Project

General

Profile

Bug #15213

Tails signing key can't be imported from Seahorse with the default key files filter

Added by goupille over 1 year ago. Updated 16 days ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Installation
Target version:
Start date:
01/22/2018
Due date:
% Done:

100%

Estimated time:
0.00 h
QA Check:
Pass
Feature Branch:
bugfix/15213-signing-key-cant-be-imported-from-seahorse+force-all-tests
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

Tails signing key as we propose to download it (https://tails.boum.org/tails-signing.key) can't be imported in Seahorse without changing its extension to ".asc"

It seems to be a Seahorse issue (same behavior in Debian Sid), since .key is supposed to be a valid mime type.


Related issues

Related to Tails - Bug #10889: shared-mime-info associates .key files with LibreOffice Writer in GNOME Files Resolved 01/09/2016
Related to Tails - Bug #10571: The 'application/pgp-keys' MIME type has bad application associations Resolved 11/17/2015
Blocks Tails - Feature #16209: Core work: Foundations Team Confirmed 03/22/2019

Associated revisions

Revision 34a6a9fb (diff)
Added by segfault about 1 month ago

Patch shared-mime-info to handle .key files as pgp-keys (refs: #15213)

Revision 630b5428 (diff)
Added by segfault about 1 month ago

Also use files in /usr/share/mime when updating mime-info cache (refs: #15213)

We now patch files in /usr/share/mime/packages, so we have to update the
cache for this directory.

Revision 90ffe625
Added by intrigeri 27 days ago

Merge remote-tracking branch 'origin/bugfix/15213-signing-key-cant-be-imported-from-seahorse+force-all-tests' into stable

Fix-committed: #15213

Revision 56bb7427 (diff)
Added by segfault 25 days ago

Refresh handle-dot-key-files-as-pgp-keys.diff to apply on Buster (refs: #15213)

History

#1 Updated by intrigeri over 1 year ago

  • Related to Bug #10889: shared-mime-info associates .key files with LibreOffice Writer in GNOME Files added

#2 Updated by intrigeri over 1 year ago

  • Related to Bug #10571: The 'application/pgp-keys' MIME type has bad application associations added

#3 Updated by intrigeri over 1 year ago

  • Assignee changed from intrigeri to goupille
  • Target version set to Tails_3.6
  • QA Check set to Info Needed

This seems to be the same as #10571 and #10889 and the current status is:

  • this works fine for me in Tails 3.5 (thanks to the fix we applied 2 years ago in config/chroot_local-includes/etc/skel/.local/share/applications/mimeapps.list); goupille, can you reproduce this problem on Tails?
  • no update on the upstream bug (https://bugs.freedesktop.org/show_bug.cgi?id=93656) which explains why the problem still exists outside of Tails.

Now, I suspect our reasons for using the .key extension are obsolete: IIRC we did that so the web server would set the correct MIME type, so when clicking on the link the user would be proposed to import the key with seahorse-tool:

  • in current Tails this is irrelevant as we never propose the user to open files downloaded with Tor Browser using an external app
  • on current Debian sid, Chromium proposes me to save the key to disk, not to open it
  • on current Debian sid, Firefox proposes me to open the key with "Import key" (i.e. seahorse-tool)
  • I didn't test with Tor Browser in a less constrained environment, where opening downloads with an external app is allowed.

Once goupille confirms this bug does not affect current Tails, let's reassign to our tech writers so they can test what happens if we renamed the file to .asc and decide what to do. Another option could be to configure the web server to force the correct MIME type for these files, regardless of their extension; I don't know if this will override the file association used by Chromium, Firefox or Tor Browser outside of Tails.

#4 Updated by intrigeri over 1 year ago

  • Category set to Installation

#5 Updated by goupille over 1 year ago

With tails 3.5, in a sense, I'm still affected by this bug : in nautilus the file is seen as a libreoffice file, and when I open seahorse>file>import the file is not listed by default. I need to switch "All key files" to "All files" to see it, then I can import it. I think it was the case also with previous versions.

so the signing key can be imported into seahorse, but not as easily as it should imo.

anonym told me that the .key extension was maybe chosen over .asc to make it explicit it was not a signature file.

#6 Updated by goupille over 1 year ago

  • Assignee changed from goupille to sajolida
  • QA Check deleted (Info Needed)

#7 Updated by sajolida about 1 year ago

  • Target version changed from Tails_3.6 to Tails_3.7

#8 Updated by sajolida about 1 year ago

  • Assignee changed from sajolida to intrigeri
  • QA Check set to Info Needed

Adding to what goupille described: in Tails tails-signing.key is displayed as a LibreOffice presentation but, when I double-click on it, it gets imported by Seahorse. Still, I confirm that it is not listed in Seahorse when doing File → Import...

