possible bug with uninstalled GPGTools
Environment:
I noticed that after uninstall - that my Mail.app does not SHOW encrypted or signed emails in the outbox ( it shows the email ) it just doesn't show the little LOCK and CHECK icons confirming signature and encryption... however the emails DO appear to be signed and encrypted when viewed from other devices ( i.e.. iPhone or iPad ). I am NOT 100% sure GPGTools is the cause - but thought to inform you just in case there was some interaction because the only thing I did was install and install over with latest then remove...
- Software name and version: latest public - and then latest nightly as of yesterday.
- OS X version: 10.7.4
- GPGTools Installer date: latest public AND then latest nightly build from link provided by support
What steps will reproduce the problem? Please be as specific as possible.
- Install GPGTools latest released on site ( as of August 17 2012) = GPGTools-20120318.dmg
- Install then latest nightly provided by support staff ( as of August 17 2012 ) = GPGTools_Installer-latest.dmg
- REMOVE all.
What do you expect to see? What do you see instead? RESULTS:
I expected to see S/MIME emails being signed and encrypted on the outbox after sending ( as I had seen previously just fine ) but instead I saw no iconic representation of either their signatures or encryption -- even THO they did properly show up as such in iPhone and IPads which did NOT send those emails.... so I went to check my IMAP account on other device and found those devices honored the type of email and showed me that they were safe....
I assume Mail.app has lost its ability to see or mark these as signed/encrypted after being sent...
I ASSUME it may have something to do with installing and uninstalling GPGTools - but I am only guessing here and reporting in case someone there has an idea what might cause that! ;)
Provide any additional information, link a screenshot and debug output if possible.
- Screenshot: see attachment
SCREEN SHOT ATTACHED of what I EXPECTED TO SEE... and had previously seen when sending from Mail.app...
I no longer see this! -- instead these icons are showing from when I send from other devices.... OR when I view from other devices the email that I sent from Mail.app... IF I SEND from MAIL.APP -- I cannot see these within the Mail.app outbox... does that make sense?
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Luke Le on 18 Aug, 2012 05:08 PM
Hi TJ,
that's in fact interesting.
Could you please try the following:
1.) Close Mail.app
2.) Move /Library/Mail/Bundles/GPGMail.mailbundle to another destination
3.) Restart Mail.app
Check if the messages now show the expected icons again.
This will help determine if GPGMail is at fault or Mail.app itself is buggy.
I've encountered a lot of very strange things in Mail.app with S/MIME certificates.
2 Posted by TJ Marbois on 18 Aug, 2012 05:11 PM
Luke!
:) ok yes... I will try that right now and report.
I wouldn't be surprised if its just mail.app being buggy... but just wanted to be sure that you guys aren't in that mix for your own sake.
be back in a moment with report.
cheers
Tj
Support Staff 3 Posted by Luke Le on 18 Aug, 2012 05:13 PM
There's a good chance for both scenarios. Reverse engineering everything Mail.app does internally is very tricky, so a buggy implementation wouldn't be that much of a surprise unfortunately.
4 Posted by TJ Marbois on 18 Aug, 2012 05:20 PM
Luke
ok I dug into that directory --
/Library/Mail/Bundles
and found = NOTHING! so it was clearly removed upon uninstall which is good...
I also looked in ~/Library/Mail/
just for good measure - and found nothing but the account stuffs....
and I also just freshly rebooted because I probably did NOT reboot after uninstalling...
and re-verified the outbox... once again -- the emails that are supposedly signed and encrypted do NOT show their icons properly in the outbox...
however those emails DO show signed and encrypted when viewed from my ipad or iphone after sending from Mail.app....
my other devices show this icon set - properly just after sending... giving me that somewhat safer feeling..haha.
Anything else you want me to try?
I wonder how those icons get set in the first place...hmm.
maybe I will try rebuilding my mailbox?
let me try that...
Support Staff 5 Posted by Luke Le on 18 Aug, 2012 05:22 PM
Yeah, you can try that.
But basically what you're saying is, that GPGMail is not installed at the moment?
Please verify that by checking if you find GPGMail in Mail.app -> Preferences.
If it's not installed, it can't be GPGMail's fault nor GPGTools, actually.
6 Posted by TJ Marbois on 18 Aug, 2012 05:25 PM
Luke
yes - in my final step - before reporting this...
I completely un-installed all GPGTools...and checked everything again.
because I wasn't sure what was causing that issue... alas the uninstall did not change anything.
So heres my report:
I THINK it was working properly before all this.
I KNOW it was NOT working while GPGTools was installed.
I KNOW that its also still not working after GPGTools are uninstalled...
and now Im rebuilding mailbox to see if its just some internal db corruption or something... theres probably some flag on those emails that lets Mail.app know to mark them as such - no?
Support Staff 7 Posted by Luke Le on 18 Aug, 2012 05:27 PM
If it was only that easy.
There's some kind of flag, but it's sometimes only set when a new message arrives, sometimes it's not set entirely.
I've had one occurrence where S/MIME completely stopped working even though I hadn't changed my certificates.
Support Staff 8 Posted by Luke Le on 18 Aug, 2012 05:28 PM
Rebuilding the index might indeed help though
9 Posted by TJ Marbois on 18 Aug, 2012 08:19 PM
aha!
now its working again! ( partially ).... strange strange.? The rebuild took a looong time... ( too much junk ).
- it now shows NEW emails going out after rebuild and reboot - with the proper check-and lock... encrypted AND signed - yes?
but previous emails still don't show it...
other strange thing I saw --
an OLD certificate that I generated for trying to do SMIME -- re-appeared in my keychain... this after I threw it away more than once...and even marked it do NOT trust - and then tossed it again...
