Secret key has missing trust [sic] in Thunderbird


I have recently installed the latest version of Thunderbird (60.3.0, 64-bit) on Ubuntu 18.04 from the Snap Store, and I have had (unsolved) problems regarding Enigmail and the trust settings of my private key, see my question posted at AskUbuntu.

@kenvandine Is this a known issue?


Have you connect the snap to the gpg-keys interface?



I have looked into this a bit. The Enigmail extension seems to try to exec the gpg2 binary, which is prevented by snap. Snap confinement prevents applications from running arbitrary processes. With the gpg-keys interface connected, it could have access to the keys but would need to use a proper API to query them rather than exec of an external process.


Perhaps ship gpg2 with the snap?


The snap does include it and from the logs i’ve seen it looks like it finds it in the PATH. Maybe gpg2 just isn’t looking in the right place?


In that other thread I detailed a while back my investigation to try and make gpg2 work inside a snap.

TL;DR: I didn’t succeed, I identified a number of changes/additions that would be needed in the gpg-keys interface, and I also identified incompatibilities between the versions of gpg in xenial and bionic that would require additional logic for the snap to talk to gpg-agent on the host.

At the time I was testing with a core16-based snap, built on xenial. It would be worth revisiting the problem now that the libreoffice snap is based on core18 and built on bionic.


I’ll take a swing at building the thunderbird snap for core18.