Secret key has missing trust [sic] in Thunderbird


#1

I have recently installed the latest version of Thunderbird (60.3.0, 64-bit) on Ubuntu 18.04 from the Snap Store, and I have had (unsolved) problems regarding Enigmail and the trust settings of my private key, see my question posted at AskUbuntu.

@kenvandine Is this a known issue?


#2

Have you connect the snap to the gpg-keys interface?

Reference:


#3

I have looked into this a bit. The Enigmail extension seems to try to exec the gpg2 binary, which is prevented by snap. Snap confinement prevents applications from running arbitrary processes. With the gpg-keys interface connected, it could have access to the keys but would need to use a proper API to query them rather than exec of an external process.


#4

Perhaps ship gpg2 with the snap?


#5

The snap does include it and from the logs i’ve seen it looks like it finds it in the PATH. Maybe gpg2 just isn’t looking in the right place?


#6

In that other thread I detailed a while back my investigation to try and make gpg2 work inside a snap.

TL;DR: I didn’t succeed, I identified a number of changes/additions that would be needed in the gpg-keys interface, and I also identified incompatibilities between the versions of gpg in xenial and bionic that would require additional logic for the snap to talk to gpg-agent on the host.

At the time I was testing with a core16-based snap, built on xenial. It would be worth revisiting the problem now that the libreoffice snap is based on core18 and built on bionic.


#7

I’ll take a swing at building the thunderbird snap for core18.