Secret key has missing trust [sic] in Thunderbird

I have recently installed the latest version of Thunderbird (60.3.0, 64-bit) on Ubuntu 18.04 from the Snap Store, and I have had (unsolved) problems regarding Enigmail and the trust settings of my private key, see my question posted at AskUbuntu.

@kenvandine Is this a known issue?

Have you connect the snap to the gpg-keys interface?

Reference:

I have looked into this a bit. The Enigmail extension seems to try to exec the gpg2 binary, which is prevented by snap. Snap confinement prevents applications from running arbitrary processes. With the gpg-keys interface connected, it could have access to the keys but would need to use a proper API to query them rather than exec of an external process.

1 Like

Perhaps ship gpg2 with the snap?

1 Like

The snap does include it and from the logs i’ve seen it looks like it finds it in the PATH. Maybe gpg2 just isn’t looking in the right place?

1 Like

In that other thread I detailed a while back my investigation to try and make gpg2 work inside a snap.

TL;DR: I didn’t succeed, I identified a number of changes/additions that would be needed in the gpg-keys interface, and I also identified incompatibilities between the versions of gpg in xenial and bionic that would require additional logic for the snap to talk to gpg-agent on the host.

At the time I was testing with a core16-based snap, built on xenial. It would be worth revisiting the problem now that the libreoffice snap is based on core18 and built on bionic.

1 Like

I’ll take a swing at building the thunderbird snap for core18.

2 Likes

Any progress on this one. I am building a snap that uses gpg and gpg-agent to sign files but fail to get it to work because of the linked described problems.

@jberends you should probably continue that conversation in that other thread, and share details on what exactly you are trying to achieve and how, and how it fails.