Enabling the gnupg extension

Installation Issues
1

I’ve installed Passbolt CE on my Ubuntu 20.04 Server with Nginx and PHP7.4 but when I run

sudo -H -u www-data bash -c “./bin/cake passbolt healthcheck”

I get an error message reading

PHP Fatal error: You must enable the gnupg extension to use Passbolt. in /var/www/passbolt/config/requirements.php on line 31

I’ve gone into php.ini in both the cli and fpm directories and added “extension-gnupg.so” to both, but I’m still getting the error.

The conclusion is inescapable: I’ve made a horrible mistake somewhere. Can anyone straighten me out?

2

Hi :wave:

Did you follow this to setup your passbolt instance: Passbolt Help | Install Passbolt CE on Ubuntu 20.04 ?

If you installed Passbolt with the package, the gnupg PHP extension should be automatically installed as a dependency.

Can you share with us the output of the following commands:

$ php -i | grep gnupg

It should output:

/etc/php/7.4/cli/conf.d/20-gnupg.ini,
gnupg
gnupg support => enabled

And this one:

$ dpkg -l | grep -E "(php-gnupg|passbolt-ce-server)"

Should return:

ii  passbolt-ce-server                   3.2.1-3~1627390708.gbp663784      all          Passbolt, open source password manager for teams
ii  php-gnupg                            1.4.0-6build1                     amd64        PHP wrapper around the gpgme library

Best,

3 
  _jc

October 20Hi :wave:
Did you follow this to setup your passbolt instance: Passbolt Help |
Install Passbolt CE on Ubuntu 20.04 ?

I did.

If you installed Passbolt with the package, the gnupg PHP extension
should be automatically installed as a dependency.
Can you share with us the output of the following commands:
$ php -i | grep gnupg

It should output:
/etc/php/7.4/cli/conf.d/20-gnupg.ini,
gnupg
gnupg support => enabled

All I got was a newline: no output at all.

And this one:
$ dpkg -l | grep -E “(php-gnupg|passbolt-ce-server)”

Should return:
ii passbolt-ce-server 3.2.1-3~1627390708.gbp663784
all Passbolt, open source password manager for teams
ii php-gnupg 1.4.0-6build1
amd64 PHP wrapper around the gpgme library

Exactly my results!
I hope this makes sense; seems to me one is saying gnupg is there and
the other isn’t. But then, what do I know?

Ken

4

Hi !

On my Ubuntu 20.04, the gnupg extension is enabled in this file via extension=gnupg.so and not by adding extension-gnupg.so

$ grep -rn gnupg /etc/php/
/etc/php/7.4/mods-available/gnupg.ini:1:extension=gnupg.so

And there is symbolic links created:

$ find /etc/php/ -name "*gnupg.ini" -type l
/etc/php/7.4/fpm/conf.d/20-gnupg.ini
/etc/php/7.4/cli/conf.d/20-gnupg.ini

To check the integrity of files installed via Debian packages, you can install debsums:

$ sudo apt instal debsums

Then you can get a list of files who has been modified since they were installed:

$ sudo debsums -c

To see if php-gnupg package is ok:

$ sudo debsums php-gnupg
/usr/lib/php/20190902/gnupg.so                                                OK
/usr/share/doc/php-gnupg/changelog.Debian.gz                                  OK
/usr/share/doc/php-gnupg/copyright                                            OK
5

My bad. I typed = in the .ini files, but mistyped - in my first post.

All of these checks are coming up correct, but there’s still no gnupg enabled.

6

Did you restart the php-fpm service after the add of the gnupg extension in php.ini ?

sudo systemctl restart php7.4-fpm.service
7

I hadn’t, so I tried it. Still no joy.

8

:confused:

Hum, can you paste here the full output of sudo php -i ?

