[Rtir] GnuPG public and private keys problem

Ruslan Zakirov ruz at bestpractical.com
Thu Mar 6 06:18:12 EST 2008


GPG homedir must be writeable and readable by user you run apache
under. As far as I can see you run apache under www, so all files must
be writeable and readable by apache in gpg homedir, otherwise RT/RTIR
server wouldn't be able to import keys from keyserver.

Also, your config is incorrect:
Set(%GnuPGOptions,
~    homedir => '/opt/rt3/var/data/gpg',
~    keyserver => 'hkp://pgp.mit.edu:11371',
~    'auto-key-locate' => 'keyserver',
~    'auto-key-retrieve' => 1,
here ^
);

'auto-key-retrieve' is sub-option of keyserver-options, so you should
use something like:
Set(%GnuPGOptions,
    homedir => '/opt/rt3/var/data/gpg',
    keyserver => 'hkp://pgp.mit.edu:11371',
    'auto-key-locate' => 'keyserver',
    'keyserver-options' => 'auto-key-retrieve',
);


On Thu, Mar 6, 2008 at 1:00 PM, Nasir <mnasir at cybersecurity.org.my> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>  Hash: SHA1
>
>  OK, thanks for your reply. I made some directory and files permission as
>  suggested, but the problem is still there. I am not very sure if the
>  directory /opt/rt3/var/data/gpg owner is root:www or something else
>  because RTIR was installed based on default configuration options during
>  ./configure except for --with-database-type=Pg, --with-db-rt-user=RT,
>  - --with-db-pass=PASSWD. So, everything is working OK except the GnuPG
>  keys part.
>
>  I looked for /var/log/httpd-error.log and it seems like there is no
>  indication of errors had occurred.
>
>  Thanks.
>
>  Dennis Lemckert wrote:
>  |
>  | I think the problem lies in the permissions. A private key should be
>  | readable dor the USER only, so rw-r--r-- is too much..
>  |
>  | I have rwx------ on the gpg directory itself for the owner of RTIR itself
>  |
>  | and all my keydata is rw------- for the same user.
>  |
>  | So.. to give you your own table back:
>  |
>  | ~ And the /opt/rt3/var/data/gpg contents are:
>  | ~ total 16
>  | ~ drwx------  3 root  www   512 Mar  6 12:50 .
>
> | ~ drwxr-xr-x  4 root  www   512 Mar  4 17:58 ..
>  | ~ drw-r--r--  2 root  www   512 Mar  5 16:22 private-keys-v1.d
>  | ~ -rw-------  1 root  www  1166 Mar  5 16:22 pubring.gpg
>  | ~ -rw-------  1 root  www  1166 Mar  5 16:22 pubring.gpg~
>  | ~ -rw-------  1 root  www   600 Mar  5 16:22 random_seed
>  | ~ -rw-------  1 root  www  1315 Mar  5 16:22 secring.gpg
>  | ~ -rw-------  1 root  www  1280 Mar  5 16:22 trustdb.gpg
>  |
>  |
>  | works for me.
>  |
>  | Good luck
>
> |
>  |
>  |
>  | Nasir wrote:
>  |
>  | | And the /opt/rt3/var/data/gpg contents are:
>  | | total 16
>  | | drwxr-xr-x  3 root  www   512 Mar  6 12:50 .
>  | | drwxr-xr-x  4 root  www   512 Mar  4 17:58 ..
>  | | drw-r--r--  2 root  www   512 Mar  5 16:22 private-keys-v1.d
>  | | -rw-r--r--  1 root  www  1166 Mar  5 16:22 pubring.gpg
>  | | -rw-r--r--  1 root  www  1166 Mar  5 16:22 pubring.gpg~
>  | | -rw-r--r--  1 root  www   600 Mar  5 16:22 random_seed
>  | | -rw-r--r--  1 root  www  1315 Mar  5 16:22 secring.gpg
>  | | -rw-r--r--  1 root  www  1280 Mar  5 16:22 trustdb.gpg
>  | |
>  | | I am running RTIR on FreeBSD 6.3 + Apache1.3 + mod_perl1.x +
>  | Postgresql8.1.
>  | |
>  | | Is there anything that I overlooked or is there any specific place i can
>  | | dump all the keys i need?
>  | |
>  | | Thanks.
>
> | _______________________________________________
>  | Rtir mailing list
>  | Rtir at lists.bestpractical.com
>  | http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rtir
>  |
>
> -----BEGIN PGP SIGNATURE-----
>  Version: GnuPG v1.4.7 (GNU/Linux)
>
>  iD8DBQFHz8C6yGS9PS1C9nERAqV2AJ93Gz3Wkw8jgdfUn+xbevnkt50dDQCdE2G2
>  uh5l8imMzqcNedhUavJRjW0=
>  =WR65
>
>
> -----END PGP SIGNATURE-----
>  _______________________________________________
>  Rtir mailing list
>  Rtir at lists.bestpractical.com
>  http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rtir
>



-- 
Best regards, Ruslan.


More information about the Rtir mailing list