Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error importing key to user #2

Open
ageis opened this issue Sep 9, 2015 · 4 comments
Open

Error importing key to user #2

ageis opened this issue Sep 9, 2015 · 4 comments
Assignees
@timegrid
Labels
enhancement

Comments

@ageis
Copy link

ageis commented Sep 9, 2015

Tried to add a key to my user profile and got the following error: Error importing the key (please try again or contact your administrator). The production.log is not very helpful since it just shows the UTF-8 POST data with the public key in it. I've tried this with both 2048-bit and 4096-bit keys and it does not work.

Running Redmine 3.1.0 on Debian 8.x with Ruby 2.1.2p95, Passenger 5.0.18. My bundle:

  * actionmailer (4.2.3)
  * actionpack (4.2.3)
  * actionpack-action_caching (1.1.1)
  * actionpack-xml_parser (1.0.2)
  * actionview (4.2.3)
  * activejob (4.2.3)
  * activemodel (4.2.3)
  * activerecord (4.2.3)
  * activesupport (4.2.3)
  * arel (6.0.3)
  * builder (3.2.2)
  * bundler (1.10.6)
  * capybara (2.5.0)
  * childprocess (0.5.6)
  * coderay (1.1.0)
  * docile (1.1.5)
  * erubis (2.7.0)
  * ffi (1.9.10)
  * globalid (0.3.6)
  * gpgme (2.0.10)
  * i18n (0.7.0)
  * jquery-rails (3.1.4)
  * json (1.8.3)
  * loofah (2.0.3)
  * mail (2.6.3)
  * mail-gpg (0.2.4)
  * metaclass (0.0.4)
  * mime-types (2.6.1)
  * mini_portile (0.6.2)
  * minitest (5.8.0)
  * mocha (1.1.0)
  * multi_json (1.11.2)
  * mysql2 (0.3.20)
  * net-ldap (0.3.1)
  * nokogiri (1.6.6.2)
  * protected_attributes (1.1.3)
  * rack (1.6.4)
  * rack-openid (1.4.2)
  * rack-test (0.6.3)
  * rails (4.2.3)
  * rails-deprecated_sanitizer (1.0.3)
  * rails-dom-testing (1.0.7)
  * rails-html-sanitizer (1.0.2)
  * railties (4.2.3)
  * rake (10.4.2)
  * rbpdf (1.18.6)
  * rdoc (4.2.0)
  * redcarpet (3.1.2)
  * request_store (1.0.5)
  * rmagick (2.15.4)
  * ruby-openid (2.3.0)
  * rubyzip (1.1.7)
  * selenium-webdriver (2.47.1)
  * simplecov (0.9.2)
  * simplecov-html (0.9.0)
  * sprockets (3.3.4)
  * sprockets-rails (2.3.3)
  * thor (0.19.1)
  * thread_safe (0.3.5)
  * tzinfo (1.2.2)
  * websocket (1.2.2)
  * xpath (2.0.0)
  * yard (0.8.7.6)
@ageis
Copy link
Author

ageis commented Sep 9, 2015

Ok, I figured out this was a permissions issue with the user owning the Redmine process (www-data) not being able to create or write to to /var/www/.gnupg. So this particular issue is resolved, but you may want to update the docs so users check for this.

@garrettr
Copy link

@ageis Did you run the rake task as root? I'd argue that the rake task should know how to Do the Right Thing (tm) if it's run as root. If not, then running sudo -u www-user rake or whatever that is apparently necessary to get this to work should be documented.

@ageis
Copy link
Author

ageis commented Sep 10, 2015

@garrettr Yeah I ran it as root. In my testing that results in the key being included in the Redmine database and its fingerprint being noted on the /pgp page, but not in www-data's local GPG keyring where it also needs to be.

There are typically lots of environment variables needed to get a working Rails environment, so sudo -u www-user rake may not suffice and you may need to pop a shell as www-user or at least export some stuff first (i.e. if you use Ruby Version Manager then run source /etc/profile.d/rvm.sh).

@timegrid
Copy link
Member

@ageis Fine, I will add a note concerning the permissions for .gnupg

@garrettr I see your point, but I doubt that rake is able to know the user owning the redmine process. The problem arises, as the plugin depends on a system level command (gpg). I see three possible solutions:

  1. Prevent using root spawing an error message "use the user owning the redmine process"
  2. Ask for the user during the task, excecuting the next commands as this user
  3. It seems possible, to define the key ring. mail-gpg claims, that their tests use a different ring to keep the "production" ring clean.

I don't know rake enough, to approach the first two solutions. Maybe it's easy and someone could point me to another rake script doing something similar?

Looking into the tests, the change of the ring is handled by ENV['GNUPGHOME']. In the end, this solution would also require the redmine administrator to adjust some configuration. You may gain more flexibility, but it's not easier. Besides, there might still be the permission issue then, if root creates .gnupg.

I think, the easiest solution is still, to add a note to the readme, as done in 4cc4364. If you have root, a su redmineuser is all you need. Maybe I should include that command, too.

timegrid added a commit that referenced this issue Sep 11, 2015
@timegrid
ref #2: added note for gpg folder permission
38ae8f7
@timegrid timegrid self-assigned this Sep 11, 2015
timegrid added a commit that referenced this issue Sep 11, 2015
@timegrid
ref #2: clarified that redmine is an example user in readme
79b5dc4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@timegrid timegrid

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@garrettr @ageis @timegrid