Checklist
I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue
Server: Synology NAS DS916+
OS: DSM 7.2.1-69057 Update 4
Passbolt edition: Docker CE
Currently running 3.9.0. If I try to update to any higher version, the new version will stop immediately after start.
Here is the log:
| date | stream | content |
|---|---|---|
| 2024/04/02 02:18:22 | stdout | gpg: secret keys read: 1 |
| 2024/04/02 02:18:22 | stdout | gpg: unchanged: 1 |
| 2024/04/02 02:18:22 | stdout | gpg: Total number processed: 0 |
| 2024/04/02 02:18:22 | stdout | gpg: import from ‘/etc/passbolt/gpg/serverkey_private.asc’ failed: End of file |
| 2024/04/02 02:18:22 | stdout | gpg: error reading ‘/etc/passbolt/gpg/serverkey_private.asc’: End of file |
| 2024/04/02 02:18:22 | stdout | gpg: error getting the KEK: End of file |
| 2024/04/02 02:18:22 | stdout | gpg: key XXXXXXXXXXXX: Dxxxxx Pxxxxxx dxxxxx@pxxxxxx.com not changed |
| 2024/04/02 02:18:22 | stdout | gpg: imported: 1 |
| 2024/04/02 02:18:22 | stdout | gpg: Total number processed: 1 |
| 2024/04/02 02:18:22 | stdout | gpg: key XXXXXXXXXXXX: public key Dxxxxx Pxxxxxx dxxxxxx@pxxxxxxx.com imported |
| 2024/04/02 02:18:22 | stdout | gpg: /var/lib/passbolt/.gnupg/trustdb.gpg: trustdb created |
| 2024/04/02 02:18:22 | stdout | gpg: keybox ‘/var/lib/passbolt/.gnupg/pubring.kbx’ created |
Since it the higher versions stop running immediately, I cannot provide a healthcheck for them, however here is the healthcheck for 3.9.0 which I’m trying to update from:
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ // / __ `/ / / __ / __ / / _/
/ / // ( | ) // / // / / /
// _,///./_//__/
Open source password manager for teams
Healthcheck shell
Environment
[PASS] PHP version 7.4.33.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://pws.mydomain.com
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.
SSL Certificate
[PASS] SSL peer certificate validates
[PASS] Hostname is matching in SSL certificate.
[PASS] Not using a self-signed certificate
Database
[PASS] The application is able to connect to the database
[PASS] 30 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /var/lib/passbolt/.gnupg.
[PASS] The directory /var/lib/passbolt/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The private key file is defined in /etc/passbolt/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in /etc/passbolt/passbolt.php.
[PASS] The server public key defined in the /etc/passbolt/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.
[PASS] The server public key format is Gopengpg compatible.
[PASS] The server private key format is Gopengpg compatible.
Application configuration
[FAIL] This installation is not up to date. Currently using 3.9.0 and it should be v4.6.1.
[HELP] See. Update | Passbolt documentation.
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Host availability will be checked.
[PASS] Serving the compiled version of the javascript app.
[PASS] All email notifications will be sent.
JWT Authentication
[PASS] The JWT Authentication plugin is enabled
[PASS] The /etc/passbolt/jwt/ directory is not writable.
[PASS] A valid JWT key pair was found
SMTP Settings
[PASS] The SMTP Settings plugin is enabled.
[PASS] SMTP Settings coherent. You may send a test email to validate them.
[PASS] The SMTP Settings source is: database.
[PASS] The SMTP Settings plugin endpoints are disabled.
The steps I have taken to trouble shoot the problem:
- Updated to different higher versions and reverted to 3.9.0 countless times. At higher versions I experienced the issue every single time, at 3.9.0 version I never experienced it.
- Read all the related forum topics
- Checked the permissions of the mounted gpg folder and the files in it (serverkey.asc and serverkey_private.asc)
- I moved the mounted files to another folder and mount them there
- I have another Synology NAS, different model but same OS and same docker version. I have Passbolt installed on that, too, and I have no problem running the latest version on that machine. So I compared all the settings, env. variables, custom configs, etc. All are the same, no difference at all (except URL, etc.) However I still cannot update from 3.9.0 on one of the machinces and have no problem on the other machine.
Any help would be greatly appreciated!