search

flathub / org.libreoffice.LibreOffice

https://flathub.org/apps/details/org.libreoffice.LibreOffice
29 stars 18 forks source link

Unable to digitally sign documents #52

Open ahayzen opened 5 years ago

ahayzen commented 5 years ago

What happened

1) Opened a libreoffice document (eg spreadsheet) 2) Selected File -> Digital Signatures -> Digital Signatures ... 3) Select "Start Certificate Manager" to try to add a certificate from a file (eg I think this is how i added a S/MIME cert before) 4) Notice that it states "Cannot find any certificate manager" 5) If you have an existing OpenPGP keys, select "Sign Document" 6) Notice that the OpenPGP key is in the list, you can select the key and click "Sign", but nothing appears to happen

What I expected to happen

Versions

LibreOffice Version: 6.1.0.3 Flatpak Version: 0.11.7 Distro: Ubuntu 18.04.1 LTS

ahayzen commented 4 years ago

Looks like for the "Cannot find any certificate manager", this is because LibreOffice shells out to another GUI here https://github.com/LibreOffice/core/blob/48595c805dd5b917e9bd01ad1c2deb4a047c5f7b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx#L515

So it is expecting either "kleopatra", "seahorse", "gpa", or "kgpg" to be available. https://github.com/LibreOffice/core/blob/48595c805dd5b917e9bd01ad1c2deb4a047c5f7b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx#L483 but these aren't in the runtime (?), I guess this might need to be a portal or one of these would need to be bundled with the app ?

Erick555 commented 4 years ago

So it is expecting either "kleopatra", "seahorse", "gpa", or "kgpg" to be available. https://github.com/LibreOffice/core/blob/48595c805dd5b917e9bd01ad1c2deb4a047c5f7b/xmlsecurity/source/dialogs/digitalsignaturesdialog.cxx#L483 but these aren't in the runtime (?)

All of those are standalone gui apps so obviously then can't be in provided runtime. 😄 Currently flatpak doesn't provide good support for gpg usage in apps, thye need to drill holes is sandbox themselves. I'm not sure if bundling one of those apps will help as user may use different one on their desktop and bundled one will look alien to them.

CWiesbaum commented 3 years ago

Any progress in respect of GPG signing/encrypting? I migrated my system to Fedora Silverblue. Unfortunately I got some GPG encrypted LibreOffice files I need to work with and I ran into similar problems.

What happens - Opening an existing encrypted file

  1. Double klick the file in file browser
  2. LibreOffice opens and displays "Enter Password" prompt
  3. No password was set, so I assumed GPG passphrase might work
  4. LibreOffice displays "Wrong password" => Unable to open the file

What happens - Create a new GPG encrypted file and try to open it

  1. Create a new file
  2. Save file and select GPG encryption
  3. Select your GPG key from list
  4. Save (Note: System's passphrase dialogue is not displayed)
  5. PROCEED WITH "Opening an existing encrypted file" STEPS ABOVE

Note: I am able to sign and encrypt emails using Evolution. System's passphrase dialogue is displayed.

System OS: Fedora Silverblue 33 (Gnome) LibreOffice: 7.1.0.3 Flatpak Source: flathub.org

CWiesbaum commented 3 years ago

So, I was not able to encrypt and decrypt files using LibreOffice Flatpak. I assume Flatpak would have to implement an interface for the host gpg agent in order for this to work. I am unsure how the Evolution Flatpak (flathub) does it, may be they already have a solution.

For my current situation I used Fedora Toolbox as a workaround. I created a new toolbox, installed LibreOffice using dnf and GPG works as intended.

Still, I would prefer a clean Flatpak solution. Unfortunately, I do not have some spare time to investigate further and provide a solution.

Erick555 commented 3 years ago

Did you tried launching LO flatpak with --filesystem=xdg-run/gnupg:ro option? Make sure that $XDG_RUNTIME_DIR/gnupg exists before you try.

CWiesbaum commented 3 years ago

Did you tried launching LO flatpak with --filesystem=xdg-run/gnupg:ro option? Make sure that $XDG_RUNTIME_DIR/gnupg exists before you try.

No. I started using flatpak recently. I was not aware of this option. I'll give it a try throughout the weekend.

Thanks for the hint.

b-m-f commented 2 years ago

--filesystem=xdg-run/gnupg:ro

Tried it and unfortunately it still does not work

CWiesbaum commented 1 year ago

Just wanted to let you know, that the problem still exists. By now even my workaround using a fedora toolbox and starting LibreOffice from within stopped working.

My new workaround is to "open" my gnupg key before starting LibreOffice. By doing so, the passphrase is cached (standard behavior on most distros) and LibreOffice does not ask for it. It just opens encrypted files...

To cache the passphrase I currently decrypt some random file on command line. Not the most elegant solution, but it works.

In my opinion the issue solely exists because LibreOffice does not know of the gpg-agent used on the system and therefore defaults to the password prompt. Anyone any idea how to set this for LibreOffice?

On my machine gpg encrypting emails works with evolution and a proper passphrase prompt. So, Evolution must somehow determine the proper ui gpg-agent.