 16•3 years ago
|
||
Hello, I would like to confirm that I am hitting exactly the same issue: macOS 10.15.7, gpg
, gpgme
and pinentry-mac
installed from Homebrew. When I run thunderbird
binary manually everything works, but when I open Thunderbird.app
folder, it crashes whenever it touches the gpgme library.
Comment 17•3 years ago
|
||
I can confirm this using macOS 10.15.7, dependencies installed via Homebrew. Crashing with this GPGME 20210119T115631 32B7 gpgme_op_decrypt_ext:182: error: Unsupported protocol <GPGME>
error mentioned above.
Comment 18•3 years ago
|
||
Kai, could you please comment on quote from the discussion at https://dev.gnupg.org/T5250 :
Reading the bugzilla report it seems that TB is loading gpgme at runtime. In particular the hints on using externally build stuff (Homebrew) is worrying. Someone(tm) needs to check how gpgme is used by TB and that it is properly initialized. GPGME is actually not designed to be loaded at runtime but should be used as standard shared object or static library.
Comment 19•3 years ago
|
||
Thunderbird only loads GPGME if it's on the user's system, it's not something we ship (nor would we ship it). I don't know much about linking, but I would say that rules out static linking?
Comment 21•3 years ago
|
||
Reading the bugzilla report it seems that TB is loading gpgme at runtime. In particular the hints on using externally build stuff (Homebrew) is worrying. Someone(tm) needs to check how gpgme is used by TB and that it is properly initialized. GPGME is actually not designed to be loaded at runtime but should be used as standard shared object or static library.
I wasn't aware of this. The architecture of Thunderbird's implementation requires dynamic loading of the GPGME library.
At the time we load the library we call gpgme_check_version. The documentation sounds like it is the function that triggers the initialization that the module requires:
https://gnupg.org/documentation/manuals/gpgme/Library-Version-Check.html
If there are any other init steps we should perform, we can easily do that, prior to using the library.
Comment 22•3 years ago
|
||
Thanks again for pointing me to the above gnupg ticket. I've commented upstream.
Comment 23•3 years ago
|
||
From what I understand, it seems that certain combinations of GPGME and GnuPG are incompatible.
It may be necessary to more clearly document our requirements for using the optional GPGME/GnuPG configuration, ensure you have a GUI-enabled version of pinentry installed, and ensure that the installed GPGME and GnuPG software uses compatible versions.
Comment 24•3 years ago
|
||
Not sure what changed (maybe some build settings?), but since of today's update to Thunderbird 78.8.1 issue is gone, and both decryption and signing works with external Yubikey via gpgme. I didn't install GnuPG for OSX and use once installed via the homebrew, with addition of pinentry-mac.
Comment 25•3 years ago
|
||
(Citing Nickolay Olshevsky from comment #24)
Not sure what changed (maybe some build settings?), but since of today's update to Thunderbird 78.8.1 issue is gone, and both decryption and signing works with external Yubikey via gpgme. I didn't install GnuPG for OSX and use once installed via the homebrew, with addition of pinentry-mac.
Can confirm that the bug seems to be fixed in 78.8.1. I have GnuPG for OSX instead of the Homebrew version and it also works flawlessly.
Comment 26•3 years ago
|
||
Version 78.8.1 is the one that upgraded RNP to version v0.14.0 - so maybe there was a hidden memory issue that is fixed in newer RNP?
Reporter | ||
Comment 27•3 years ago
|
||
Version 78.8.1 fixed the problem for me only the first time after the update – probably because the "Restart Thunderbird" functionality launches Thunderbird as documented in the workaround. If I start Thunderbird 78.8.1 by double-clicking the icon, I still get a "thunderbird quit unexpectedly." dialog without affecting the rest of Thunderbird when viewing encrypted messages.
Comment 28•3 years ago
|
||
Version 78.8.1 is the one that upgraded RNP to version v0.14.0 - so maybe there was a hidden memory issue that is fixed in newer RNP?
I do not recall anything like this during last months.
