[Rtir] GnuPG public and private keys problem
Ruslan Zakirov
ruz at bestpractical.com
Thu Mar 6 06:18:12 EST 2008
GPG homedir must be writeable and readable by user you run apache
under. As far as I can see you run apache under www, so all files must
be writeable and readable by apache in gpg homedir, otherwise RT/RTIR
server wouldn't be able to import keys from keyserver.
Also, your config is incorrect:
Set(%GnuPGOptions,
~ homedir => '/opt/rt3/var/data/gpg',
~ keyserver => 'hkp://pgp.mit.edu:11371',
~ 'auto-key-locate' => 'keyserver',
~ 'auto-key-retrieve' => 1,
here ^
);
'auto-key-retrieve' is sub-option of keyserver-options, so you should
use something like:
Set(%GnuPGOptions,
homedir => '/opt/rt3/var/data/gpg',
keyserver => 'hkp://pgp.mit.edu:11371',
'auto-key-locate' => 'keyserver',
'keyserver-options' => 'auto-key-retrieve',
);
On Thu, Mar 6, 2008 at 1:00 PM, Nasir <mnasir at cybersecurity.org.my> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> OK, thanks for your reply. I made some directory and files permission as
> suggested, but the problem is still there. I am not very sure if the
> directory /opt/rt3/var/data/gpg owner is root:www or something else
> because RTIR was installed based on default configuration options during
> ./configure except for --with-database-type=Pg, --with-db-rt-user=RT,
> - --with-db-pass=PASSWD. So, everything is working OK except the GnuPG
> keys part.
>
> I looked for /var/log/httpd-error.log and it seems like there is no
> indication of errors had occurred.
>
> Thanks.
>
> Dennis Lemckert wrote:
> |
> | I think the problem lies in the permissions. A private key should be
> | readable dor the USER only, so rw-r--r-- is too much..
> |
> | I have rwx------ on the gpg directory itself for the owner of RTIR itself
> |
> | and all my keydata is rw------- for the same user.
> |
> | So.. to give you your own table back:
> |
> | ~ And the /opt/rt3/var/data/gpg contents are:
> | ~ total 16
> | ~ drwx------ 3 root www 512 Mar 6 12:50 .
>
> | ~ drwxr-xr-x 4 root www 512 Mar 4 17:58 ..
> | ~ drw-r--r-- 2 root www 512 Mar 5 16:22 private-keys-v1.d
> | ~ -rw------- 1 root www 1166 Mar 5 16:22 pubring.gpg
> | ~ -rw------- 1 root www 1166 Mar 5 16:22 pubring.gpg~
> | ~ -rw------- 1 root www 600 Mar 5 16:22 random_seed
> | ~ -rw------- 1 root www 1315 Mar 5 16:22 secring.gpg
> | ~ -rw------- 1 root www 1280 Mar 5 16:22 trustdb.gpg
> |
> |
> | works for me.
> |
> | Good luck
>
> |
> |
> |
> | Nasir wrote:
> |
> | | And the /opt/rt3/var/data/gpg contents are:
> | | total 16
> | | drwxr-xr-x 3 root www 512 Mar 6 12:50 .
> | | drwxr-xr-x 4 root www 512 Mar 4 17:58 ..
> | | drw-r--r-- 2 root www 512 Mar 5 16:22 private-keys-v1.d
> | | -rw-r--r-- 1 root www 1166 Mar 5 16:22 pubring.gpg
> | | -rw-r--r-- 1 root www 1166 Mar 5 16:22 pubring.gpg~
> | | -rw-r--r-- 1 root www 600 Mar 5 16:22 random_seed
> | | -rw-r--r-- 1 root www 1315 Mar 5 16:22 secring.gpg
> | | -rw-r--r-- 1 root www 1280 Mar 5 16:22 trustdb.gpg
> | |
> | | I am running RTIR on FreeBSD 6.3 + Apache1.3 + mod_perl1.x +
> | Postgresql8.1.
> | |
> | | Is there anything that I overlooked or is there any specific place i can
> | | dump all the keys i need?
> | |
> | | Thanks.
>
> | _______________________________________________
> | Rtir mailing list
> | Rtir at lists.bestpractical.com
> | http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rtir
> |
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
>
> iD8DBQFHz8C6yGS9PS1C9nERAqV2AJ93Gz3Wkw8jgdfUn+xbevnkt50dDQCdE2G2
> uh5l8imMzqcNedhUavJRjW0=
> =WR65
>
>
> -----END PGP SIGNATURE-----
> _______________________________________________
> Rtir mailing list
> Rtir at lists.bestpractical.com
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rtir
>
--
Best regards, Ruslan.
More information about the Rtir
mailing list