Hello,
I upgraded my server to Passbolt 2.0.0-rc2 today and was able to get most of the way there, except the error below.
In the CakePHP logs (log/error.log
):
2018-03-19 01:36:43 Error: [Cake\Network\Exception\InternalErrorException] The GPG Server key defined in the config is not found in the gpg keyring
Request URL: /auth/verify.json?api-version=v1
And on the /auth/login
route, “Could not verify server key. Server code: That version of GPGAuth is not supported. (undefined)” is displayed in a red box.
I ran the health check and it didn’t return any errors. The health check verifies that the keys are properly setup, so I don’t see why this error is being thrown.
# su -c "/var/www/passbolt/bin/cake passbolt healthcheck" -s /bin/bash nginx
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
---------------------------------------------------------------
Healthcheck shell
---------------------------------------------------------------
Environment
[PASS] PHP version 7.1.15.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://[redacted]
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.
SSL Certificate
[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate
Database
[PASS] The application is able to connect to the database
[PASS] 19 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The server gpg key is not the default one
[PASS] The environment variable GNUPGHOME is set to /var/lib/nginx/.gnupg.
[PASS] The directory /var/lib/nginx/.gnupg containing the keyring is writable by the webserver user.
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The public key can be used to sign a message.
[PASS] The public key can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
Application configuration
[PASS] Using latest passbolt version (2.0.0-rc2).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.
No error found. Nice one sparky!
Below are the details of my setup:
OS: RHEL 7.4
Server: nginx/1.12.2
PHP: 7.1.15 (fpm-fcgi)
DB: mysql 15.1 Distrib 5.5.56-MariaDB
Just to double check, I listed the secret keys in the nginx user’s ring and the server secret key was listed. The fingerprint also matches the one that is in the conf/passbolt.conf
file.
# su -c "gpg --list-secret-keys" -s /bin/bash nginx
/var/lib/nginx/.gnupg/secring.gpg
---------------------------------
sec 2048R/C44D9582 2018-03-01 [expires: 2020-02-29]
uid [redacted]
ssb 2048R/D9633E38 2018-03-01
If there is anything else information-wise that could be helpful, please let me know.