Description of problem: In seahorse, attempting to do anything more complicated than creating a GPG key fails with the error message "General error." Downgrading gnupg2 from 2.0.25-1.fc20.x86_64 to 2.0.22-1.fc20.x86_64 fixes the issue, so filing against gnupg2. Version-Release number of selected component (if applicable): 2.0.25-1.fc20.x86_64 How reproducible: Always Steps to Reproduce: 1. Create a GPG key with Seahorse 2. Attempt to (a) change the expiration date of the key, or (b) sign it with another key, using Seahorse Actual results: "General Error" Expected results: Operation succeeds Additional info: Going forward, we in GNOME will need to figure out how to respond to protocol changes in gnupg (we've discussed ripping out our gpg agent and using the gnupg pinentry interface instead), but I'm filing this bug against gnupg because (a) the relevant changes really need to be reverted for F20, since you shouldn't break other apps mid-release, and (b) it would be really helpful to revert this for F21 as well, since fixing this on the GNOME side is not trivial and sans an unexpected volunteer, it's unlikely we'll be able to do so in the next couple of months. (My opinion is that if we can't get this working in time for F22, then we should consider removing GPG functionality from seahorse, since it's not reasonable to indefinitely block gnupg development for GNOME's needs.) Also, as a heads up: I need to verify that this problem also occurs in F21 in addition to F20, but once I've done so I'm going to propose it as a F21 final blocker under the menu sanity criterion, since seahorse doesn't pass a basic functionality test.
Reverting it means there will be unfixed security issues present - namely the CVE-2014-4617 will be.
I think there's a work around that could be implemented in seahorse ... to force use of GnuPG 1.4.x for now.
As this issue is moderate only I would say we can afford to have it unfixed on F19 and F20, but I am against reverting on F21.
(In reply to Stef Walter from comment #2) > I think there's a work around that could be implemented in seahorse ... to > force use of GnuPG 1.4.x for now. If that fixes seahorse, then we don't need any changes in gnupg at all, correct?
On F21, simply creating a GPG key with seahorse is broken. Proposing as a F21 final blocker: "All applications that can be launched using the standard graphical mechanism of a release-blocking desktop after a default installation of that desktop must start successfully and withstand a basic functionality test." "Basic functionality means that the app must at least be broadly capable of its most basic expected operations" Seahorse is a tool for creating and managing stored passwords, OpenSSH, and GnuPG keys. Everything GnuPG-related is currently broken.
Discussed at 2014-11-05 blocker review meeting [1]. Accepted as a blocker. This bug is a clear violation of the Basic functionality final criterion [2]. It needs to be resolved in one way or other (downgrading seahorse to use gnupg1, removing gnupg functionality from seahorse, removing seahorse from default installation, reverting patches in gnupg2, ...). [1] http://meetbot.fedoraproject.org/fedora-blocker-review/2014-11-05/ [2] https://fedoraproject.org/wiki/Fedora_21_Final_Release_Criteria#Default_application_functionality
(In reply to Kamil Páral from comment #6) > (downgrading seahorse to use gnupg1 ^ Stef has a seahorse patch for this, so no changes are needed in gnupg at this time. I just ask the gnupg maintainers to watch out for any future gnupg1 updates that could similarly break seahorse, especially in a stable release.
seahorse-3.14.0-2.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/FEDORA-2014-14337/seahorse-3.14.0-2.fc21
In my opinion it is better to keep gnupg updated and fix any packages that break as a result than it is to continue to use a version with known vulnerabilities.
I agree with bcl here. Also the downgrade to gnupg1 should be taken only as a temporary measure for F21 and for F22 it should be fixed to work with gnupg2 correctly or the gpg agent functionality should be dropped from it.
seahorse-3.14.0-2.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.