GPG homedir must be writeable and readable by user you run apache
under. As far as I can see you run apache under www, so all files must
be writeable and readable by apache in gpg homedir, otherwise RT/RTIR
server wouldn’t be able to import keys from keyserver.
Also, your config is incorrect:
Set(%GnuPGOptions,
~ homedir => ‘/opt/rt3/var/data/gpg’,
~ keyserver => ‘hkp://pgp.mit.edu:11371’,
~ ‘auto-key-locate’ => ‘keyserver’,
~ ‘auto-key-retrieve’ => 1,
here ^
);
‘auto-key-retrieve’ is sub-option of keyserver-options, so you should
use something like:
Set(%GnuPGOptions,
homedir => ‘/opt/rt3/var/data/gpg’,
keyserver => ‘hkp://pgp.mit.edu:11371’,
‘auto-key-locate’ => ‘keyserver’,
‘keyserver-options’ => ‘auto-key-retrieve’,
);On Thu, Mar 6, 2008 at 1:00 PM, Nasir mnasir@cybersecurity.org.my wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
OK, thanks for your reply. I made some directory and files permission as
suggested, but the problem is still there. I am not very sure if the
directory /opt/rt3/var/data/gpg owner is root:www or something else
because RTIR was installed based on default configuration options during
./configure except for --with-database-type=Pg, --with-db-rt-user=RT,
- –with-db-pass=PASSWD. So, everything is working OK except the GnuPG
keys part.
I looked for /var/log/httpd-error.log and it seems like there is no
indication of errors had occurred.
Thanks.
Dennis Lemckert wrote:
|
| I think the problem lies in the permissions. A private key should be
| readable dor the USER only, so rw-r–r-- is too much…
|
| I have rwx------ on the gpg directory itself for the owner of RTIR itself
|
| and all my keydata is rw------- for the same user.
|
| So… to give you your own table back:
|
| ~ And the /opt/rt3/var/data/gpg contents are:
| ~ total 16
| ~ drwx------ 3 root www 512 Mar 6 12:50 .
| ~ drwxr-xr-x 4 root www 512 Mar 4 17:58 …
| ~ drw-r–r-- 2 root www 512 Mar 5 16:22 private-keys-v1.d
| ~ -rw------- 1 root www 1166 Mar 5 16:22 pubring.gpg
| ~ -rw------- 1 root www 1166 Mar 5 16:22 pubring.gpg~
| ~ -rw------- 1 root www 600 Mar 5 16:22 random_seed
| ~ -rw------- 1 root www 1315 Mar 5 16:22 secring.gpg
| ~ -rw------- 1 root www 1280 Mar 5 16:22 trustdb.gpg
|
|
| works for me.
|
| Good luck
|
|
|
| Nasir wrote:
|
| | And the /opt/rt3/var/data/gpg contents are:
| | total 16
| | drwxr-xr-x 3 root www 512 Mar 6 12:50 .
| | drwxr-xr-x 4 root www 512 Mar 4 17:58 …
| | drw-r–r-- 2 root www 512 Mar 5 16:22 private-keys-v1.d
| | -rw-r–r-- 1 root www 1166 Mar 5 16:22 pubring.gpg
| | -rw-r–r-- 1 root www 1166 Mar 5 16:22 pubring.gpg~
| | -rw-r–r-- 1 root www 600 Mar 5 16:22 random_seed
| | -rw-r–r-- 1 root www 1315 Mar 5 16:22 secring.gpg
| | -rw-r–r-- 1 root www 1280 Mar 5 16:22 trustdb.gpg
| |
| | I am running RTIR on FreeBSD 6.3 + Apache1.3 + mod_perl1.x +
| Postgresql8.1.
| |
| | Is there anything that I overlooked or is there any specific place i can
| | dump all the keys i need?
| |
| | Thanks.
| _______________________________________________
| Rtir mailing list
| Rtir@lists.bestpractical.com
| The rtir Archives
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFHz8C6yGS9PS1C9nERAqV2AJ93Gz3Wkw8jgdfUn+xbevnkt50dDQCdE2G2
uh5l8imMzqcNedhUavJRjW0=
=WR65
-----END PGP SIGNATURE-----
Rtir mailing list
Rtir@lists.bestpractical.com
The rtir Archives
Best regards, Ruslan.