Bug#894495: mandos-client: Mandos client fails while booting but works from chroot into unpacked initramfs

Mon, 02 Apr 2018 01:33:39 -0700 

Okay I finally pinned it.

By trying to run manually the GPG key import in the initramfs, I
discovered that the issue was...

THAT THE RASPBERRY PI HAS NO REAL TIME CLOCK !

/tmp/mandosULI7OC # path=/usr/bin/gpg gpg --enable-special-filenames
--batch --no-sk-comments --homedir /tmp/mandos* --charset utf8
--enable-progress-filter --exit-on-status-write-error --impor
t -- < /conf/conf.d/mandos/seckey.txt
gpg: WARNING: unsafe ownership on homedir '/tmp/mandosULI7OC'
gpg: key 7590231119DA2D24 was created 17619 days in the future (time
warp or clock problem)
gpg: key 7590231119DA2D24 was created 17619 days in the future (time
warp or clock problem)
gpg: key 7590231119DA2D24 was created 17619 days in the future (time
warp or clock problem)
gpg: key 7590231119DA2D24 was created 17619 days in the future (time
warp or clock problem)
gpg: key 7590231119DA2D24: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: key 7590231119DA2D24: failed to re-lookup public key
gpg: Total number processed: 1
gpg:           w/o user IDs: 1
gpg:       secret keys read: 1


/tmp/mandosULI7OC # date -s 2018-04-02
Mon Apr  2 00:00:00 UTC 2018


/tmp/mandosULI7OC # path=/usr/bin/gpg gpg --enable-special-filenames
--batch --no-sk-comments --homedir /tmp/mandos* --charset utf8
--enable-progress-filter --exit-on-status-write-error --impor
t -- < /conf/conf.d/mandos/seckey.txt
gpg: WARNING: unsafe ownership on homedir '/tmp/mandosULI7OC'
gpg: /tmp/mandosULI7OC/trustdb.gpg: trustdb created
gpg: key 7590231119DA2D24: public key "tethys" imported
gpg: key 7590231119DA2D24: secret key imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg:       secret keys read: 1
gpg:   secret keys imported: 1


So I did a quick & dirty hack by creating the following file in
/etc/mandos/network-hooks.d/dateset

#!/bin/sh
date -s 2030-01-01
exit 0


...Regenerated the initramfs.

AND NOW IT WORKS PERFECTLY !

I just now have to figure out if I'm happy booting with this dummy date
(that gets fixed later on), or if I should take the pain to put some ntp
inside the initramfs.

Thanks again Teddy for all your help.

CASE CLOSED as far as I'm concerned.

ॐ

-- 
Michel Bouissou <mic...@bouissou.net> OpenPGP ID 0xEB04D09C

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to