[prev in list] [next in list] [prev in thread] [next in thread]
List: fwknop-discuss
Subject: Re: [Fwknop-discuss] Resolving FKO_ERROR_GPGME_NO_OPENPGP
From: fwknopmail.20.miller_2555 () spamgourmet ! com
Date: 2010-09-08 19:18:31
Message-ID: AANLkTimFOhLzUxCALOHPLRPmUKC7_EugTXXcRhvsfyFk () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Thanks Damien.
You were spot-on on the diagnosis. In the end, I simply added a softlink
in [/usr/bin] named `gpg2` that points to `gpg` instead of tweaking the SRPM
configure script. Incidentally, running `gpgme-config --get-gpg` inside the
initrd does indicate the use of [/usr/bin/gpg2] by `gpgme.` I also
double-checked the SRPM logs and found the autoconfig does correctly
indicate [/usr/bin/gpg] as the engine and there were no consequential
references to gpg2 upon a grep of the rpmbuild directory. I did not build
the gpgme libraries from an SRPM, so perhaps the binary RPMs for gpgme
default to `gpg2`? In any case, it is working perfectly now, and I look
forward to the aforementioned feature enhancement in a future release! Now
on to the OpenWRT build...
Thanks again -
Will
On Tue, Sep 7, 2010 at 8:44 PM, Damien S. Stuart - dstuart@dstuart.org
<+fwknopmail+miller_2555+3eae1171fb.dstuart#dstuart.org@spamgourmet.com>wrote:
> Hi,
>
> Based on the error message it appears that libgpgme is not finding gpg or
> it is not able to run /usr/bin/gpg for some reason. Can you look at your
> SRPM build logs to see the final output of the fwknop's configure script and
> see what it indicated as the path it used for "Gpgme engine;"? Actually, it
> would be a good idea to scan the configure log for clues (i.e. warnings or
> missing files/libs/packages that should be there but were not treated as an
> error).
>
> Most recent gpgme implementations use /usr/bin/gpg2, but libfko requires
> gpgme to use /usr/bin/gpg. Typically, configure will find /usr/bin/gpg and
> set that as the default engine for libfko. If it is not found by configure,
> the the libgpgme default will be used (gpg2).
>
> I'm not sure if this is the issue, but it does bring to light the fact that
> we should add the ability to set/override the gpg engine at runtime in both
> the fwknop client and server programs. Libfko does have a function to do
> this.
>
> Other things you may want to try from within your initrd is "gpgme-config
> --get-gpg" to see what it reports (will most likely be /usr/bin/gpg2). Also
> try running some /usr/bin/gpg commands to make sure gpg is indeed working in
> that environment.
>
> Lastly, make sure that libgpgme.so has all of its dependencies (a la ldd).
>
> I hope this help. Please keep us posted.
>
> Regards,
>
> -Damien
>
> On 09/07/2010 06:08 PM, fwknopmail.20.miller_2555@spamgourmet.com wrote:
>
> Hi -
>
> I am building an initrd for a Fedora Core 13 machine (both x86_64 and
> i686 architectures on boxes and virtual machines). I had the perl-based
> fwknop v1.9.12 working inside an initrd build and decided to update to the
> fwknop-2.0rc1 libfko-based version to reduce the initrd size and complexity.
> However, after building the SRPM into the initrd environment (keeping the
> same GnuPG keys as before the update), I receive the following fko error
> upon the fwknopd server receipt of a SPA packet:
> Error creating fko context: This GPGME implementation does not
> support OpenGPG - GPG ERROR: Invalid crypt engine.
