Hello all,
just trying to figure how to setup RT with use of gpg-agent.
Tried to start gpg-agent this way:
root@server:~# gpg-agent --daemon --pinentry-program
/usr/bin/pinentry-curses --home /opt/rt4/var/data/GnuPG
And then in RT_SiteConfig.pm:
Set( %GnuPG,
Enable => 1,
OutgoingMessagesFormat => ‘RFC’,
AllowEncryptDataInDB => 0
);
Set( %GnuPGOptions,
‘digest-algo’ => ‘SHA512’,
‘use-agent’ => undef,
‘gpg-agent-info’=> ‘/opt/rt4/var/data/GnuPG/.agent-socket’,
‘no-permission-warning’ => undef,
‘homedir’ => ‘/opt/rt4/var/data/GnuPG’
);
Set( @MailPlugins =>
“Auth::MailFrom”,
“Auth::Crypt”
);
Unfortunately it didn’t work.
The gpg-agent-info option need to have the values which change with
every gpg-agent execution.
It could be possible to use write-env-file option and then read the
file by RT. Is it possible to extend the RT_SiteConfig.pm that way it
will read the file and fill the gpg-agent-info value in GnuPGOptions
hash?
Any other thoughts?
We are running GnuPG version 1.4.12, GnuPG agent version 2.0.19 and
latest release of RT 4.2.
I think the use-standard-socket option is another approach. The value is
then consistent each time. This has become the default in version 2.
RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
- Washington DC - May 23 & 24, 2016
Thank you - got it working this way:
in rc.local:
start GPG agent for Request Tracker
/usr/local/bin/rt-gpg-agent
File /usr/local/bin/rt-gpg-agent (possible to extend it to standard
SysVinit script):
#!/bin/sh
RT_GPG_HOME=/opt/rt4/var/data/GnuPG/
[ -f “${RT_GPG_HOME}/S.gpg-agent” ] && rm -f “${RT_GPG_HOME}/S.gpg-agent”
with cache TTL of 30 days
/usr/bin/gpg-agent --daemon --pinentry-program
/usr/bin/pinentry-curses --home “${RT_GPG_HOME}” --use-standard-socket
–default-cache-ttl 2592000 --max-cache-ttl 2592000
chmod 770 “${RT_GPG_HOME}/S.gpg-agent”
chgrp www-data “${RT_GPG_HOME}/S.gpg-agent”
cp /etc/hosts /tmp
gpg --use-agent --no-permission-warning --home
/opt/rt4/var/data/GnuPG/ -r security@eset.sk -e /tmp/hosts
this will ask gpg-agent for a passphrase and will cache it for RT
gpg --use-agent --no-permission-warning --home
/opt/rt4/var/data/GnuPG/ -r security@eset.sk -d /tmp/hosts.gpg
EOF
Entries for GPG in RT_SiteConfig.pm:
Set( %GnuPG,
Enable => 1,
OutgoingMessagesFormat => ‘RFC’,
AllowEncryptDataInDB => 0
);
Set( %GnuPGOptions,
‘digest-algo’ => ‘SHA512’,
‘use-agent’ => undef,
‘gpg-agent-info’=> ‘/opt/rt4/var/data/GnuPG/S.gpg-agent’,
‘no-permission-warning’ => undef,
‘homedir’ => ‘/opt/rt4/var/data/GnuPG’
);
Set( @MailPlugins =>
“Auth::MailFrom”,
“Auth::Crypt”
);
Hope it will help somebody.
Peter