Never use a restricted agent connection

Enumerating secret keys with "KEYINFO --list" does not work over a restricted connection. As a result, gpg prints "gpg: problem with fast path key listing: Forbidden - ignored", which Mutt interprets as a prompt the user must respond to. This causes the user to need to press enter twice to send a signed email. Sequoia Chameleon does not implement the fallback and is unable to list secret keys or decrypt messages. The filtering done by split-gpg2 is far stronger than what gpg-agent does, so there is no loss of security. Fixes: QubesOS/qubes-issues#9483
QubesOS · Oct 22, 2024 · a03a211 · a03a211
1 parent 80fc81e
commit a03a211
Showing 1 changed file with 8 additions and 4 deletions.
diff --git a/splitgpg2/__init__.py b/splitgpg2/__init__.py
@@ -454,10 +454,14 @@ async def connect_agent(self) -> None:
 
         dirs = subprocess.check_output(
             ['gpgconf', *self.homedir_opts(), '--list-dirs', '-o/dev/stdout'])
-        if self.allow_keygen:
-            socket_field = b'agent-socket:'
-        else:
-            socket_field = b'agent-extra-socket:'
+        # Do not use the restricted socket.
+        # Sequoia Chameleon is unable to list secret keys or decrypt messages,
+        # and gpg prints "gpg: problem with fast path key listing: Forbidden - ignored",
+        # which causes Mutt to require the user to press "Enter" again before sending
+        # a message.
+        # The filtering done by split-gpg2 is far stronger than anything the agent does
+        # internally.
+        socket_field = b'agent-socket:'
         # search for agent-socket:/run/user/1000/gnupg/S.gpg-agent
         agent_socket_path = [d.split(b':', 1)[1] for d in dirs.splitlines()
                              if d.startswith(socket_field)][0]