GnuPG::Interface

Linda Jen lingjen at email.unc.edu
Mon Apr 23 00:41:21 CEST 2007


I am new to this list and to GnuPG.  I have spent about a week on a problem and 
searched faq and every thing google could turn up and tried everything 
suggested but cannot get around the problem.

I am trying to run a CGI application that uses GnuPG::Interface
in perl.  The application runs fine from the command line but not from
CGI.  Of course, the CGI is running as user httpd and I have now changed the 
homedir path to be owned by httpd also.  The application creates a
temporary files for encrypting and signing.  I have followed coding exactly 
like that in examples.  I have included a relevant snippet of
code below:
-----------------------------------------------------------------------
my $gnupg = GnuPG::Interface->new();
    $gnupg->options->hash_init( armor   => 1,
       recipients => $data{'gpg_user'},
       homedir => $data{'gpg_home'});
         my $input = IO::Handle->new();
         my $output = IO::Handle->new();
         my $handles = GnuPG::Handles->new(  stdin => $input,
                                         stdout  => $output);
         $gnupg->encrypt(handles => $handles);
         open(unENCR,"/tmp/$prefix") || die "You are pissing me off!";
         @alltext = <unENCR>;
         print $input @alltext;
         close $input;
         my @ciphertext = <$output>;
         print @ciphertext ;
         close $output;
         wait;
         open(ENCR,">/tmp/$prefix2")|| die "Cannot open file to encrypt";
         print ENCR @ciphertext;
         close(ENCR);
         print @ciphertext;
# *** obtain the GnuPG signature data
open (ENCR, $encryptedfile) or die "Unable to open encryptedfile - 
$encryptedfil
e";
while(<ENCR>){
    $message .= $_;
}
close(ENCR);

$base64message = encode_base64($message);
$url = $eacportal.'?sg='.$base64message.'&comp='.$pm_shortname;

print "\n$url\n";
exit(0);
--------------------------------------------------------------------
I get the following messages in my apache server log:

[Fri Apr 20 14:10:45 2007] [error] [client 852.12.22.138] gpg: WARNING: 
unsafe permissions on homedir 
"/xxxxxxxxxxxxxxxx/.gnupg", referer: 
http://yyyyyyyyy/test/login.test2.html
[Fri Apr 20 14:10:45 2007] [error] [client 852.12.22.138] gpg: failed to 
create temporary file 
`/xxxxxxxxxxxxxxx/.gnupg/.#lk0x9b7bf18.xxxxx.13310': 
Permission denied, referer: 
http://yyyyyyyyy/test/login.test2.html
[Fri Apr 20 14:10:45 2007] [error] [client 852.12.22.138] gpg: fatal: 
/xxxxxxxxxxxxxxxx/.gnupg/trustdb.gpg: 
can't create lock, referer: 
http://yyyyyyyyy/test/login.test2.html
[Fri Apr 20 14:10:45 2007] [error] [client 852.12.22.138] secmem usage: 
1408/1408 bytes in 2/2 blocks of pool 1408/16384, referer: 
http://yyyyyyyyy/test/login.test2.html
-----------------------------------------------------------------------
One suggestion I read was to chmod u+s on the executable.  None of these
worked.   Does anyone have an idea of a workaround for this or does
anyone have any suggestions or working examples including proper
permissions on directories and programs?  Changing owners to
root or the server (httpd) doesn't seem to help.  Thanks in advance.



More information about the Gnupg-users mailing list