If I start Thunderbird 78.8.1 by double-clicking the icon, I still get a "thunderbird quit unexpectedly." dialog without affecting the rest of Thunderbird when viewing encrypted messages.
Confirmed, the same behaviour :-(
Comment 29•3 years ago
|
||
Can we avoid using GPGME, and instead call the GPG command-line tool ourselves, the way Enigmail did? That would avoid this problem entirely.
Comment 30•3 years ago
|
||
advantages of using GPGME
Can we avoid using GPGME, and instead call the GPG command-line tool ourselves, the way Enigmail did? That would avoid this problem entirely.
Calling "gpg" directly comes with its own set of problems and this why using GPGME is recommended
by the GnuPG people (e.g. see https://wiki.gnupg.org/APIs).
Most parts of the command line interface of GnuPG is designed for interactive use and while there is large effort made to keep it stable, it is less stable then using GPGME which encapsulates calling the binaries. Sooner or later you run into the same problems that your code has to solve anew and maintain, which have been solved in GPGME already.
And upstream is interested to weed out GPGME defects.
(I am part of the GnuPG development community.)
Back to the defect: Is it still there for everybody?
(First it seems to be gone, as I've commented on https://dev.gnupg.org/T5250 but reading more, there still seems to be defects, depending on how Thunderbird is started, and in some reports on the existance of a gui pinentry?)
Comment 31•3 years ago
|
||
The defect is gone for me. Running TB 78.12.0 on macOS 11.5.1.
Comment 32•3 years ago
|
||
(In reply to ondrej from comment #31)
The defect is gone for me. Running TB 78.12.0 on macOS 11.5.1.
Did you restart Thunderbird and run it in the common way? For me defect is still there with TB 78.12.0/macOS 10.15.7
Comment 33•3 years ago
|
||
(In reply to Nickolay Olshevsky from comment #32)
(In reply to ondrej from comment #31)
The defect is gone for me. Running TB 78.12.0 on macOS 11.5.1.
Did you restart Thunderbird and run it in the common way? For me defect is still there with TB 78.12.0/macOS 10.15.7
Yes, I start Thunderbird by clicking on the icon in the dock and it works for me. I use the default gpgme: stable 1.16.0 (bottled) from Homebrew.
Comment 34•3 years ago
|
||
Updated gpgme to 1.16.0, but still no luck. Maybe related to the macOS version or to the Yubikey which I use.
Comment 35•3 years ago
|
||
(In reply to Nickolay Olshevsky from comment #34)
Updated gpgme to 1.16.0, but still no luck. Maybe related to the macOS version or to the Yubikey which I use.
Is the defect still a crash and independent of the way you start Thunderbird?
So it happens always when you try to view an
(I presume that you have pinentry-mac installed, because it worked before.)
What you could try is some sanity checks on GnuPG and with another keypair there to outrule the Yubikey influcence.
(Both should not be an issue, so it is unlikely, but because we don't know what is triggering the defect, I suggest we check some stuff anyway.)
So:
- Does GnuPG work on the command line with your yubikey as it should (listing secret-key(s), encrypting, decrypting, getting a gui pinentry up?)
(Assuming that you are familiar how to do this on the command line, otherwise let us know.) - If you create a new keypair with GnuPG on the command line, does this work with Thunderbird? For this I recommend to set the GNUPGHOME variable early before starting anything to a different directory where you can have a separate setup for gpg. I don't know when MacOS starts things, on GNU/Linux you could do it in a shell like
export GNUPGHOME=/home/bern/tmp/dot.gnupg
, create the directory then try with 'gpg --verbose --list-secret-keys' that the directory exists. If all commands that start gpg, gpg-agent, dirmngr, gpg-agent have that environment variable set, they'll use that new configuration directory. So you can create a new keypair there and see if this changes the behaviour.
Comment 36•3 years ago
|
||
(In reply to bernhard from comment #35)
Is the defect still a crash and independent of the way you start Thunderbird?
It only crashes if I start Thunderbird from the GUI (i.e. double clicking on icon). Basically, it doesn't crash and continue to work, just macOS's crash window is displayed.
