[Rtir] GnuPG public and private keys problem
Nasir
mnasir at cybersecurity.org.my
Thu Mar 13 03:11:30 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I just got these error messages related to my GNUPG problem when i
change Apache+mod_perl to Apache+FastCGI to run RTIR:
[Thu Mar 13 15:00:16 2008] [notice] Apache/2.0.61 (FreeBSD)
mod_fastcgi/2.4.2 configured -- resuming normal operations
[Thu Mar 13 15:00:16 2008] [warn] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" started (pid 1905)
[Thu Mar 13 15:00:17 2008] [warn] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" started (pid 1906)
[Thu Mar 13 15:00:18 2008] [warn] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" started (pid 1907)
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" stderr: readline() on closed
filehandle GEN27 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1991., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" stderr: readline() on closed
filehandle GEN28 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1996., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" stderr: readline() on closed
filehandle GEN29 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1996., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" stderr: readline() on closed
filehandle GEN30 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1996., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" stderr: readline() on closed
filehandle GEN43 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1991., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" stderr: readline() on closed
filehandle GEN44 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1996., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" stderr: readline() on closed
filehandle GEN45 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1996., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
[Thu Mar 13 15:00:56 2008] [error] [client 10.0.5.182] FastCGI: server
"/opt/rt3/bin/mason_handler.fcgi" stderr: readline() on closed
filehandle GEN46 at /opt/rt3/lib/RT/Crypt/GnuPG.pm line 1996., referer:
http://10.0.5.203/Admin/Users/Modify.html?id=12
Any useful hints?
Ruslan Zakirov wrote:
| GPG homedir must be writeable and readable by user you run apache
| under. As far as I can see you run apache under www, so all files must
| be writeable and readable by apache in gpg homedir, otherwise RT/RTIR
| server wouldn't be able to import keys from keyserver.
|
| Also, your config is incorrect:
| Set(%GnuPGOptions,
| ~ homedir => '/opt/rt3/var/data/gpg',
| ~ keyserver => 'hkp://pgp.mit.edu:11371',
| ~ 'auto-key-locate' => 'keyserver',
| ~ 'auto-key-retrieve' => 1,
| here ^
| );
|
| 'auto-key-retrieve' is sub-option of keyserver-options, so you should
| use something like:
| Set(%GnuPGOptions,
| homedir => '/opt/rt3/var/data/gpg',
| keyserver => 'hkp://pgp.mit.edu:11371',
| 'auto-key-locate' => 'keyserver',
| 'keyserver-options' => 'auto-key-retrieve',
| );
|
|
| On Thu, Mar 6, 2008 at 1:00 PM, Nasir <mnasir at cybersecurity.org.my> wrote:
| OK, thanks for your reply. I made some directory and files permission as
| suggested, but the problem is still there. I am not very sure if the
| directory /opt/rt3/var/data/gpg owner is root:www or something else
| because RTIR was installed based on default configuration options during
| ./configure except for --with-database-type=Pg, --with-db-rt-user=RT,
| - --with-db-pass=PASSWD. So, everything is working OK except the GnuPG
| keys part.
|
| I looked for /var/log/httpd-error.log and it seems like there is no
| indication of errors had occurred.
|
| Thanks.
|
| Dennis Lemckert wrote:
| |
| | I think the problem lies in the permissions. A private key should be
| | readable dor the USER only, so rw-r--r-- is too much..
| |
| | I have rwx------ on the gpg directory itself for the owner of RTIR
itself
| |
| | and all my keydata is rw------- for the same user.
| |
| | So.. to give you your own table back:
| |
| | ~ And the /opt/rt3/var/data/gpg contents are:
| | ~ total 16
| | ~ drwx------ 3 root www 512 Mar 6 12:50 .
|
| | ~ drwxr-xr-x 4 root www 512 Mar 4 17:58 ..
| | ~ drw-r--r-- 2 root www 512 Mar 5 16:22 private-keys-v1.d
| | ~ -rw------- 1 root www 1166 Mar 5 16:22 pubring.gpg
| | ~ -rw------- 1 root www 1166 Mar 5 16:22 pubring.gpg~
| | ~ -rw------- 1 root www 600 Mar 5 16:22 random_seed
| | ~ -rw------- 1 root www 1315 Mar 5 16:22 secring.gpg
| | ~ -rw------- 1 root www 1280 Mar 5 16:22 trustdb.gpg
| |
| |
| | works for me.
| |
| | Good luck
|
| |
| |
| |
| | Nasir wrote:
| |
| | | And the /opt/rt3/var/data/gpg contents are:
| | | total 16
| | | drwxr-xr-x 3 root www 512 Mar 6 12:50 .
| | | drwxr-xr-x 4 root www 512 Mar 4 17:58 ..
| | | drw-r--r-- 2 root www 512 Mar 5 16:22 private-keys-v1.d
| | | -rw-r--r-- 1 root www 1166 Mar 5 16:22 pubring.gpg
| | | -rw-r--r-- 1 root www 1166 Mar 5 16:22 pubring.gpg~
| | | -rw-r--r-- 1 root www 600 Mar 5 16:22 random_seed
| | | -rw-r--r-- 1 root www 1315 Mar 5 16:22 secring.gpg
| | | -rw-r--r-- 1 root www 1280 Mar 5 16:22 trustdb.gpg
| | |
| | | I am running RTIR on FreeBSD 6.3 + Apache1.3 + mod_perl1.x +
| | Postgresql8.1.
| | |
| | | Is there anything that I overlooked or is there any specific
place i can
| | | dump all the keys i need?
| | |
| | | Thanks.
|
| | _______________________________________________
| | Rtir mailing list
| | Rtir at lists.bestpractical.com
| | http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rtir
| |
|
~ _______________________________________________
~ Rtir mailing list
~ Rtir at lists.bestpractical.com
~ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rtir
|>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFH2NOcyGS9PS1C9nERAn5RAJ94M4/eWIrKSkteMVebpg02D71hUgCfSBS+
bdVrVYNwEpZUlHpJW50o1ao=
=qqww
-----END PGP SIGNATURE-----
More information about the Rtir
mailing list