Thunderbird, GnuPG and Enigmail on Mac OSX

I had a version of Thunderbird (2.x) working perfectly wonderfully with Enigmail and GnuPG (2.0.1). Then I upgraded Thunderbird and Enigmail . . . ACK! Groan! @#%$!

All my wonderful encryption capabilities went away. I got this wonderful error message saying something about not being able to start gpg-agent. The culprit, not surprisingly, was my GnuPG install. Thunderbird expects to have access to gpg-agent and I hadn't configured it properly to work with the unique system that is OSX - not all too surprising as it's a bear to do. Here's how I fixed it:

(If you're starting from scratch, you'll have to first go install XCode, Darwin Ports, and the GnuPG package; then (obviously) Thunderbird and Enigmail - be sure to ID the path to gpg2 in Enigmail's OpenPGP preferences. I'll leave these as an exercise for the reader)

1) I added ~/.MacOSX/environment.plist to get the $#!$% OSX environment to find gpg-agent (that '~' just means your home directory; something like '/Users/<your name>'):

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd";>
<plist version="1.0">
<dict>
<key>GPG_AGENT_INFO</key>
<string>/Users/<your username>/.gnupg/S.gpg-agent</string>
<key>SSH_AUTH_SOCK</key>
<string>/Users/<your username>/.gnupg/S.gpg-agent.ssh</string>
</dict>
</plist><

Okay, so now OSX has somewhere to look (i.e. a socket under .gnupg in your home directory). Now it'd be nice if a gpg-agent socket were there to be found.

2) added a little shell script, login.command, to /usr/local/bin (/opt/local/bin may be more common, choice is yours):

#!/bin/bash
# gpg is in /usr/local/

PATH=$PATH:/usr/local/bin

# Script for ensuring only one instance of gpg-agent is running
# and if there is not one, start an instance of gpg-agent.
if test -f $HOME/.gpg-agent-info && \
kill -0 `cut -d: -f 2 $HOME/.gpg-agent-info` 2>/dev/null; then
GPG_AGENT_INFO=`cat $HOME/.gpg-agent-info`
export GPG_AGENT_INFO
else
eval `gpg-agent --daemon --use-standard-socket`
echo $GPG_AGENT_INFO >$HOME/.gpg-agent-info
fi
# Imperative that this environment variable always reflects the output
# of the tty command.
GPG_TTY=`tty`
export GPG_TTY

This is basically the suggested script from the default GnuPG install with a couple of modifications. I added the directory where I'd installed gpg et al. to the environment (by appending to $PATH) and I added "--use-standard-socket" to gpg-agent options (which, I think(!?), keeps the socket in a standard place - where the #$%@ OSX env can find it - instead of generating it under /tmp).

3) Next, I added the login.command (above) to "My Agents" in Lingon.

OSX doesn't load .profile or any other shell specific preferences when you login. Lingon is a great application for tailoring your environment to your needs in OSX by setting-up/initiating daemons and other processes using OSX's launchd framework. I simply added the command, '/bin/bash /usr/local/bin/login.command' to "My Agents". You can check your work in the 'Expert' tab which should show something like:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.beitz.mischa.gpg-agent</string>
<key>ProgramArguments</key>
<array>
<string>/bin/bash</string>
<string>/usr/local/bin/login.command</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>

4) Finally, you probably want to include login.command in your .profile (mine's adding /usr/local/bin to $PATH twice, no idea at the moment where the second one is coming from . . . ).

Restart your computer (or logout and back in) so the OSX environment is updated.

If you've found this helpful, or if there's a better way that I've missed . . . please add a comment and I'll try to address it. Thanks!