If I run it from the Terminal, it works fine with Yubikey, and macOS pinentry (actually, it worked with terminal pinentry as well).
So it happens always when you try to view an
Yeah, it happens when I try to view an encrypted message, didn't try to sign recently.
What you could try is some sanity checks on GnuPG and with another keypair there to outrule the Yubikey influcence.
(Both should not be an issue, so it is unlikely, but because we don't know what is triggering the defect, I suggest we check some stuff anyway.)So:
- Does GnuPG work on the command line with your yubikey as it should (listing secret-key(s), encrypting, decrypting, getting a gui pinentry up?)
(Assuming that you are familiar how to do this on the command line, otherwise let us know.)
Sure, things work fine.
- If you create a new keypair with GnuPG on the command line, does this work with Thunderbird?
I don't think the issue is with keypair, as crash is reported somewhere between running gpgconf from the gpgme (looks like as the same I reported at https://dev.gnupg.org/T5250 )
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: EXC_I386_GPFLT
Exception Note: EXC_CORPSE_NOTIFY
Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [73386]
Application Specific Information:
crashed on child side of fork pre-exec
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_malloc.dylib 0x00007fff72559e41 nanov2_forked_calloc + 7
1 libsystem_malloc.dylib 0x00007fff72544f59 malloc_zone_calloc + 99
2 libsystem_malloc.dylib 0x00007fff72544ed9 calloc + 24
3 libobjc.A.dylib 0x00007fff711d9603 allocateBuckets(unsigned int) + 29
4 libobjc.A.dylib 0x00007fff711d9096 cache_fill + 283
5 libobjc.A.dylib 0x00007fff711d8b27 lookUpImpOrForward + 530
6 libobjc.A.dylib 0x00007fff711d8399 _objc_msgSend_uncached + 73
7 libsystem_asl.dylib 0x00007fff723cca9a _asl_mt_shim_fork_child + 33
8 libSystem.B.dylib 0x00007fff6f372aae libSystem_atfork_child + 49
9 libsystem_c.dylib 0x00007fff723ec8ad fork + 40
10 libgpgme.11.dylib 0x00000001338d3c5b _gpgme_io_spawn + 356
11 libgpgme.11.dylib 0x00000001338d5781 read_gpgconf_dirs + 208
12 libgpgme.11.dylib 0x00000001338d5099 get_gpgconf_item + 308
13 libgpgme.11.dylib 0x00000001338c310c gpgme_get_engine_info + 99
14 libgpgme.11.dylib 0x00000001338c3512 _gpgme_engine_info_copy + 365
15 libgpgme.11.dylib 0x00000001338d69b7 gpgme_new + 388
16 XUL 0x000000011973d06c ffi_call_unix64 + 76
17 XUL 0x000000011973c84f ffi_call + 895
18 XUL 0x0000000118e3d7f6 0x114ded000 + 67438582
Thread 0 crashed with X86 Thread State (64-bit):
rax: 0x00007fff72559e3a rbx: 0x0000000000000004 rcx: 0x00007fff711f7140 rdx: 0x0000000000000001
rdi: 0x7974696361706143 rsi: 0x0000000000000040 rbp: 0x00007ffee13fc380 rsp: 0x00007ffee13fc358
r8: 0x0000000000000003 r9: 0x00007ffee13fc3f8 r10: 0x0000000100000000 r11: 0x00007ffee13fc3f0
r12: 0x00007fff98a98000 r13: 0x00007fff98aa56e8 r14: 0x0000000000000001 r15: 0x0000000000000040
rip: 0x00007fff72559e41 rfl: 0x0000000000010246 cr2: 0x000000010e8801e8
Logical CPU: 6
Error Code: 0x00000000
Trap Number: 13
Comment 37•3 years ago
|
||
I also have this issue, Thunderbird not crashing but cannot use private key in GnuPG.
Launching Thunderbird via /Applications/Thunderbird.app/Contents/MacOS/thunderbird-bin
will have everything working but not directly with /Applications/Thunderbird.app
.
