[Rtir] GnuPG public and private keys problem

Nasir mnasir at cybersecurity.org.my
Thu Mar 13 03:11:30 EDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just got these error messages related to my GNUPG problem when i
change Apache+mod_perl to Apache+FastCGI to run RTIR:

[Thu Mar 13 15:00:16 2008] [notice] Apache/2.0.61 (FreeBSD)
mod_fastcgi/2.4.2 configured -- resuming normal operations
[Thu Mar 13 15:00:16 2008] [warn] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" started (pid 1905)
[Thu Mar 13 15:00:17 2008] [warn] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" started (pid 1906)
[Thu Mar 13 15:00:18 2008] [warn] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" started (pid 1907)
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" stderr: readline() on closed
filehandle GEN27 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1991., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" stderr: readline() on closed
filehandle GEN28 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1996., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" stderr: readline() on closed
filehandle GEN29 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1996., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" stderr: readline() on closed
filehandle GEN30 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1996., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" stderr: readline() on closed
filehandle GEN43 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1991., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" stderr: readline() on closed
filehandle GEN44 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1996., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" stderr: readline() on closed
filehandle GEN45 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1996., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" stderr: readline() on closed
filehandle GEN46 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1996., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12

Any useful hints?

Ruslan Zakirov wrote:
| GPG homedir must be writeable and readable by user you run apache
| under. As far as I can see you run apache under www, so all files must
| be writeable and readable by apache in gpg homedir, otherwise RT/RTIR
| server wouldn't be able to import keys from keyserver.
|
| Also, your config is incorrect:
| Set(%GnuPGOptions,
| ~    homedir => '/opt/rt3/var/data/gpg',
| ~    keyserver => 'hkp://pgp.mit.edu:11371',
| ~    'auto-key-locate' => 'keyserver',
| ~    'auto-key-retrieve' => 1,
| here ^
| );
|
| 'auto-key-retrieve' is sub-option of keyserver-options, so you should
| use something like:
| Set(%GnuPGOptions,
|     homedir => '/opt/rt3/var/data/gpg',
|     keyserver => 'hkp://pgp.mit.edu:11371',
|     'auto-key-locate' => 'keyserver',
|     'keyserver-options' => 'auto-key-retrieve',
| );
|
|
| On Thu, Mar 6, 2008 at 1:00 PM, Nasir <mnasir at cybersecurity.org.my> wrote:
|  OK, thanks for your reply. I made some directory and files permission as
|  suggested, but the problem is still there. I am not very sure if the
|  directory /opt/rt3/var/data/gpg owner is root:www or something else
|  because RTIR was installed based on default configuration options during
|  ./configure except for --with-database-type=Pg, --with-db-rt-user=RT,
|  - --with-db-pass=PASSWD. So, everything is working OK except the GnuPG
|  keys part.
|
|  I looked for /var/log/httpd-error.log and it seems like there is no
|  indication of errors had occurred.
|
|  Thanks.
|
|  Dennis Lemckert wrote:
|  |
|  | I think the problem lies in the permissions. A private key should be
|  | readable dor the USER only, so rw-r--r-- is too much..
|  |
|  | I have rwx------ on the gpg directory itself for the owner of RTIR
itself
|  |
|  | and all my keydata is rw------- for the same user.
|  |
|  | So.. to give you your own table back:
|  |
|  | ~ And the /opt/rt3/var/data/gpg contents are:
|  | ~ total 16
|  | ~ drwx------  3 root  www   512 Mar  6 12:50 .
|
| | ~ drwxr-xr-x  4 root  www   512 Mar  4 17:58 ..
|  | ~ drw-r--r--  2 root  www   512 Mar  5 16:22 private-keys-v1.d
|  | ~ -rw-------  1 root  www  1166 Mar  5 16:22 pubring.gpg
|  | ~ -rw-------  1 root  www  1166 Mar  5 16:22 pubring.gpg~
|  | ~ -rw-------  1 root  www   600 Mar  5 16:22 random_seed
|  | ~ -rw-------  1 root  www  1315 Mar  5 16:22 secring.gpg
|  | ~ -rw-------  1 root  www  1280 Mar  5 16:22 trustdb.gpg
|  |
|  |
|  | works for me.
|  |
|  | Good luck
|
| |
|  |
|  |
|  | Nasir wrote:
|  |
|  | | And the /opt/rt3/var/data/gpg contents are:
|  | | total 16
|  | | drwxr-xr-x  3 root  www   512 Mar  6 12:50 .
|  | | drwxr-xr-x  4 root  www   512 Mar  4 17:58 ..
|  | | drw-r--r--  2 root  www   512 Mar  5 16:22 private-keys-v1.d
|  | | -rw-r--r--  1 root  www  1166 Mar  5 16:22 pubring.gpg
|  | | -rw-r--r--  1 root  www  1166 Mar  5 16:22 pubring.gpg~
|  | | -rw-r--r--  1 root  www   600 Mar  5 16:22 random_seed
|  | | -rw-r--r--  1 root  www  1315 Mar  5 16:22 secring.gpg
|  | | -rw-r--r--  1 root  www  1280 Mar  5 16:22 trustdb.gpg
|  | |
|  | | I am running RTIR on FreeBSD 6.3 + Apache1.3 + mod_perl1.x +
|  | Postgresql8.1.
|  | |
|  | | Is there anything that I overlooked or is there any specific
place i can
|  | | dump all the keys i need?
|  | |
|  | | Thanks.
|
| | _______________________________________________
|  | Rtir mailing list
|  | Rtir at lists.bestpractical.com
|  | http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rtir
|  |
|
~ _______________________________________________
~ Rtir mailing list
~ Rtir at lists.bestpractical.com
~ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rtir
|>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFH2NOcyGS9PS1C9nERAn5RAJ94M4/eWIrKSkteMVebpg02D71hUgCfSBS+
bdVrVYNwEpZUlHpJW50o1ao=
=qqww
-----END PGP SIGNATURE-----


More information about the Rtir mailing list