[ x ] I have read intro post: About the Installation Issues category
[ x ] I have read the tutorials, help and searched for similar issues
[ x ] I provide relevant information about my server (component names and versions, etc.)
[ x ] I provide a copy of my logs and healthcheck
[ x ] I describe the steps I have taken to trouble shoot the problem
[ x ] I describe the steps on how to reproduce the issue
We have been using passbolt for a number of years. The installation is a source installation, and it runs alongside a number of other open source self hosted sites.
Recently, our installation complained that the server GPG key expired. OK, lets update the expiry to
0 and kick things back into production.
We updated the server key to remove this expiration, but now the site keeps returning the following –
The OpenGPG sever defined in the config cannot be used to decrypt. Could not import key.
This is displayed on browsers that have the plugin installed.
I have also tried removing the plugin, and tried recovering accounts (3 in total) using respective private keys.
When this is done, the plugin returns that the provided key does not belong to any user.
Linux 4.19.0-8-amd64 #1 SMP Debian 4.19.98-1 (2020-01-26) x86_64 GNU/Linux
- Installed to
- Hosted using a named virtual host on apache v2.4
- GNU keyring installed to
I have also tried to generate a complete new server key. The plugin responds correctly with key change warning, however, we are still at the same place. In terms of not being able to use the key.
Something strange I did notice…
All the GPG keys have always belonged to the
passbolt user we have setup, who belongs to the
drwx------ 4 passbolt www-data 4096 May 22 18:38 .gnupg
- I can view keys by (I see server and user keys)
sudo -u passbolt -H gpg --list-keys.
- I cant view keys by
sudo -u www-data -H gpg --list-keys. This returns error
gpg: Fatal: can't create directory '/var/opt/gitlab/nginx/.gnupg': Permission denied
- We have also tried setting user/group to
I dont know if the gitlab installation is stomping on the GNU home directory for www-data?
The keyring defined in
putenv defined as
Installation has been working flawlessly (up until key expiry), this means we have a lot of critical information sitting on this server that we need to access…
Any clues on things I can try? Nothing we are trying or reading online seems to make a difference to our installation.
Any more information I can post to help?
Is there a way to pass
--homedir to the gpg command, is it correct to assume that this is what
keyring definition in the configuration file does?