Only with macOS, Windows and Linux have no issue. Possibly only Apple Silicon Macs since one of my friend using an Intel Mac didn't have the issue, but I cannot confirm since I don't have one.
Full log when trying to compose a signed email:
Unexpected event profile-after-change URLQueryStrippingListService.jsm:224
Uncaught (in promise) undefined
Unknown Collection "thunderbird/query-stripping" RemoteSettingsClient.jsm:160
Successfully loaded OpenPGP library librnp.dylib version 0.15.2+git20210806.dd923a4e.MZLA from /Applications/Thunderbird.app/Contents/MacOS/librnp.dylib RNPLib.jsm:92:15
Found 3 public keys and 0 secret keys (0 protected, 0 unprotected) RNPLib.jsm:288:15
Successfully loaded optional OpenPGP library libgpgme.dylib from additional standard locations GPGMELib.jsm:69:13
gpgme version: 1.16.0 GPGMELib.jsm:241:15
Trying to load /Applications/Thunderbird.app/Contents/MacOS/libotr.dylib OTRLib.jsm:64:11
Trying to load libotr.dylib from system's standard library locations OTRLib.jsm:64:11
Trying to load libotr.5.dylib from system's standard library locations OTRLib.jsm:64:11
Trying to load libotr.dylib from system's standard library locations OTRLib.jsm:64:11
Error: Cannot load required OTR library
loadExternalOTRLib resource:///modules/OTRLib.jsm:109
init resource:///modules/OTRLib.jsm:115
once resource:///modules/OTR.jsm:117
init resource:///modules/OTR.jsm:138
init resource:///modules/OTRUI.jsm:265
OTR.jsm:126:15
[Exception... "Favicon at "https://start.thunderbird.net/favicon.ico" failed to load: Not Found." nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource:///modules/FaviconLoader.jsm :: onStopRequest :: line 253" data: no] FaviconLoader.jsm:253:22
onStopRequest resource:///modules/FaviconLoader.jsm:253
in getEncryptionFlags, gSendEncrypted=false, gSendSigned=true enigmailMsgComposeOverlay.js:1607:13
Prompter: internal dialogs not available in this context. Falling back to window prompt. Prompter.jsm:1084
getCryptParams parameters: from=<key_id>, to=<email_addr>, bcc=, hash=SHA256, flags=37057, ascii=0, errorObj=
Object { value: "" }
, logObj=
Object { }
encryption.jsm:73:13
getCryptParams, got: to=<email_addr>, bcc= encryption.jsm:113:13
getCryptParams returning: encryption.jsm:190:13
Object { sender: "<key_id>", sign: true, signatureHash: "SHA256", sigTypeClear: false, sigTypeDetached: true, encrypt: false, encryptToSender: false, armor: true, senderKeyIsExternal: true, to: (1) […], … }
encryption.jsm:191:13
sendFlags=000090c1 encryption.jsm:426:13
Error: failure in finishCryptoEncapsulation, exitCode: -1
finishCryptoEncapsulation chrome://openpgp/content/modules/mimeEncrypt.jsm:580
createMessageFile resource:///modules/MimeMessage.jsm:86
mimeEncrypt.jsm:597:15
mailnews.send:
Exception { name: "NS_ERROR_XPC_JAVASCRIPT_ERROR_WITH_DETAILS", message: "[JavaScript Error: \"failure in finishCryptoEncapsulation, exitCode: -1\" {file: \"chrome://openpgp/content/modules/mimeEncrypt.jsm\" line: 580}]'[JavaScript Error: \"failure in finishCryptoEncapsulation, exitCode: -1\" {file: \"chrome://openpgp/content/modules/mimeEncrypt.jsm\" line: 580}]' when calling method: [nsIMsgComposeSecure::finishCryptoEncapsulation]", result: 2153185313, filename: "resource:///modules/MimeMessage.jsm", lineNumber: 86, columnNumber: 0, data: XPCWrappedNative_NoHelper, stack: "createMessageFile@resource:///modules/MimeMessage.jsm:86:27\n", location: XPCWrappedNative_NoHelper }
MessageSend.jsm:122:27
mimeEncrypt.js: caught exception: Error
Message: 'failure in finishCryptoEncapsulation, exitCode: -1'
File: chrome://openpgp/content/modules/mimeEncrypt.jsm
Line: 580
Stack: finishCryptoEncapsulation@chrome://openpgp/content/modules/mimeEncrypt.jsm:580:15
createMessageFile@resource:///modules/MimeMessage.jsm:86:27
Error: failure in finishCryptoEncapsulation, exitCode: -1 mimeEncrypt.jsm:580:15
mailnews.send: Sending failed; , exitCode=2153185313, originalMsgURI= MessageSend.jsm:321:27
Prompter: internal dialogs not available in this context. Falling back to window prompt. Prompter.jsm:1084
Prompter: internal dialogs not available in this context. Falling back to window prompt. Prompter.jsm:1084
NS_ERROR_NOT_AVAILABLE: 2 ActivityManager.jsm:129
Comment 38•3 years ago
|
||
This crash also happens with Thunderbird 91?
