On the Qrexec policy, set the target of qubes.Gpg2 to a fedora based qube that has split-gpg2 installed.
On the client:
$ gpg -bsau KEYFPR README.md
Expected behavior
File signed successfully.
Actual behavior
Can't sign files when using Fedora client and Debian server.
gpg: WARNING: server 'gpg-agent' is older than us (2.2.40 < 2.4.4)
gpg: Note: Outdated servers may lack important security fixes.
gpg: Note: Use the command "gpgconf --kill all" to restart them.
gpg: problem with fast path key listing: IPC parameter error - ignored
gpg: skipped "KEYFPR": Unusable secret key
gpg: signing failed: Unusable secret key
It appears as just a warning, but after watching the debug log on the server split-gpg2, it is actually an error. When tested with a fedora based server, it works.
Resolution
Necessary to switch the origin template of tpl-sys-pgp to fedora-minimal instead of debian-minimal, therefore any recent or old client versions can work with sys-pgp.
For anyone that has already created tpl-sys-pgp, just set the template of sys-pgp to any other template, delete tpl-sys-pgp and run the installation steps of sys-pgp.
Software version
R4.2, Fedora 39, Debian 12.
Fedora:
Debian:
Brief summary
Steps to reproduce
On the Qrexec policy, set the target of
qubes.Gpg2
to a fedora based qube that has split-gpg2 installed.On the client:
Expected behavior
File signed successfully.
Actual behavior
Can't sign files when using Fedora client and Debian server.
It appears as just a warning, but after watching the debug log on the server split-gpg2, it is actually an error. When tested with a fedora based server, it works.
Resolution
Necessary to switch the origin template of
tpl-sys-pgp
tofedora-minimal
instead ofdebian-minimal
, therefore any recent or old client versions can work withsys-pgp
.For anyone that has already created
tpl-sys-pgp
, just set the template ofsys-pgp
to any other template, deletetpl-sys-pgp
and run the installation steps ofsys-pgp
.