qubes-gpg-client error "--keyserver-options"

[marmarek]

Reported by anonymous on 8 Nov 2014 19:29 UTC
Attempting encryption with split gpg results in the following error, with the following software.

Qubes R2
Fedora 20
Thunderbird 31.2.0
TorBirdy 1.3.0
Enigmail 1.7.2
qubes-gpg-split 2.0.7

Error - encryption command failed
/usr/bin/qubes-gpg-client-wrapper --charset utf-8 --display-charset utf-8 --no-emit-version --no-comments --display-charset utf-8 --keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=http://127.0.0.1:8118 --batch --no-tty --status-fd 2 --with-fingerprint --fixed-list-mode --with-colons --list-keys
qubes-gpg-client: unrecognized option '--keyserver-options'

Error can be resolved by removing '--keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=http://127.0.0.1:8118' from Enigmail's advanced options, though qubes-gpg-client should recognize the above options. The options are a modification made by TorBirdy.

Migrated-From: https://wiki.qubes-os.org/ticket/920

[marmarek]

Comment by marmarek on 9 Nov 2014 15:55 UTC
Even if the option would be added to supported list, proxy server pointed by it isn't available in GpgVM, so access to such keyserver would fail. Also it is good idea to have network-isolated GpgVM, so any keyserver operation would fail.
Given those reasons, I see no point in passing keyserver to GpgVM. IMO you should simply remove those options. If it isn't easy when TorBirdy is installed, perhaps qubes-gpg-client should just ignore this option?

[marmarek]

Comment by marmarek on 9 Nov 2014 15:55 UTC
Even if the option would be added to supported list, proxy server pointed by it isn't available in GpgVM, so access to such keyserver would fail. Also it is good idea to have network-isolated GpgVM, so any keyserver operation would fail.
Given those reasons, I see no point in passing keyserver to GpgVM. IMO you should simply remove those options. If it isn't easy when TorBirdy is installed, perhaps qubes-gpg-client should just ignore this option?

[marmarek]

Comment by anonymous on 9 Nov 2014 17:40 UTC
It is easy to remove the options. For those who may have trouble, open the following,

Thunderbird;
Add-ons Manager;
Enigmail 1.7.2 'Preferences';
Click 'Display Expert Settings and Menus';
Advanced;
'Additional parameters for GnuPG' remove everything starting with '--keyserver options' ending with 'http-proxy=http://127.0.0.1:8118'.

This should leave Enigmail with the parameters,

--no-emit-version
--no-comments
--display-charset utf-8

[marmarek]

Comment by anonymous on 9 Nov 2014 17:40 UTC
It is easy to remove the options. For those who may have trouble, open the following,

Thunderbird;
Add-ons Manager;
Enigmail 1.7.2 'Preferences';
Click 'Display Expert Settings and Menus';
Advanced;
'Additional parameters for GnuPG' remove everything starting with '--keyserver options' ending with 'http-proxy=http://127.0.0.1:8118'.

This should leave Enigmail with the parameters,

--no-emit-version
--no-comments
--display-charset utf-8

[marmarek]

Comment by anonymous on 9 Nov 2014 23:37 UTC
I am corrected, TorBirdy will reset these parameters when Thunderbird is restarted, forcing the user to clear the problematic parameters every time.

[marmarek]

Comment by anonymous on 9 Nov 2014 23:37 UTC
I am corrected, TorBirdy will reset these parameters when Thunderbird is restarted, forcing the user to clear the problematic parameters every time.

[marmarek]

Comment by marmarek on 10 Dec 2014 12:09 UTC
Generally such problems (some new option needed for qubes-gpg-client) should vanish when we switch to GPG 2.1 based split gpg (#474).

[marmarek]

Comment by marmarek on 10 Dec 2014 12:09 UTC
Generally such problems (some new option needed for qubes-gpg-client) should vanish when we switch to GPG 2.1 based split gpg (#474).