I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue
we tried to upgrade Passbolt from version 2.4.1 to the latest version on a new server running Ubuntu 22.04.2.
We followed this guide: Passbolt Help | Migrate an existing Passbolt CE to a new Ubuntu server
However we get an error when importing the old serverkey:
fabian@passbolt:~$ sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import --verbose --pinentry-mode loopback /etc/passbolt/gpg/serverkey_private.asc" www-data gpg: sec rsa2048/F47BC46B7421040D 2020-07-13 Fabian (nope) <email@example.com> gpg: key F47BC46B7421040D: "Fabian (nope) <firstname.lastname@example.org>" not changed gpg: key F47BC46B7421040D/F47BC46B7421040D: error sending to agent: Permission denied gpg: error building skey array: Permission denied gpg: error reading '/etc/passbolt/gpg/serverkey_private.asc': Permission denied gpg: import from '/etc/passbolt/gpg/serverkey_private.asc' failed: Permission denied gpg: Total number processed: 0 gpg: unchanged: 1 gpg: secret keys read: 1
The permissions are all as they should be according to the guide
GPG Configuration [PASS] PHP GPG Module is installed and loaded. [PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg. [PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user. [PASS] The server OpenPGP key is not the default one [PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable. [PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable. [PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php. [FAIL] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is not in the keyring [HELP] Import the private server key in the keyring of the webserver user. [HELP] you can try: [HELP] sudo su -s /bin/bash -c "gpg --home /var/lib/passbolt/.gnupg --import /etc/passbolt/gpg/serverkey_private.asc" www-data [PASS] There is a valid email id defined for the server key.
So now I don’t know what we could do…