Open Bug 1931862 Opened 4 months ago Updated 2 months ago

DBUS_SESSION_BUS_ADDRESS passed from Flatpak to gpg-agent on host for allow_external_gnupg + smartcard, no Pinentry dialog host, email not sent and error message NS_ERROR_XPC_JAVASCRIPT_ERROR_WITH_DETAILS ... failure in finishCryptoEncapsulation

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

Product:
MailNews Core
Component:
Security: OpenPGP
Version:
Thunderbird 128
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: jarkko, Unassigned)

References

Details

(Keywords: flatpak)

Steps to reproduce:

  1. Install gpg >= 2.3.0 on the host
  2. Install the flatpak version of Thunderbird
  3. Add an external GnuPG key which is on an OpenPGP smartcard
  4. Send a signed email, when the smartcard is locked and requires a pin

Actual results:

Pinentry dialog does not show up on the host, the email is not sent and an error message is shown.

Expected results:

The pinentry dialog should show up and the message should be sent successfully after entering the correct pin.

This is a copy of https://github.com/flathub/org.mozilla.Thunderbird/issues/287, since the same issue also exists in Mozilla built Thunderbird flatpaks.

Since gpg 2.3.0 a wider list of environment variables is being passed to gpg-agent (https://github.com/gpg/gnupg/commit/7ffc1ac7dd95d4cc1897a4c36d5cd628741c12f2). The list also includes DBUS_SESSION_BUS_ADDRESS (https://github.com/gpg/gnupg/blob/master/common/session-env.c#L66-L91), which is required for the gnome3 pinentry. Looks like gpgme executes gpg by inheriting the current environment without allowing to modify it. Hence, the internal session bus address of the flatpak is sent to the gpg-agent on host.

A quick fix would be to use a wrapper for the gpg binary in the flatpak version of Thunderbird. The wrapper would unset the DBUS_SESSION_BUS_ADDRESS and the gpg-agent would then use the session bus address from its current environment. A more laborious and slower fix would be to add support for modifying or filtering the environment in the gpgme library. Which one of these is preferable? Are there other possible solutions?

Component: OS Integration → Security: OpenPGP
Keywords: flatpak
Product: Thunderbird → MailNews Core
See Also: → https://github.com/flathub/org.mozilla.Thunderbird/issues/287
Summary: DBUS_SESSION_BUS_ADDRESS is passed from Flatpak to gpg-agent on host → DBUS_SESSION_BUS_ADDRESS is passed from Flatpak to gpg-agent on host - for allow_external_gnupg + smartcard the Pinentry dialog does not show up on the host, the email is not sent and an error message is shown.
Summary: DBUS_SESSION_BUS_ADDRESS is passed from Flatpak to gpg-agent on host - for allow_external_gnupg + smartcard the Pinentry dialog does not show up on the host, the email is not sent and an error message is shown. → DBUS_SESSION_BUS_ADDRESS passed from Flatpak to gpg-agent on host for allow_external_gnupg + smartcard, no Pinentry dialog host, email not sent and error message NS_ERROR_XPC_JAVASCRIPT_ERROR_WITH_DETAILS ... failure in finishCryptoEncapsulation

I don't know immediately how to solve it. Flatpak is a container/isolation technology right? If you need direct integration and access to the system's cards, it's probably better to use a native package?

I'm not sure if it's right to classify that as a "defect", because the problem only happens when using the container around Thunderbird. So I'd think the bug is in the container environment.

Status: UNCONFIRMED → NEW
Type: defect → enhancement
Ever confirmed: true
You need to log in before you can comment on or make changes to this bug.