I would like to check which ini files are taken into account. Here is mine:

$ sudo php -i
phpinfo()
PHP Version => 7.4.3

System => Linux ubuntu2004 5.4.0-80-generic #90-Ubuntu SMP Fri Jul 9 22:49:44 UTC 2021 x86_64
Build Date => Aug 13 2021 05:39:12
Server API => Command Line Interface
Virtual Directory Support => disabled
Configuration File (php.ini) Path => /etc/php/7.4/cli
Loaded Configuration File => /etc/php/7.4/cli/php.ini
Scan this dir for additional .ini files => /etc/php/7.4/cli/conf.d
Additional .ini files parsed => /etc/php/7.4/cli/conf.d/10-mysqlnd.ini,
/etc/php/7.4/cli/conf.d/10-opcache.ini,
/etc/php/7.4/cli/conf.d/10-pdo.ini,
/etc/php/7.4/cli/conf.d/15-xml.ini,
/etc/php/7.4/cli/conf.d/20-calendar.ini,
/etc/php/7.4/cli/conf.d/20-ctype.ini,
/etc/php/7.4/cli/conf.d/20-dom.ini,
/etc/php/7.4/cli/conf.d/20-exif.ini,
/etc/php/7.4/cli/conf.d/20-ffi.ini,
/etc/php/7.4/cli/conf.d/20-fileinfo.ini,
/etc/php/7.4/cli/conf.d/20-ftp.ini,
/etc/php/7.4/cli/conf.d/20-gd.ini,
/etc/php/7.4/cli/conf.d/20-gettext.ini,
/etc/php/7.4/cli/conf.d/20-gnupg.ini,
/etc/php/7.4/cli/conf.d/20-iconv.ini,
/etc/php/7.4/cli/conf.d/20-intl.ini,
/etc/php/7.4/cli/conf.d/20-json.ini,
/etc/php/7.4/cli/conf.d/20-mbstring.ini,
/etc/php/7.4/cli/conf.d/20-mysqli.ini,
/etc/php/7.4/cli/conf.d/20-pdo_mysql.ini,
/etc/php/7.4/cli/conf.d/20-phar.ini,
/etc/php/7.4/cli/conf.d/20-posix.ini,
/etc/php/7.4/cli/conf.d/20-readline.ini,
/etc/php/7.4/cli/conf.d/20-shmop.ini,
/etc/php/7.4/cli/conf.d/20-simplexml.ini,
/etc/php/7.4/cli/conf.d/20-sockets.ini,
/etc/php/7.4/cli/conf.d/20-sysvmsg.ini,
/etc/php/7.4/cli/conf.d/20-sysvsem.ini,
/etc/php/7.4/cli/conf.d/20-sysvshm.ini,
/etc/php/7.4/cli/conf.d/20-tokenizer.ini,
/etc/php/7.4/cli/conf.d/20-xmlreader.ini,
/etc/php/7.4/cli/conf.d/20-xmlwriter.ini,
/etc/php/7.4/cli/conf.d/20-xsl.ini
(...)

Thanks !

9

When I ran this command everything came back pointing to php 8.0. Will
Passbolt work with 8.0? I know the Nginx conf file points to php 7.4.

Ken

10

Anyway, here’s the output. Please note I have both 7.4 and 8.0
installed on my server.