>
> Steps to recreate:
> 1) Untar existing initrd compressed tarball
> 2) Copy in GnuPG keyring
> 3) Build fwknop SRPM into initrd tree (inluding libfko libraries) &
> configure access.conf. fwknopd.conf
> 4) Copy following RPMs (via rpm -q --filesbypkg <rpmname>:into initrd
> tree
> gpg
> glibc-devel
> libpcap-devel
> 5) Copy in shared libraries for the following files (via ldd):
> /usr/bin/gpg
> /usr/lib/libnsl.so
> /usr/lib/libpcap.so
> 5) Re-tar & compress customized initrd into /boot & modify grub
> 6) Restart machine and boot into customized initrd, running fwknop
> daemon
> 7) Send SPA packet from a different machine running a fwknop client to
> the machine running the fwknop server inside the customized initrd
>
> The fwknop daemon successfully runs within the initrd. However, upon
> receipt of a valid SPA packet from the fwknop client (client is v 1.9.12),
> the above error message arises. Do I need to rebuild the fwknop-server/
> libfko SPRM with an additional flag and/ or copy specific OpenPGP libraries
> into the initrd environemnt (other than those included using the process
> noted above)?
>
> As a side note, I am able to successfully ssh into the system with the
> customized initrd after a full boot up (after copying the appropriate
> configuration files from /etc/fwknop and GnuPG keyring). Given this, I think
> I am simply missing a few libraries from the initrd. I'll continue to dig a
> bit, but any pointers would be helpful!
>
> BTW - the above processes are for testing purposes only and poses
> significant security risks if implemented into a production environment
> (particularly using the same configuration/ keys in the initrd and running
> system).
>
> Thanks!
> Will
>
>
> ------------------------------------------------------------------------------
> This SF.net Dev2Dev email is sponsored by:
>
> Show off your parallel programming skills.
> Enter the Intel(R) Threading Challenge 2010.http://p.sf.net/sfu/intel-thread-sfd
>
>
> _______________________________________________
> Fwknop-discuss mailing \
> listFwknop-discuss@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/fwknop-discuss
>
>
[Attachment #5 (text/html)]
Thanks Damien. <br><br> You were spot-on on the diagnosis. In the end, I simply \
added a softlink in [/usr/bin] named `gpg2` that points to `gpg` instead of tweaking \
the SRPM configure script. Incidentally, running `<font face="Helvetica, Arial, \
sans-serif">gpgme-config --get-gpg` inside the initrd does indicate the use of \
[/usr/bin/gpg2] by `gpgme.` I also double-checked the SRPM logs and found the \
autoconfig does correctly indicate [/usr/bin/gpg] as the engine and there were no \
consequential references to gpg2 upon a grep of the rpmbuild directory. </font>I did \
not build the gpgme libraries from an SRPM, so perhaps the binary RPMs for gpgme \
default to `gpg2`? In any case, it is working perfectly now, and I look forward to \
the aforementioned feature enhancement in a future release! Now on to the OpenWRT \
build...<br> <br>Thanks again - <br>Will<br><br><div class="gmail_quote">On Tue, Sep \
7, 2010 at 8:44 PM, Damien S. Stuart - <a \
href="mailto:dstuart@dstuart.org">dstuart@dstuart.org</a> <span \
dir="ltr"><+fwknopmail+miller_2555+3eae1171fb.dstuart#<a \
href="http://dstuart.org">dstuart.org</a>@<a \
href="http://spamgourmet.com">spamgourmet.com</a>></span> wrote:<br> <blockquote \
class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt \
0pt 0.8ex; padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000">
<font face="Helvetica, Arial, sans-serif">Hi,<br>
<br>
Based on the error message it appears that libgpgme is not finding gpg
or it is not able to run /usr/bin/gpg for some reason. Can you look at
your SRPM build logs to see the final output of the fwknop's configure
script and see what it indicated as the path it used for "Gpgme
engine;"? Actually, it would be a good idea to scan the configure log
for clues (i.e. warnings or missing files/libs/packages that should be
there but were not treated as an error).<br>
<br>
Most recent gpgme implementations use /usr/bin/gpg2, but libfko
requires gpgme to use /usr/bin/gpg. Typically, configure will find
