[GH-ISSUE #1653] Thunderbird(Enigmail) not find GnuPG #1116

New issue

Closed

opened 2026-05-05 07:29:01 -06:00 by gitea-mirror · 16 comments

gitea-mirror commented 2026-05-05 07:29:01 -06:00

Owner

Copy link

Originally created by @ByteHackr on GitHub (Nov 19, 2017).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1653

Enigmail on Thunderbird does not find any GnuPG executable.

Originally created by @ByteHackr on GitHub (Nov 19, 2017). Original GitHub issue: https://github.com/netblue30/firejail/issues/1653 Enigmail on Thunderbird does not find any GnuPG executable.

gitea-mirror 2026-05-05 07:29:01 -06:00

• closed this issue
• added the
  bug
  label

gitea-mirror commented 2026-05-05 07:29:04 -06:00

Author

Owner

Copy link

@Fred-Barclay commented on GitHub (Nov 20, 2017):

G'day @BehindLinux and thanks for the report!
Can I get some more information from you?

1. What Linux distro are you using?
2. What version of Firejail are you using? You can check with firejail --version.
3. How did you install firejail (was it from your distro's repositories, or did you download it from our SourceForge page, or did you compile from source?)?
4. Why do you say that enigmail isn't finding gpg? Please copy and paste any error messages.
5. Do you get the same error when running Thunderbird outside of firejail?

Thanks!
Fred

<!-- gh-comment-id:345596024 --> @Fred-Barclay commented on GitHub (Nov 20, 2017): G'day @BehindLinux and thanks for the report! Can I get some more information from you? 1. What Linux distro are you using? 2. What version of Firejail are you using? You can check with `firejail --version.` 3. How did you install firejail (was it from your distro's repositories, or did you download it from our SourceForge page, or did you compile from source?)? 4. Why do you say that enigmail isn't finding gpg? Please copy and paste any error messages. 5. Do you get the same error when running Thunderbird outside of firejail? Thanks! Fred

gitea-mirror commented 2026-05-05 07:29:06 -06:00

Author

Owner

Copy link

@Micha-Btz commented on GitHub (Nov 22, 2017):

I have the same problem. Debian Sid. firejail version 0.9.50. The gpg binarys available so I'm a bit helpless. Maybe there are problems with the access to gpg agent.

<!-- gh-comment-id:346292531 --> @Micha-Btz commented on GitHub (Nov 22, 2017): I have the same problem. Debian Sid. firejail version 0.9.50. The gpg binarys available so I'm a bit helpless. Maybe there are problems with the access to gpg agent.

gitea-mirror commented 2026-05-05 07:29:08 -06:00

Author

Owner

Copy link

@smitsohu commented on GitHub (Nov 25, 2017):

Probably communcation with gpg-agent fails. Does it work when you start Thunderbird with firejail --writable-run-user thunderbird?

<!-- gh-comment-id:346942137 --> @smitsohu commented on GitHub (Nov 25, 2017): Probably communcation with gpg-agent fails. Does it work when you start Thunderbird with `firejail --writable-run-user thunderbird`?

gitea-mirror commented 2026-05-05 07:29:10 -06:00

Author

Owner

Copy link

@Micha-Btz commented on GitHub (Nov 25, 2017):

firejail --writable-run-user thunderbird
Error: invalid --writable-run-user command line option

no my firejail seems to be to old?
for the moment i have disabled the enigmail addon. How can I further debug this?

<!-- gh-comment-id:346943256 --> @Micha-Btz commented on GitHub (Nov 25, 2017): ``` firejail --writable-run-user thunderbird Error: invalid --writable-run-user command line option ``` no my firejail seems to be to old? for the moment i have disabled the enigmail addon. How can I further debug this?

gitea-mirror commented 2026-05-05 07:29:13 -06:00

Author

Owner

Copy link

@smitsohu commented on GitHub (Nov 25, 2017):

I have the same problem. Debian Sid. firejail version 0.9.50.

Ahh, sorry, I overlooked that you are on 0.9.50. and --writable-run-user is only in master.

See also #1546 and #1572

<!-- gh-comment-id:346945456 --> @smitsohu commented on GitHub (Nov 25, 2017): > I have the same problem. Debian Sid. firejail version 0.9.50. Ahh, sorry, I overlooked that you are on 0.9.50. and `--writable-run-user` is only in master. See also #1546 and #1572

gitea-mirror commented 2026-05-05 07:29:14 -06:00

Author

Owner

Copy link

@Micha-Btz commented on GitHub (Nov 25, 2017):

Ok, this two issues offers me a solution that can't work with my version. But is there a way to solve this in 0.9.50?

<!-- gh-comment-id:346948849 --> @Micha-Btz commented on GitHub (Nov 25, 2017): Ok, this two issues offers me a solution that can't work with my version. But is there a way to solve this in 0.9.50?

gitea-mirror commented 2026-05-05 07:29:14 -06:00

Author

Owner

Copy link

@smitsohu commented on GitHub (Nov 25, 2017):

No, it is not configurable in 0.9.50. You will need to upgrade to git version or wait until 0.9.52 is released.

<!-- gh-comment-id:346949429 --> @smitsohu commented on GitHub (Nov 25, 2017): No, it is not configurable in 0.9.50. You will need to upgrade to git version or wait until 0.9.52 is released.

gitea-mirror commented 2026-05-05 07:29:16 -06:00

Author

Owner

Copy link

@Micha-Btz commented on GitHub (Nov 25, 2017):

Can you please create a bugfix release to 0.9.50 which contain --writable-run-user?
I would stay by the distro packages.

<!-- gh-comment-id:346949848 --> @Micha-Btz commented on GitHub (Nov 25, 2017): Can you please create a bugfix release to 0.9.50 which contain --writable-run-user? I would stay by the distro packages.

gitea-mirror commented 2026-05-05 07:29:17 -06:00

Author

Owner

Copy link

@smitsohu commented on GitHub (Nov 25, 2017):

cc'ing @startx2017

<!-- gh-comment-id:346952484 --> @smitsohu commented on GitHub (Nov 25, 2017): cc'ing @startx2017

gitea-mirror commented 2026-05-05 07:29:18 -06:00

Author

Owner

Copy link

@jmcclelland commented on GitHub (Jan 2, 2018):

I'm having the same problem and have a version with --writable-run-user. However, it does not help:

0 jamie@turkey:~$ firejail --writable-run-user thunderbird
Reading profile /etc/firejail/thunderbird.profile
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 6692, child pid 6693
Warning cannot create symbolic link /var/run
Blacklist violations are logged to syslog
Child process initialized in 64.83 ms
[calBackendLoader] Using Thunderbird's builtin libical backend

Parent is shutting down, bye...
0 jamie@turkey:~$ 

Maybe "Warning cannot create symbolic link /var/run" is a cluue?

<!-- gh-comment-id:354825380 --> @jmcclelland commented on GitHub (Jan 2, 2018): I'm having the same problem and have a version with --writable-run-user. However, it does not help: ``` 0 jamie@turkey:~$ firejail --writable-run-user thunderbird Reading profile /etc/firejail/thunderbird.profile Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Reading profile /etc/firejail/firefox.profile Reading profile /etc/firejail/disable-common.inc Reading profile /etc/firejail/disable-devel.inc Reading profile /etc/firejail/disable-programs.inc Reading profile /etc/firejail/whitelist-common.inc Reading profile /etc/firejail/whitelist-var-common.inc Parent pid 6692, child pid 6693 Warning cannot create symbolic link /var/run Blacklist violations are logged to syslog Child process initialized in 64.83 ms [calBackendLoader] Using Thunderbird's builtin libical backend Parent is shutting down, bye... 0 jamie@turkey:~$ ``` Maybe "Warning cannot create symbolic link /var/run" is a cluue?

gitea-mirror commented 2026-05-05 07:29:19 -06:00

Author

Owner

Copy link

@cmonty14 commented on GitHub (Jan 14, 2018):

Hi,
I'm experiencing the same issue with Debian Testing / firejail 0.9.52 / thunderbird 52.4.0 / gpg 2.2.4
Until this bug is fixed Thunderbird is unusable with Enigmail/PGP with firejail.
Is there any workaround to start Thunderbird w/o firejail?

<!-- gh-comment-id:357509684 --> @cmonty14 commented on GitHub (Jan 14, 2018): Hi, I'm experiencing the same issue with Debian Testing / firejail 0.9.52 / thunderbird 52.4.0 / gpg 2.2.4 Until this bug is fixed Thunderbird is unusable with Enigmail/PGP with firejail. Is there any workaround to start Thunderbird w/o firejail?

gitea-mirror commented 2026-05-05 07:29:20 -06:00

Author

Owner

Copy link

@SkewedZeppelin commented on GitHub (Jan 15, 2018):

@74cmonty you can run sudo rm /usr/local/bin/thunderbird to start normally

<!-- gh-comment-id:357575380 --> @SkewedZeppelin commented on GitHub (Jan 15, 2018): @74cmonty you can run `sudo rm /usr/local/bin/thunderbird` to start normally

gitea-mirror commented 2026-05-05 07:29:21 -06:00

Author

Owner

Copy link

@smitsohu commented on GitHub (Feb 3, 2018):

@jmcclelland @74cmonty does it work for you with firejail --noprofile --writable-run-user thunderbird?

If you are running debian buster or ubuntu or suse, can you please check sudo aa-status if there is an enforced apparmor profile for thunderbird?

I can't reproduce your issue on debian stable, it works fine here with writable-run-user.

<!-- gh-comment-id:362754687 --> @smitsohu commented on GitHub (Feb 3, 2018): @jmcclelland @74cmonty does it work for you with `firejail --noprofile --writable-run-user thunderbird`? If you are running debian buster or ubuntu or suse, can you please check `sudo aa-status` if there is an enforced apparmor profile for thunderbird? I can't reproduce your issue on debian stable, it works fine here with `writable-run-user`.

gitea-mirror commented 2026-05-05 07:29:21 -06:00

Author

Owner

Copy link

@jmcclelland commented on GitHub (Feb 5, 2018):

Thanks for the follow up.

I can longer reproduce the problem either.

It is mysteriously working again without the GPG error and without using any of the special arguments suggested in this thread.

I still get:

Warning cannot create symbolic link /var/run

I am running Debian Buster

And here is the output of the aa-status

0 jamie@turkey:~$ sudo aa-status
[sudo] password for jamie: 
apparmor module is loaded.
30 profiles are loaded.
26 profiles are in enforce mode.
   /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox
   /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor
   /usr/bin/man
   /usr/bin/man//filter
   /usr/bin/man//groff
   /usr/bin/ricochet
   /usr/lib/cups/backend/cups-pdf
   /usr/lib/telepathy/mission-control-5
   /usr/lib/telepathy/telepathy-*
   /usr/lib/telepathy/telepathy-*//pxgsettings
   /usr/lib/telepathy/telepathy-*//sanitized_helper
   /usr/lib/telepathy/telepathy-ofono
   /usr/sbin/cups-browsed
   /usr/sbin/cupsd
   /usr/sbin/cupsd//third_party
   /usr/sbin/tcpdump
   /usr/sbin/unbound
   docker-default
   firejail-default
   icedove
   icedove//gpg
   icedove//gpg2
   icedove//sanitized_helper
   libreoffice-senddoc
   libreoffice-xpdfimport
   system_tor
4 profiles are in complain mode.
   libreoffice-oopslash
   libreoffice-soffice
   libreoffice-soffice//null-/usr/bin/gpg
   libreoffice-soffice//null-/usr/bin/gpgsm
46 processes have profiles defined.
46 processes are in enforce mode.
   /usr/sbin/cups-browsed (3146) 
   /usr/sbin/cupsd (3145) 
   /usr/sbin/unbound (950) 
   docker-default (1252) 
   docker-default (1279) 
   docker-default (1303) 
   docker-default (1304) 
   docker-default (1310) 
   docker-default (1521) 
   docker-default (1587) 
   docker-default (1595) 
   docker-default (1639) 
   docker-default (1657) 
   docker-default (1723) 
   docker-default (2391) 
   docker-default (4128) 
   docker-default (4129) 
   docker-default (5868) 
   docker-default (5969) 
   docker-default (5996) 
   docker-default (5997) 
   docker-default (6549) 
   docker-default (10265) 
   docker-default (10271) 
   docker-default (10310) 
   docker-default (10311) 
   docker-default (14644) 
   docker-default (14694) 
   docker-default (14695) 
   docker-default (24062) 
   docker-default (27664) 
   docker-default (27905) 
   docker-default (27906) 
   docker-default (28237) 
   docker-default (28318) 
   docker-default (28452) 
   docker-default (30014) 
   docker-default (30015) 
   docker-default (30096) 
   docker-default (30097) 
   docker-default (30615) 
   docker-default (30639) 
   docker-default (30666) 
   docker-default (30667) 
   docker-default (31861) 
   system_tor (972) 
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
0 jamie@turkey:~$

<!-- gh-comment-id:363135586 --> @jmcclelland commented on GitHub (Feb 5, 2018): Thanks for the follow up. I can longer reproduce the problem either. It is mysteriously working again without the GPG error and without using any of the special arguments suggested in this thread. I still get: `Warning cannot create symbolic link /var/run` I am running Debian Buster And here is the output of the aa-status ``` 0 jamie@turkey:~$ sudo aa-status [sudo] password for jamie: apparmor module is loaded. 30 profiles are loaded. 26 profiles are in enforce mode. /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/Browser/firefox /home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/TorBrowser/,}Tor/tor /usr/bin/man /usr/bin/man//filter /usr/bin/man//groff /usr/bin/ricochet /usr/lib/cups/backend/cups-pdf /usr/lib/telepathy/mission-control-5 /usr/lib/telepathy/telepathy-* /usr/lib/telepathy/telepathy-*//pxgsettings /usr/lib/telepathy/telepathy-*//sanitized_helper /usr/lib/telepathy/telepathy-ofono /usr/sbin/cups-browsed /usr/sbin/cupsd /usr/sbin/cupsd//third_party /usr/sbin/tcpdump /usr/sbin/unbound docker-default firejail-default icedove icedove//gpg icedove//gpg2 icedove//sanitized_helper libreoffice-senddoc libreoffice-xpdfimport system_tor 4 profiles are in complain mode. libreoffice-oopslash libreoffice-soffice libreoffice-soffice//null-/usr/bin/gpg libreoffice-soffice//null-/usr/bin/gpgsm 46 processes have profiles defined. 46 processes are in enforce mode. /usr/sbin/cups-browsed (3146) /usr/sbin/cupsd (3145) /usr/sbin/unbound (950) docker-default (1252) docker-default (1279) docker-default (1303) docker-default (1304) docker-default (1310) docker-default (1521) docker-default (1587) docker-default (1595) docker-default (1639) docker-default (1657) docker-default (1723) docker-default (2391) docker-default (4128) docker-default (4129) docker-default (5868) docker-default (5969) docker-default (5996) docker-default (5997) docker-default (6549) docker-default (10265) docker-default (10271) docker-default (10310) docker-default (10311) docker-default (14644) docker-default (14694) docker-default (14695) docker-default (24062) docker-default (27664) docker-default (27905) docker-default (27906) docker-default (28237) docker-default (28318) docker-default (28452) docker-default (30014) docker-default (30015) docker-default (30096) docker-default (30097) docker-default (30615) docker-default (30639) docker-default (30666) docker-default (30667) docker-default (31861) system_tor (972) 0 processes are in complain mode. 0 processes are unconfined but have a profile defined. 0 jamie@turkey:~$ ```

gitea-mirror commented 2026-05-05 07:29:22 -06:00

Author

Owner

Copy link

@smitsohu commented on GitHub (Feb 7, 2018):

@jmcclelland

It is mysteriously working again without the GPG error

Great it works. If run into it again and writable-run-user does not fix it, please let us know.

I still get:
Warning cannot create symbolic link /var/run

I believe that's because we included /etc/firejail/whitelist-var-common.inc twice, once in the thunderbird profile and once in the redirection to the firefox profile. This should be fixed now as well in git version.

<!-- gh-comment-id:363610183 --> @smitsohu commented on GitHub (Feb 7, 2018): @jmcclelland > It is mysteriously working again without the GPG error Great it works. If run into it again and `writable-run-user` does not fix it, please let us know. > I still get: > Warning cannot create symbolic link /var/run I believe that's because we included /etc/firejail/whitelist-var-common.inc twice, once in the thunderbird profile and once in the redirection to the firefox profile. This should be fixed now as well in git version.

gitea-mirror commented 2026-05-05 07:29:23 -06:00

Author

Owner

Copy link

@jmcclelland commented on GitHub (Feb 7, 2018):

I believe that's because we included /etc/firejail/whitelist-var-common.inc twice

Confirmed! I tried commenting out that line in the thunderbird profile and I no longer get the error.
Thanks for all the great work on firejail - I find it incredibly useful.

<!-- gh-comment-id:363784772 --> @jmcclelland commented on GitHub (Feb 7, 2018): > I believe that's because we included /etc/firejail/whitelist-var-common.inc twice Confirmed! I tried commenting out that line in the thunderbird profile and I no longer get the error. Thanks for all the great work on firejail - I find it incredibly useful.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1116

No description provided.