phpinfo()
PHP Version => 8.0.3

System => Linux grace 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24
14:50:10 UTC 2021 x86_64
Build Date => Mar 5 2021 07:54:13
Build System => Linux
Server API => Command Line Interface
Virtual Directory Support => disabled
Configuration File (php.ini) Path => /etc/php/8.0/cli
Loaded Configuration File => /etc/php/8.0/cli/php.ini
Scan this dir for additional .ini files => /etc/php/8.0/cli/conf.d
Additional .ini files parsed => /etc/php/8.0/cli/conf.d/10-mysqlnd.ini,
/etc/php/8.0/cli/conf.d/10-opcache.ini,
/etc/php/8.0/cli/conf.d/10-pdo.ini,
/etc/php/8.0/cli/conf.d/15-xml.ini,
/etc/php/8.0/cli/conf.d/20-bcmath.ini,
/etc/php/8.0/cli/conf.d/20-bz2.ini,
/etc/php/8.0/cli/conf.d/20-calendar.ini,
/etc/php/8.0/cli/conf.d/20-ctype.ini,
/etc/php/8.0/cli/conf.d/20-curl.ini,
/etc/php/8.0/cli/conf.d/20-dom.ini,
/etc/php/8.0/cli/conf.d/20-exif.ini,
/etc/php/8.0/cli/conf.d/20-ffi.ini,
/etc/php/8.0/cli/conf.d/20-fileinfo.ini,
/etc/php/8.0/cli/conf.d/20-ftp.ini,
/etc/php/8.0/cli/conf.d/20-gd.ini,
/etc/php/8.0/cli/conf.d/20-gettext.ini,
/etc/php/8.0/cli/conf.d/20-gmp.ini,
/etc/php/8.0/cli/conf.d/20-iconv.ini,
/etc/php/8.0/cli/conf.d/20-igbinary.ini,
/etc/php/8.0/cli/conf.d/20-imagick.ini,
/etc/php/8.0/cli/conf.d/20-imap.ini,
/etc/php/8.0/cli/conf.d/20-intl.ini,
/etc/php/8.0/cli/conf.d/20-mbstring.ini,
/etc/php/8.0/cli/conf.d/20-mysqli.ini,
/etc/php/8.0/cli/conf.d/20-pdo_mysql.ini,
/etc/php/8.0/cli/conf.d/20-phar.ini,
/etc/php/8.0/cli/conf.d/20-posix.ini,
/etc/php/8.0/cli/conf.d/20-readline.ini,
/etc/php/8.0/cli/conf.d/20-redis.ini,
/etc/php/8.0/cli/conf.d/20-shmop.ini,
/etc/php/8.0/cli/conf.d/20-simplexml.ini,
/etc/php/8.0/cli/conf.d/20-sockets.ini,
/etc/php/8.0/cli/conf.d/20-sysvmsg.ini,
/etc/php/8.0/cli/conf.d/20-sysvsem.ini,
/etc/php/8.0/cli/conf.d/20-sysvshm.ini,
/etc/php/8.0/cli/conf.d/20-tokenizer.ini,
/etc/php/8.0/cli/conf.d/20-xmlreader.ini,
/etc/php/8.0/cli/conf.d/20-xmlwriter.ini,
/etc/php/8.0/cli/conf.d/20-xsl.ini,
/etc/php/8.0/cli/conf.d/20-zip.ini

11

I understand well now why php -i | grep gnupg returns nothing. You added the extension for php 7.4 but your default php is 8.0.

You should set the default php command line to the 7.4, or install the gnupg extension for php 8.0.

You may be able to update the default php version with this command:

sudo update-alternatives --config php

I don’t know if Passbolt is working with php 8.0. You can try to install php-gnupg for 8.0 and update the nginx config file to point to 8.0 and let us know :stuck_out_tongue: ?

Thanks !

12

Okay, I installed the gnupg extension for php 8.0, and now I do get the
correct output for php -i | grep gnupg. But whether I use 7.4 or 8.0 I
get a brief image of a dead bird followed by a white screen.

Ken

13

Hi,

I tried on my side a Passbolt installation with PHP 8.0 and it works.

Regarding the dead bird, you should have a look in the browser debug tool (press F12), on the console and network tabs.

You should have a look at server logs too:

  • /var/log/nginx
  • /var/log/passbolt

You can also enable the passbolt extension debug mode. This is different from the previous console.

If you are using Google Chrome can you please go to: chrome://extensions

  • Activate the Developer mode in the top right corner
  • Look for the Passbolt card and click details button
  • Look for the Inspect views and the index.html link
  • A new window will appear this is the debugger of the browser extension, try to reproduce the error and send us the logs

On Firefox, you can go to: about:debugging#/runtime/this-firefox

  • locate Passbolt and click Inspect
  • A new tab for the console of the browser extension will appear. try to reproduce the error and send us the logs

And by the way, do you really need PHP8.0 on this server ?

Thanks,

14

I’ve looked at the console and network tabs, but I honestly don’t understand what I’m reading. The console tab is blank, and the network tab says Status 500. Am I missing something?

The only thing I see under Help>About Firefox is the version number and a few other irrelevant details. Again, I’m sure I’m sure I’m missing something obvious.

Probably not. My wife always teases me about upgrading too quickly.