I think the ".key" extension was chosen to both explicit that the file is a key (with GnuPG ".asc" can mean pretty much anything). Maybe also to help our web server assigning to correct MIME/Type.

Shall I switch to using ".asc"?

#9 Updated by intrigeri about 1 year ago

  • Target version changed from Tails_3.7 to Tails_3.8

#10 Updated by intrigeri about 1 year ago

  • Subject changed from Tails signing key can't be imported into Seahorse to Tails signing key can't be imported from Seahorse with the default key files filter
  • Target version changed from Tails_3.8 to Tails_3.9
  • QA Check deleted (Info Needed)
  • Type of work changed from Research to Communicate

sajolida wrote:

Still, I confirm that it is not listed in Seahorse when doing File → Import...

FTR this is because of https://bugs.freedesktop.org/show_bug.cgi?id=93656 that I've mentioned above (corresponding Seahorse source code). A patch was proposed upstream a month ago. I've juste pinged on the bug report.

I think the ".key" extension was chosen to both explicit that the file is a key (with GnuPG ".asc" can mean pretty much anything).

Indeed.

Shall I switch to using ".asc"?

tl;dr: not yet (and hopefully never).

It's not obvious to me that the usability improvement we would get from this change compensates the usability regression it would cause. Regardless, given there's a patch proposed upstream that fixes the root cause of this problem, I'd rather work on fixing that root cause there instead of seeing us spend time on workarounds that might become unneeded in a year (and then if we keep these workarounds in place, we'll still have the usability regression but it won't be justified anymore with another improvement).

#11 Updated by intrigeri 11 months ago

#12 Updated by intrigeri 11 months ago

  • Type of work changed from Communicate to Code

Upstream has reviewed the patch and requested changes. The author of the patch proposed upstream wrote "I'm probably not going to follow up beyond this". So let's take it over and try to get the patch into a shape that can be applied upstream, released and packaged in time for the Buster freeze. This is a good candidate for our new FT members so let's reassign it during our meeting tomorrow.

#13 Updated by intrigeri 11 months ago

  • Assignee deleted (intrigeri)

I'll assign it to the next FT member who asks for more work before our next meeting.

#14 Updated by intrigeri 10 months ago

  • Assignee set to lamby
  • Estimated time set to 2.00 h

#16 Updated by intrigeri 10 months ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 20

#17 Updated by lamby 10 months ago

Pinged upstream bug.

#19 Updated by lamby 9 months ago

  • Assignee changed from lamby to intrigeri

After a ping earlier today, this was just marked as "WONTFIX":

https://bugzilla.gnome.org/show_bug.cgi?id=784738#c3

Advice on how to proceed?

#20 Updated by intrigeri 9 months ago

  • Assignee changed from intrigeri to lamby

After a ping earlier today, this was just marked as "WONTFIX":

https://bugzilla.gnome.org/show_bug.cgi?id=784738#c3

Wrong URL or wrong ticket?

#21 Updated by lamby 9 months ago

Wrong ticket! I pinged another tails-related bug on freedesktop.org a few hours ago and, when this one came through, I naturally assumed it was this one.. especially after receiving no response for weeks...

To clarify, https://bugs.freedesktop.org/show_bug.cgi?id=93656#c7 remains the latest status (keeping hold of this one)

#22 Updated by intrigeri 9 months ago

OK!

(Wrt. GConf we don't care much, we've removed it from Tails.)

#23 Updated by intrigeri 9 months ago

  • Target version changed from Tails_3.9 to Tails_3.10.1

#24 Updated by intrigeri 8 months ago

#25 Updated by intrigeri 8 months ago

#26 Updated by lamby 7 months ago

This was recently "closed" upstream due to freedesktop.org moving to GitLab. I have thus re-created the patch and submitted a merge request:

https://gitlab.freedesktop.org/xdg/shared-mime-info/merge_requests/5

Enjoy.

#28 Updated by lamby 7 months ago

This has now been merged upstream:

https://gitlab.freedesktop.org/xdg/shared-mime-info/merge_requests/5#note_51542

I will request a release in ~10 days.

#29 Updated by intrigeri 7 months ago

  • Target version changed from Tails_3.10.1 to Tails_4.0

This has now been merged upstream:

\o/

Given Buster is getting close on the horizon, nobody ever reported this bug in Debian, and it affects only a small minority of our users, IMO it's not worth us proposing this as a Stretch update or even patching shared-mime-info in Tails. So I think the best course of action is:

  1. Get this released upstream (which you're already on :)
  2. Ensure this is released with Buster
  3. Drop the corresponding workarounds in config/chroot_local-includes/etc/skel/.local/share/applications/mimeapps.list on our feature/buster branch.