Im betting that when rebuilding the emails - it also READS the emails a bit and old certificates attached to those emails must be getting re-shoved back into the keychain...
perhaps there is some keychain certificate collision on some of these emails and that causes the lock and check to fail to appear...
or perhaps my mail box was just needing a rebuild from being so crappy and that certificate issue means nothing...?
hope this is helping. doh.
let me know if you want me to try anything else -- its apparently fixed now - so Im not sure....I will let you know if it breaks again and I discover what I did.
:)
Support Staff 10 Posted by Luke Le on 18 Aug, 2012 08:25 PM
If i remember correctly there was a bug in an old version of GPGMail which caused the flags to be changed incorrectly.
I very much doubt, that the flags are set in a persistent way from what I've seen in the Mail.app internals, but that's the only explanation I have that could be causing this for old emails.
As you see though, there are some strange things going on with S/MIME in Mail.app, but I think most of the problems are not related to GPGMail.
It's interesting however what happens when you rebuild your index.
Once the GPGMail 2.0 is out it would be interesting to see, if you're seeing the problem again with new emails.
Glad you're problem is partly fixed at least :)
I'll close this discussion, but let us know if it happens again and thanks for all the tests!
11 Posted by TJ Marbois on 18 Aug, 2012 08:28 PM
WAIT!
:) haha.. doh.
for some strange reason -- the FIRST email test I sent out... had the lock and check...
now subsequent emails going out to the same person... do NOT show the lock and check...???
Im expecting to see that little lock and check...
why would the first email after a rebuild be as expected...and then all subsequent NOT?
???
Support Staff 12 Posted by Luke Le on 18 Aug, 2012 08:30 PM
Oh freaking el, their S/MIME implementation is seriously messed up.
So to recap, GPGMail is no longer installed, right?
Could you check the raw source of your outgoing emails and verify that content-type is indeed multipart/encrypted?
13 Posted by TJ Marbois on 18 Aug, 2012 08:33 PM
haha.. sorry.
you are right their S/MIME has some issues..
the RAW email looks very much encrypted and signed to me... gobledy gook that I cannot read.
So its not a problem of the email format... but the stupid little checkbox and lock it was bothers me...its just not flagging properly...
and why would it only do it ONCE at the start?
yes - triple check - no GPGMail installed... no plug in additions showing - nada.
?
Support Staff 14 Posted by Luke Le on 18 Aug, 2012 08:35 PM
It's really really strange. But I've seen this stuff before. At least similar while developing the GPGMail plugin.
What you can try is create a new S/MIME certificate.
That solved stuff for me a few times, but of course it should definitely not be the solution.
Try sending some encrypted and signed mails to yourself and check if the lock and sign icon appear in the inbox.
15 Posted by TJ Marbois on 18 Aug, 2012 08:48 PM
Ok
it definitely arrives with security and lock showing in INBOX....
but outbox - nada... the raw headers show the .p7 file and when i go to read the raw source its definitely crypt!
I will try making a new certificate soon and report on that one... I screwed that one up anyhow because I self signed as a CA - and then used the root...
I think you are supposed to only use the root to sign another certificate and THEN use that... I'm obviously not a very qualified CA to be tinkering with this! ha.. but maybe I will learn enough one day to be James Bond... who knows...one can only dream.
Ill let you know what happens after a new certificate is done - its late here so ill report back later when i have time!
if you think of anything in the meantime you want me to try let me know... this may well be a damn Apple bug...and then them not letting us really post bugs to radar....agh!
I used to be able to call friends and ask them to post - but that don't fly anymore!
Support Staff 16 Posted by Luke Le on 18 Aug, 2012 08:52 PM
If we can somehow recreate the scenario I'll file a bug. It's possible for developers with an Apple Mac|iOS Developer account.
Yeah, the root CA should only be used to sign other certificates, or to create other signing entities, but I know from experience that it's not super easy to set one up correctly.
It's getting late here as well, think our time difference might only be 1 hour or so. Based on your last name, are you french?
17 Posted by TJ Marbois on 18 Aug, 2012 08:57 PM
Luke!
Im half-French.... but Im not in France right now! are you French? haha.
:)
Im in Russia! Where the hell are you? one hour different? Im in the middle of Russia about 15 hours due east from moscow!!
I assumed you were in the bay area or something?
TJ
Support Staff 18 Posted by Luke Le on 18 Aug, 2012 08:59 PM
Aaah ok, but so at least I got the origin right :D
Our entire team is from Europe. Austria and Germany basically.
But the time difference is +2 :)
19 Posted by TJ Marbois on 18 Aug, 2012 08:59 PM
btw
I compared the header files of the two emails.... one that showed locked and one that did not...
they looked nearly identical... only change were:
Subject:
X-Universally-Unique-Identifier:
Date:
Message-Id:
which Im assuming is expected... the rest was perfectly the same.. had the .p7 stuff attached and mail was scrambly.
have a good night.
Support Staff 20 Posted by Luke Le on 18 Aug, 2012 09:00 PM
Yeah, that shouldn't make a difference.
It really looks like a bug in Mail.app
Wish you a good night too!
21 Posted by TJ Marbois on 18 Aug, 2012 09:06 PM
:)
nice to meet you guys... awesome that you are nearby!
Im originally from SF - bay area... I guess I just stupidly assume all coders are from or near SF. ha!
what a dumb American I can be.... Im in Russia because my wifes family is here and I work with some great developers out here too.
I'll have to come buy you guys some beer sometime!
cheers
Tj
Support Staff 22 Posted by Luke Le on 18 Aug, 2012 09:10 PM
Nice to meet you!
Well, most developers are indeed from SF :D
It must be a big difference in temperature in Russia :D
Luke Le closed this discussion on 18 Aug, 2012 09:49 PM.