Ken

15

image
image2112×1708 292 KB

By the way, if you see “Status 500”, it means there is error server side.

Can you have a look at server logs too ?

  • /var/log/nginx
  • /var/log/passbolt
16

Can you have a look at server logs too ?

  • /var/log/nginx

/var/log/nginx/passbolt.error has this most recent line:

2021/10/22 15:42:31 [error] 1001157#1001157: *4615 FastCGI sent in
stderr: “Primary script unknown” while reading response header from
upstream, client: 192.168.1.1, server: passbolt.koalatyworks.com,
request: “GET /setup.php HTTP/2.0”, upstream:
“fastcgi://unix:/var/run/php/php8.0-fpm.sock:”, host:
passbolt.koalatyworks.com

  • /var/log/passbolt

/var/log/passbolt is an empty directory.

17

Hum, why didn’t you tell me you were trying to upgrade an existing Passbolt instance to a new one ?

You are currently running a 2.13.5 instance. This doesn’t work with PHP 8.0.

image
image1888×970 65.3 KB

If you had started with that, we would have won some time. The procedure to follow is this one: Passbolt Help | Migrate passbolt CE from install scripts to Ubuntu package

Where is located your Passbolt root folder ? /var/www/passbolt ?
Can you share here your nginx configuration file ?

Thanks !

18 
  _jc

October 24Hum, why didn’t you tell me you were trying to upgrade an
existing Passbolt instance to a new one ?
You are currently running a 2.13.5 instance. This doesn’t work with PHP
8.0.

If you had started with that, we would have won some time. The
procedure to follow is this one: Passbolt Help | Migrate passbolt CE
from install scripts to Ubuntu package

Okay, I got up to Step 8 in the migration procedure and got the
following exception:

Exception: There was a problem connecting to the database:
SQLSTATE[HY000] [1044] Access denied for user
'passboltuser'@'localhost' to database 'passboltdb'

Now what?

Where is located your Passbolt root folder ? /var/www/passbolt ?

Since running the migration procedure, it is /etc/passbolt/

Can you share here your nginx configuration file ?

server {
   listen 80;
   listen [::]:80;
   server_name passbolt.koalatyworks.com;

   root /etc/passbolt/;
   error_log /var/log/nginx/passbolt.error;
   access_log /var/log/nginx/passbolt.access;

   index index.php index.html index.htm index.nginx-debian.html;

   location / {
     try_files $uri $uri/ /index.php?$query_string;
   }

   location ~ \.php$ {
     # try_files $uri =404;
     fastcgi_split_path_info ^(.+\.php)(/.+)$;
     # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini

     fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
     fastcgi_index index.php;
     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
     include fastcgi_params;

     fastcgi_buffer_size 128k;
     fastcgi_buffers 256 16k;
     fastcgi_busy_buffers_size 256k;
     fastcgi_temp_file_write_size 256k;
   }

    # Don't log favicon
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    # Don't log robots
    location = /robots.txt  {
        access_log off;
        log_not_found off;
    }

    # Deny all attempts to access hidden files/folders such as
.htaccess, .htpasswd, .DS_Store (Mac), etc...
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Deny all grunt, composer files
    location ~* (Gruntfile|package|composer)\.(js|json)$ {
        deny all;
        access_log off;
        log_not_found off;
    }

     # A long browser cache lifetime can speed up repeat visits to your
page
  location ~*
\.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ {
       access_log        off;
       log_not_found     off;
       expires           360d;
  }
}
19

Thanks for the infos. So several problems to fix:

With Passbolt package, the Passbolt root folder is /usr/share/php/passbolt. I see you set it to /etc/passbolt in your nginx configuration file. /etc/passboltis the path of the configuration files.