And a Thunderbird crash isn't generated which gives a crash ID in Help > More troubleshooting info ?
Updated•3 years ago
|
Comment 40•3 years ago
|
||
(In reply to Wayne Mery (:wsmwk) from comment #38)
This crash also happens with Thunderbird 91?
And a Thunderbird crash isn't generated which gives a crash ID in Help > More troubleshooting info ?
It is not actually "crashing", just shows "Secret key not available" when trying to decrypt messages.
Reporter | ||
Comment 41•3 years ago
|
||
I still have version 78.10.1 (64-bit) and it says that Thunderbird is up to date in the about dialog. Do you have any idea why I'm not being upgraded? On https://blog.thunderbird.net/2021/08/thunderbird-91-available-now/ it says that existing Thunderbird users will be updated to the newest version in the coming weeks.
Comment 42•3 years ago
|
||
(In reply to Kaspar Etter from comment #41)
I still have version 78.10.1 (64-bit) and it says that Thunderbird is up to date in the about dialog.
Thunderbird should be updating you to version 78.14.0. From there you would be updated to version 91, except right now we are blocking updates to 91 for Macs - we need to wait for version 91.3.0 for Macs. (This all assumes you are using a supported version of macOS.)
Comment 43•2 years ago
|
||
workaround |
I found a workaround of this for ARM Macs, it was weird, but do works:
- Make sure to install
gnupg
,gpgme
andpinentry-mac
- Open Thunderbird, setup everything and try to open an email encrypted using a secret key available in the GnuPG keychain, it should fail
- Open Finder and navigate to
Thunderbird.app
, right click and select "Get Info", check the box "Open using Rosetta" - Open Thunderbird, this time you should see an permission window requesting Contacts permission, allow it (I haven't tested if the workaround still works if I disallow the permission)
- GnuPG should still not function, quit Thunderbird
- Open Finder and navigate to
Thunderbird.app
, right click and select "Get Info", deselect "Open using Rosetta" - Reopen Thunderbird and GnuPG should work
I have no idea why this would make GnuPG work, but it does. I tested and it works on both of my ARM Macs (including one that was just factory reset).
Comment 45•2 years ago
|
||
I am still experiencing this bug using version 91.11.0 (64-bit) with macOS (arm64), however adding my homebrew prefix to PATH before launching Thunderbird works for me.
So you can write: PATH=$PATH:/opt/homebrew/bin /Applications/Thunderbird.app/Contents/MacOS/thunderbird-bin
in automator as a bash script and save it as an application somewhere and launch that instead.
Comment 46•2 years ago
|
||
Ran into the same issue. With brew install gnupg gpgme
, Thunderbird only worked when starting it from the command line. What help was to install brew install gpg-suite
. That made Thunderbird work when started from UI as well.