/usr/bin/gpg and set that as the default engine for libfko. If it is
not found by configure, the the libgpgme default will be used (gpg2).<br>
<br>
I'm not sure if this is the issue, but it does bring to light the fact
that we should add the ability to set/override the gpg engine at
runtime in both the fwknop client and server programs. Libfko does
have a function to do this.<br>
<br>
Other things you may want to try from within your initrd is
"gpgme-config --get-gpg" to see what it reports (will most likely be
/usr/bin/gpg2). Also try running some /usr/bin/gpg commands to make
sure gpg is indeed working in that environment. <br>
<br>
Lastly, make sure that libgpgme.so has all of its dependencies (a la
ldd).<br>
<br>
I hope this help. Please keep us posted.<br>
<br>
Regards,<br>
<br>
-Damien<br>
</font><br>
On 09/07/2010 06:08 PM, <a href="mailto:fwknopmail.20.miller_2555@spamgourmet.com" \
target="_blank">fwknopmail.20.miller_2555@spamgourmet.com</a> wrote: <blockquote \
type="cite">Hi - <br> <br>
I am building an initrd for a Fedora Core 13 machine (both x86_64
and i686 architectures on boxes and virtual machines). I had the
perl-based fwknop v1.9.12 working inside an initrd build and decided to
update to the fwknop-2.0rc1 libfko-based version to reduce the initrd
size and complexity. However, after building the SRPM into the initrd
environment (keeping the same GnuPG keys as before the update), I
receive the following fko error upon the fwknopd server receipt of a
SPA packet:<br>
Error creating fko context: This GPGME implementation does not
support OpenGPG - GPG ERROR: Invalid crypt engine. <br>
<br>
Steps to recreate: <br>
1) Untar existing initrd compressed tarball<br>
2) Copy in GnuPG keyring<br>
3) Build fwknop SRPM into initrd tree (inluding libfko libraries)
& configure access.conf. fwknopd.conf<br>
4) Copy following RPMs (via rpm -q --filesbypkg
<rpmname>:into initrd tree <br>
gpg<br>
glibc-devel<br>
libpcap-devel<br>
5) Copy in shared libraries for the following files (via ldd):<br>
/usr/bin/gpg<br>
/usr/lib/libnsl.so<br>
/usr/lib/libpcap.so<br>
5) Re-tar & compress customized initrd into /boot & modify
grub<br>
6) Restart machine and boot into customized initrd, running fwknop
daemon<br>
7) Send SPA packet from a different machine running a fwknop client
to the machine running the fwknop server inside the customized initrd<br>
<br>
The fwknop daemon successfully runs within the initrd. However, upon
receipt of a valid SPA packet from the fwknop client (client is v
1.9.12), the above error message arises. Do I need to rebuild the
fwknop-server/ libfko SPRM with an additional flag and/ or copy
specific OpenPGP libraries into the initrd environemnt (other than
those included using the process noted above)? <br>
<br>
As a side note, I am able to successfully ssh into the system with the
customized initrd after a full boot up (after copying the appropriate
configuration files from /etc/fwknop and GnuPG keyring). Given this, I
think I am simply missing a few libraries from the initrd. I'll
continue to dig a bit, but any pointers would be helpful!<br>
<br>
BTW - the above processes are for testing purposes only and poses
significant security risks if implemented into a production environment
(particularly using the same configuration/ keys in the initrd and
running system). <br>
<br>
Thanks!<br>
Will<br>
<pre><fieldset></fieldset>
------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
<a href="http://p.sf.net/sfu/intel-thread-sfd" \
target="_blank">http://p.sf.net/sfu/intel-thread-sfd</a></pre> \
<pre><fieldset></fieldset> _______________________________________________
Fwknop-discuss mailing list
<a href="mailto:Fwknop-discuss@lists.sourceforge.net" \
target="_blank">Fwknop-discuss@lists.sourceforge.net</a> <a \
href="https://lists.sourceforge.net/lists/listinfo/fwknop-discuss" \
target="_blank">https://lists.sourceforge.net/lists/listinfo/fwknop-discuss</a> \
</pre> </blockquote>
</div>
</blockquote></div><br>
------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Fwknop-discuss mailing list
Fwknop-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic