Hi -
I am building an initrd for a Fedora Core 13 machine (both x86_64 and
i686 architectures on boxes and virtual machines). I had the perl-based
fwknop v1.9.12 working inside an initrd build and decided to update to the
fwknop-2.0rc1 libfko-based version to reduce the initrd size and complexity.
However, after building the SRPM into the initrd environment (keeping the
same GnuPG keys as before the update), I receive the following fko error
upon the fwknopd server receipt of a SPA packet:
Error creating fko context: This GPGME implementation does not
support OpenGPG - GPG ERROR: Invalid crypt engine.
Steps to recreate:
1) Untar existing initrd compressed tarball
2) Copy in GnuPG keyring
3) Build fwknop SRPM into initrd tree (inluding libfko libraries) &
configure access.conf. fwknopd.conf
4) Copy following RPMs (via rpm -q --filesbypkg <rpmname>:into initrd
tree
gpg
glibc-devel
libpcap-devel
5) Copy in shared libraries for the following files (via ldd):
/usr/bin/gpg
/usr/lib/libnsl.so
/usr/lib/libpcap.so
5) Re-tar & compress customized initrd into /boot & modify grub
6) Restart machine and boot into customized initrd, running fwknop
daemon
7) Send SPA packet from a different machine running a fwknop client to
the machine running the fwknop server inside the customized initrd
The fwknop daemon successfully runs within the initrd. However, upon receipt
of a valid SPA packet from the fwknop client (client is v 1.9.12), the
above error message arises. Do I need to rebuild the fwknop-server/ libfko
SPRM with an additional flag and/ or copy specific OpenPGP libraries into
the initrd environemnt (other than those included using the process noted
above)?
As a side note, I am able to successfully ssh into the system with the
customized initrd after a full boot up (after copying the appropriate
configuration files from /etc/fwknop and GnuPG keyring). Given this, I think
I am simply missing a few libraries from the initrd. I'll continue to dig a
bit, but any pointers would be helpful!
BTW - the above processes are for testing purposes only and poses
significant security risks if implemented into a production environment
(particularly using the same configuration/ keys in the initrd and running
system).
Thanks!
Will
------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:
Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