Comment 47•2 years ago
|
||
Is there anything we can hook up to get crash reports? (which would be a separate bug report)
Comment 49•1 year ago
|
||
So, the bug is present, even under TB 102 and M1-based MacBook. Here's my workaround, which makes using Thunderbird quite fine:
-
Install
gpgme
(will installgnupg
) and GPG Suite (both available via Homebrew) -
Unlink
gnupg
and restart all GnuPG services:brew unlink gnupg gpgconf -kill all
-
Create an Automator app. Set it to execute the following shell script:
nohup /Applications/Thunderbird.app/Contents/MacOS/thunderbird-bin > /dev/null 2>&1 &
-
Save as an application and use it to launch Thunderbird
I know, this seems more like tambourine dances than a thought-through guide, but I couldn't make it work otherwise 🤷🏻♂️
Comment 50•1 year ago
|
||
Hello,
I can confirm this is happening also with:
- mac m1 with Ventura 13.2 (22D49)
- thunderbird 102.7.1 (64 bits)
- external smartcard (yubikey)
- running thunderbird from the spotlight/finder
I'm able to send cyphered email but unable to send any signed email (as well as save draft)
While this is working from CLI ... like open /Applications/Thunderbird.App
or even open /Applications/Thunderbird.app/Contents/MacOS/thunderbird-bin
The workaround provided by wangdingwen32 is not working at all.
The one from Nikita Karamov does not work for me as well: it fails differently, when sending a signed email, it asked for my yubikey to be plugged, which is good as it's an expected behavior.
The problem is that is does not detect my yubikey at all....
This is not a thunderbird issue I guess because I cannot even use password-store/pass at all, it's related to the interaction of gpg-suite and something.
I didn't found any solution so far but it's impacting a lot the workflow.
Comment 51•1 year ago
|
||
The one from Nikita Karamov does not work for me as well: it fails differently, when sending a signed email, it asked for my yubikey to be plugged, which is good as it's an expected behavior.
The problem is that is does not detect my yubikey at all....
Yup, happens to me too. Mos of the times, plugging it in and out helps. Sometimes I need to run gpgconf -kill all
instead; this happens mostly with Git and not Thunderbird, though.
Comment 52•1 year ago
|
||
FYI I found something that works for me (R) by switching from the gnupg from brew to gpgosx.
- Uninstall gnupg from brew (as well as gpgme)
brew uninstall --ignore-dependencies gnupg gpgme
The --ignore-dependencies
is necessarry in my case because I've pass
and pinentry-mac
depending on it.
- Then install gpgosx
Follow the link: https://gnupg.org/download/ GnuPG for OS X to sourceforge.
My other software like password-store and git-crypt are still working as before as expected.
I still don't understand why it doesn't work and I wonder if it's really a thunderbird problem.....
Comment 53•9 months ago
|
||
The release of Thunderbird 115 “Supernova” changed things. Now, my workaround doesn't work any more. If I launch Thunderbird using `thunderbird-bin`, and then do anything that requires PIN entry (and thus, launching `pinentry-mac`), Thunderbird hangs. After force-quitting, I can see a huge stack trace in the MainThread calling `gpgme_op_decrypt_ext`.
Comment 54•9 months ago
|
||
Appending my previous comment: Removing the workaround, using Homebrew's gnupg
and gpgme
, uninstalling GPG Suite, launching TB via .app didn't help. It is thus effectively impossible to encrypt, decrypt, sign, or even attach a public key to the messages.
Comment 55•7 months ago
|
||
Hello,
I'm using Thunderbird 115.3.1 on macOS 13.6 (22G120) with GnuPG 2.4.3 and gpgme 1.22 provided by Homebrew. GPG decryption outside of Thunderbird works fine with my Yubikey 5Ci. pinentry-mac is called when needed and decryption, encryption, and signing all work properly. Within Thunderbird, the behavior has been "different" with each major release since PGP support was builtin. I was able to initially keep things working by running Thunderbird under Rosetta, then by calling thunderbird-bin
, and now while things work - Thunderbird hangs after displaying decrypted content. External GPG isn't running post-decryption, so I assume this is a Thunderbird problem.
I don't see anything in Thunderbird's console logs. I'd love to figure this out!
Thanks!
Description
•