#32 Updated by lamby 6 months ago

Upstream say they don't have time to do a release: https://gitlab.freedesktop.org/xdg/shared-mime-info/merge_requests/5#note_76365

I've therefore filed it in Debian here: https://bugs.debian.org/913550

#33 Updated by lamby 5 months ago

I've pinged the Debian bug: https://bugs.debian.org/913550#19

#34 Updated by lamby 5 months ago

Pinged Debian bug, offering to do an upload: https://bugs.debian.org/913550#24

Also:

#35 Updated by intrigeri 5 months ago

#36 Updated by intrigeri 5 months ago

#37 Updated by intrigeri 4 months ago

  • Estimated time changed from 2.00 h to 0.00 h

Removing what's been accounted for in 2018Q4.

#38 Updated by intrigeri 2 months ago

#39 Updated by intrigeri 2 months ago

#40 Updated by intrigeri about 2 months ago

  • Target version changed from Tails_4.0 to Tails_3.14

It's almost the last minute to get this fixed in Buster proper. If that doesn't work, let's apply the patch on our side.

#41 Updated by intrigeri about 2 months ago

  • Assignee deleted (lamby)

Let's apply the patch!

#42 Updated by segfault about 1 month ago

  • Assignee set to segfault
  • % Done changed from 20 to 50

I applied the patch. After building and testing, I noticed that we also have to update the mime-info cache after applying the patch. Pushed another commit for that, now building and testing again.

#43 Updated by segfault about 1 month ago

  • Assignee deleted (segfault)
  • % Done changed from 50 to 60
  • QA Check set to Ready for QA
  • Feature Branch set to bugfix/15213-signing-key-cant-be-imported-from-seahorse

In an image built from the feature branch, when I download the tails-signing.key:

  • In Nautilus, it has as an icon like a text file
  • On double click, it is opened via seahorse (but the import fails because it's already imported)
  • It is shown in the seahorse "Import Key" file chooser dialog

I think that's all the expected behavior, so marking for ready for QA.

#44 Updated by segfault about 1 month ago

(We still have to wait for and check Jenkins test results)

#45 Updated by segfault about 1 month ago

  • Feature Branch changed from bugfix/15213-signing-key-cant-be-imported-from-seahorse to bugfix/15213-signing-key-cant-be-imported-from-seahorse+force-all-tests

segfault wrote:

(We still have to wait for and check Jenkins test results)

The PGP related scenarios were not run, retrying with +force-all-tests

#46 Updated by intrigeri 27 days ago

  • Assignee set to intrigeri

#47 Updated by intrigeri 27 days ago

Code review passes, will build & give it a try.

#48 Updated by intrigeri 27 days ago

  • QA Check changed from Ready for QA to Pass

segfault wrote:

In an image built from the feature branch, when I download the tails-signing.key:

  • In Nautilus, it has as an icon like a text file

Confirmed.

  • On double click, it is opened via seahorse (but the import fails because it's already imported)

The import also fails after deleting the key from the keyring: I see a notification that says "keys were found but not imported". And indeed the key is not in the keyring. Same if I run seahorse-tool --import tails-signing.key by hand so I think that's another issue, revealed by fixing the problem this ticket is about. Same when trying to import my own key so it's not specific to the Tails signing key. I'm not going to bother trying to reproduce on sid nor ensuring this is known upstream: Seahorse is basically unmaintained and I doubt this will lead anywhere.

  • It is shown in the seahorse "Import Key" file chooser dialog

Confirmed, works fine.

Will merge!

#49 Updated by intrigeri 27 days ago

  • Status changed from In Progress to Fix committed
  • % Done changed from 60 to 100

#50 Updated by intrigeri 27 days ago

  • Assignee deleted (intrigeri)

#51 Updated by intrigeri 25 days ago

@segfault, it would be sweet if you merged devel into feature/buster and made this new patch apply cleanly at build time: it currently makes feature/buster FTBFS. Feel free to push the resulting fix straight to feature/buster. Thanks in advance!

#52 Updated by segfault 25 days ago

  • Status changed from Fix committed to In Progress

#53 Updated by segfault 25 days ago

  • Status changed from In Progress to Fix committed

intrigeri wrote:

@segfault, it would be sweet if you merged devel into feature/buster and made this new patch apply cleanly at build time: it currently makes feature/buster FTBFS. Feel free to push the resulting fix straight to feature/buster. Thanks in advance!

Done

#54 Updated by intrigeri 18 days ago

  • Target version changed from Tails_3.14 to Tails_3.13.2

#55 Updated by anonym 17 days ago

  • Status changed from Fix committed to Resolved

#56 Updated by anonym 17 days ago

  • Target version changed from Tails_3.13.2 to Tails_3.14

#57 Updated by intrigeri 16 days ago

  • Target version changed from Tails_3.14 to Tails_3.13.2

Also available in: Atom PDF