Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue
Hello,
we tried to upgrade Passbolt from version 2.4.1 to the latest version on a new server running Ubuntu 22.04.2.
We followed this guide: Passbolt Help | Migrate an existing Passbolt CE to a new Ubuntu server
However we get an error when importing the old serverkey:
fabian@passbolt:~$ sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import --verbose --pinentry-mode loopback /etc/passbolt/gpg/serverkey_private.asc" www-data
gpg: sec rsa2048/F47BC46B7421040D 2020-07-13 Fabian (nope) <fabian.schaefer@iris-sport.de>
gpg: key F47BC46B7421040D: "Fabian (nope) <fabian.schaefer@iris-sport.de>" not changed
gpg: key F47BC46B7421040D/F47BC46B7421040D: error sending to agent: Permission denied
gpg: error building skey array: Permission denied
gpg: error reading '/etc/passbolt/gpg/serverkey_private.asc': Permission denied
gpg: import from '/etc/passbolt/gpg/serverkey_private.asc' failed: Permission denied
gpg: Total number processed: 0
gpg: unchanged: 1
gpg: secret keys read: 1
The permissions are all as they should be according to the guide
Healthcheck:
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php.
[FAIL] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is not in the keyring
[HELP] Import the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc" www-data
[PASS] There is a valid email id defined for the server key.
So now I don’t know what we could do…