$ ls -alh /usr/share/php/passbolt/
total 44K
drwxr-xr-x  9 root root 4.0K Oct 25 06:01 .
drwxr-xr-x  4 root root 4.0K Oct 25 06:01 ..
-rw-r--r--  1 root root  349 Jul 27 12:57 .htaccess
drwxr-xr-x  2 root root 4.0K Oct 25 06:01 bin
-rw-r--r--  1 root root  649 Jul 27 12:57 index.php
drwxr-xr-x  3 root root 4.0K Oct 25 06:01 plugins
drwxr-xr-x  3 root root 4.0K Oct 25 06:01 resources
drwxr-xr-x 15 root root 4.0K Oct 25 06:01 src
drwxr-xr-x 10 root root 4.0K Oct 25 06:01 templates
drwxr-xr-x 19 root root 4.0K Oct 25 06:01 vendor
drwxr-xr-x  7 root root 4.0K Oct 25 06:01 webroot

$ sudo ls -alh /etc/passbolt
total 140K
drwxrwx---  6 root     www-data 4.0K Oct 25 06:01 .
drwxr-xr-x 96 root     root     4.0K Oct 25 06:01 ..
drwxr-x---  2 root     www-data 4.0K Oct 25 06:01 Migrations
drwxr-xr-x  2 www-data www-data 4.0K Oct 25 06:01 Seeds
-rw-r-----  1 root     www-data  18K Jul 27 12:57 app.default.php
-rw-r-----  1 root     www-data  18K Jul 27 12:58 app.php
-rw-r-----  1 root     www-data 6.1K Jul 27 12:57 bootstrap.php
-rw-r-----  1 root     www-data  886 Jul 27 12:57 bootstrap_cli.php
-rw-r-----  1 root     www-data   65 Jul 27 12:57 bootstrap_plugins.php
-rw-r-----  1 root     www-data  11K Jul 27 12:58 default.php
-rw-r-----  1 root     www-data 1.5K Jul 27 12:57 file_storage.php
drwxrwx---  2 www-data www-data 4.0K Oct 25 06:01 gpg
-rw-r--r--  1 root     root      848 Oct 25 06:01 nginx-ssl.conf
-rw-r-----  1 root     www-data 5.5K Jul 27 12:57 passbolt.default.php
-r--r-----  1 www-data www-data 3.1K Oct 25 06:01 passbolt.php
-rw-r-----  1 root     www-data 2.6K Jul 27 12:58 paths.php
-rw-r-----  1 root     www-data 1.3K Jul 27 12:57 requirements.php
-rw-r-----  1 root     www-data  14K Jul 27 12:57 routes.php
drwxr-x---  2 root     www-data 4.0K Oct 25 06:01 schema
-rw-r-----  1 root     www-data  113 Jul 27 12:57 version.php

So you should replace in your nginx configuration file:

root /etc/passbolt/;

with:

root /usr/share/php/passbolt;

By the way, the nginx configuration file you posted is not the one generated by the package. It seems you are using https, but there is no https configuration in yours, I assume you are using a proxy in front of your Passbolt instance ?

This means the database credentials provided in /etc/passbolt/passbolt.php Passbolt configuration file are not correct:

    // Database configuration.
    'Datasources' => [
        'default' => [
            'host' => 'localhost',
            'port' => '3306',
            'username' => 'passboltuser',
            'password' => 'xxxxxxxxx',
            'database' => 'passboltdb',
        ],
    ],

Best,

20

Thanks for the infos. So several problems to fix:
With Passbolt package, the Passbolt root folder is
/usr/share/php/passbolt. I see you set it to /etc/passbolt in your
nginx configuration file. /etc/passboltis the path of the
configuration files.

So you should replace in your nginx configuration file:
root /etc/passbolt/;

with:
root /usr/share/php/passbolt;

Okay, that’s done.

By the way, the nginx configuration file you posted is not the one
generated by the package. It seems you are using https, but there is
no https configuration in yours, I assume you are using a proxy in
front of your Passbolt instance ?

No proxy, but I added the Let’sEncrypt section to
/etc/nginx/conf.d/passbolt.conf.

DaddyWarlock:
Exception: There was a problem connecting to the database:
SQLSTATE[HY000] [1044] Access denied for user
‘passboltuser’@‘localhost’ to database ‘passboltdb’

This means the database credentials provided in
/etc/passbolt/passbolt.php Passbolt configuration file are not
correct:

Tweaked the database credentials, and the migration ran smoothly.
Thank you!

So now when I try to run Passbolt, I just get a blank white page.

Ken