GPG signing of outgoing RT::IR emails in RT-RT::IR 5.0.1 fails


I’ve configured RT::IR to use a gpg-agent for signing outgoing mails but I store the generated mails to the local file system (=I’ve set MailCommand to mbox) for the time being. I see the generated mails under
$(RTINSTALLDIR)/var/ as *.mbox files but there are no signatures in the messages. Is this expected behaviour (for mbox’ed output) or something failing in my confs?
The gpg-agent is up and running and has the passphrase needed. The web server has been restarted after providing the passphrase so RT::IR should have all it needs for signing outgoing mails.

Further debugging: queues have flags controlling signing and encryption. Navigating via the web GUI to Admin → Queues → Select we reach the queue configuration. After selecting the queue of interest, investigation in our case, activate the check boxes

  • Sign by default
  • Sign all auto-generated mail. Caution : Enabling this option alters the signature from providing authentication to providing integrity .

Save changes, create new investigations and discover in the logs that gpg is not happy with invocation options like keyserver, with-colons, digest-algo etc etc :upside_down_face:

And further debugging : the invocation options causing problems to gpg signing were due to the option use-agent defined in the GnuPGOptions conf structure. Removing that, our RT-RT::IR signs outgoing investigation mails using the running gpg agent … According to the documentation in module


use-agent is a valid option though …