Checklist
[x] I have read intro post: About the Installation Issues category
[x] I have read the tutorials, help and searched for similar issues
[x] I provide relevant information about my server (component names and versions, etc.)
[x] I provide a copy of my logs and healthcheck
[ ] I describe the steps I have taken to trouble shoot the problem
[ ] I describe the steps on how to reproduce the issue
Hello passbolt community,
I have attempting to install passbolt on my Synology NAS for the past couple of weeks without any success. I keep on getting the “Your entropy pool is low” error (as shown below) and have made a lot of attempts to resolve this issue. My last attempt was to create the PGP keys on my windows machine and see if by having them mounted to the Docker image it would bypass the requirement to generate them. Among other attempts, I also saw that it would be possible to use VMs to create an entropy pool, but since I lack the knowledge I am unaware of how to link this to the docker image of passbolt… so I am stuck.
I have used the steps from the installation tutorial for Docker, using the run command. The docker image starts up but then it just crashes.
Any help on this issue is much appreciated! Below I paste the log file and my synology details and if there is anything else please let me know. Although I have used my NAS for a long time, and have used other applications via docker, they were all on an entry level difficulty, so I am still very new to this. Thanks in advance!
Server Details
Synology DS718+ with 6GB of RAM, DSM 7
Log Output
==================================================================================
Your entropy pool is low. This situation could lead GnuPG to not
be able to create the gpg serverkey so the container start process will hang
until enough entropy is obtained.
Please consider installing rng-tools and/or virtio-rng on your host as the
preferred method to generate random numbers using a TRNG.
If rngd (rng-tools) does not provide enough or fast enough randomness you could
consider installing haveged as a helper to speed up this process.
Using haveged as a replacement for rngd is not recommended. You can read more
about this topic here: https://lwn.net/Articles/525459/
==================================================================================
gpg: key 133947F7D2852F04 marked as ultimately trusted
gpg: revocation certificate stored as '/var/lib/passbolt/.gnupg/openpgp-revocs.d/DA43E9891C3A75A53B0C2BE2133947F7D2852F04.rev'
-bash: line 1: /etc/passbolt/gpg/serverkey_private.asc: Permission denied
My last attempt did in fact mount the server_private.asc key, but with a fresh install (using the command above) I get the below error:
==================================================================================
Your entropy pool is low. This situation could lead GnuPG to not
be able to create the gpg serverkey so the container start process will hang
until enough entropy is obtained.
Please consider installing rng-tools and/or virtio-rng on your host as the
preferred method to generate random numbers using a TRNG.
If rngd (rng-tools) does not provide enough or fast enough randomness you could
consider installing haveged as a helper to speed up this process.
Using haveged as a replacement for rngd is not recommended. You can read more
about this topic here: https://lwn.net/Articles/525459/
==================================================================================
gpg: keybox '/var/lib/passbolt/.gnupg/pubring.kbx' created
gpg: /var/lib/passbolt/.gnupg/trustdb.gpg: trustdb created
gpg: key 5F2826FAD2A09626 marked as ultimately trusted
gpg: directory '/var/lib/passbolt/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/var/lib/passbolt/.gnupg/openpgp-revocs.d/3A283F824BA5956CC8E7155C5F2826FAD2A09626.rev'
-bash: line 1: /etc/passbolt/gpg/serverkey_private.asc: Permission denied
You are using an existing folder to mount passbolt gpg server keys:
Can you check owner and rights with this command:
la -alh /volume1/docker/passbolt/gpg
It should return something like:
-rw-r--r-- 1 www-data www-data 1.8K Feb 1 09:06 serverkey.asc
-rw------- 1 www-data www-data 3.5K Feb 1 09:06 serverkey_private.asc
On your NAS, there is chances you don’t have any www-data user, so the owner and group must be set to 33, as it is the id of the www-data user in the container.
I got a customer some weeks ago who told me: “I’m running the latest version of passbolt” and in fact, it was the “latest” tag, pulled one year ago. He was thinking he was running the 3.5.0 and it was in fact a 2.12.0
I set the owner for both “pgp” and “jwt” folders and was able to proceed with the installation and configuration of passbolt. I also fixed the “jwt” folder path to the correct one, unfortunate copy/paste error. I also used the 3.5.0-ce tag for the image. I did see in the documentation that we should do this, but since it was my first install, I figured it was not necessary.
The reason I took a while to reply is because I am now searching for the resolution of the next issue which I hoped to have resolved prior to replying to you:
From the docker container, I receive the following message:
The JWT private key could not be written.
I tried to assign 33 as owner again by:
chown 33:33 /volume1/docker/passbolt/jwt
but then I receive this message:
chown: missing operand after '33:33\302\240/volume1/docker/passbolt/jwt'
Try 'chown --help' for more information.
I then tried:
chown -R 33:33 /volume1/docker/passbolt/jwt
But I receive the same error message.
I was able to change the “pgp” folder, so I really do not understand why the “jwt” did not do the same.
I am still digging through the forum to find a solution, but I also did not want to leave you without a reply as it looks like this will take a while, so this is the situation so far.
Maybe you cannot change the owner of /volume1/docker/passbolt/jwt because it is currently used and mounted by docker ?
The \302\240 pattern is weird here Did you copy paste or typed character per character the chown command ? Can you retry without copy/pasting the command ?
I also thought that maybe the folder was locked and made sure the container was not running when requesting the owner change, but that did nothing, and I still had the issues.
I also have no idea where the “\302\240” came from. I think maybe part of the synology coding when compiling the error log? I did copy-paste initially, but as you recommended later I typed in character per character and came to the same error message.
So I did a lot of searching and tried a lot of things like “openssl_pkey_new” and generating the jwt keys manually (I deleted and created the passbolt container about 7 times already) but in the end it was just as simple as adding the “sudo” to the “chown” command. After that it made the correct changes.
So I was able to finally have passbolt running smoothly on my system and mobile without any problems.
Thank you so much @AnatomicJC for you guidance here. As you can see I know nothing of docker and such could not pinpoint the error.
PS: Considering that the issue was not the entry pool, but permissions, should I change the topic of this thread?
and welcome to passbolt community forum 
