I’ve installed RT5.0.1 from source on Debian Testing (Bullseye) with MySql+Apache and ./configure --with-web-user=www-data --with-web-group=www-data --enable-graphviz --enable-gd --enable-gpg --enable-smime --enable-externalauth
My GPG private and secret keys have been placed at /opt/rt5/var/data/gpg/ with the .asc file extension. Since Apache runs as www-data, I’ve set the user and group in that folder accordingly.
In RT_SiteConfig.pm I’ve set GnuPG’s Passphrase => 'mypassword', and disabled S/MIME for now with Enable => 0,
Upon restarting apache and/or editing the appropr. queue, RT created pubring.kbx and trustdb.gpg inside the data/gpg folder, which makes me assume that the general mechanism is working. However in the queue settings it says Couldn't get GnuPG keys information inside the Private key(s) for myemail@mydomain.net window.
Could someone point me into the right direction please?
What happens if you do --list-secret-keys on that directory? I am not sure if the output from that command is sensitive or not so you may not want to put it here
gpg: WARNING: unsafe ownership on homedir '/opt/rt5/var/data/gpg'
gpg: key 12345qwertyu: 2 signatures not checked due to missing keys
gpg: key 12345qwertyu: "Contact <mail@org.net>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
When I try importing the secret key again (as root, as always), this happens:
gpg: key 12345qwertyu: error sending to agent: Permission denied
gpg: error building skey array: Permission denied
gpg: error reading 'mail@org.net_secret.asc': Permission denied
gpg: import from 'mail@org.net_secret.asc' failed: Permission denied