Re: Problem after Ubuntu Upgrade from 16.04 to 18.04
Yup, that did it.I just replaced the TrustedTimestamps.php with the newest from the master branch and it worked again. Thanks for the help! Frank Am Dienstag, 6. April 2021, 18:36:56 MESZ hat Folgendes geschrieben: Hello Frank, in openssl 1.1.x the output of the openssl command has changed. Assuming your mentioned piler installation is older than 2020-10-17, then I suggest to try updating system/helper/TrustedTimestamps.php from the master branch, and let's see how it goes. Janos On 2021-04-06 16:50, Frank Schmitz wrote: > Hello all, > > I had to perform an Ubuntu Upgrade to 18.04 on a server running an > older version of piler. > > The update ran without any problems, but the piler Web-GUI seems to be > "broken". > > I get the following error in the apache log (pseudo anonymized): > > [Tue Apr 06 16:35:53.008548 2021] [php7:error] [pid 14368] [client > xxx:64562] PHP Fatal error: Uncaught Exception: Systemcommand failed: > Using configuration from /usr/lib/ssl/openssl.cnf, Verification: OK in > /var/www/xxx/htdocs-ssl/system/helper/TrustedTimestamps.php:186\nStack > trace:\n#0 /var/www/xxx/htdocs-ssl/model/search/message.php(512): > TrustedTimestamps::validate('1c79bef0265fxxx...', > 'MIIVSzADAgEAxxx...', '1617716xxx', '/var/piler/free...')\n#1 > /var/www/xxx/htdocs-ssl/model/search/message.php(51): > ModelSearchMessage->check_rfc3161_timestamp_for_id('2519')\n#2 > /var/www/xxx.com/htdocs-ssl/model/search/message.php(228): > ModelSearchMessage->verify_message('4000606xxx8...', 'Return-Path: > ModelSearchMessage->extract_message('4000606cxxx...', '')\n#4 > /var/www/xxx/htdocs-ssl/system/front.php(36): > ControllerMessageView->index()\n#5 > /var/www/xxx/htdocs-ssl/system/front.php(14): Fro in > /var/www/xxx/htdocs-ssl/system/helper/TrustedTimestamps.php on line > 186 > > I see that TrustedTimestamps.php throws an exception, but I don't > understand why... > It says "Verification: OK" which should indicate that everything has > gone well, right? > > openssl is installed (1.1.1), the cron job signing messages using > TrustedTimestamps.php is also running fine. > > But using the gui throws an exception... > > Help anyone? > > Kind regards > Frank Schmitz
Problem after Ubuntu Upgrade from 16.04 to 18.04
Hello all, I had to perform an Ubuntu Upgrade to 18.04 on a server running an older version of piler. The update ran without any problems, but the piler Web-GUI seems to be "broken". I get the following error in the apache log (pseudo anonymized): [Tue Apr 06 16:35:53.008548 2021] [php7:error] [pid 14368] [client xxx:64562] PHP Fatal error: Uncaught Exception: Systemcommand failed: Using configuration from /usr/lib/ssl/openssl.cnf, Verification: OK in /var/www/xxx/htdocs-ssl/system/helper/TrustedTimestamps.php:186\nStack trace:\n#0 /var/www/xxx/htdocs-ssl/model/search/message.php(512): TrustedTimestamps::validate('1c79bef0265fxxx...', 'MIIVSzADAgEAxxx...', '1617716xxx', '/var/piler/free...')\n#1 /var/www/xxx/htdocs-ssl/model/search/message.php(51): ModelSearchMessage->check_rfc3161_timestamp_for_id('2519')\n#2 /var/www/xxx.com/htdocs-ssl/model/search/message.php(228): ModelSearchMessage->verify_message('4000606xxx8...', 'Return-Path: extract_message('4000606cxxx...', '')\n#4 /var/www/xxx/htdocs-ssl/system/front.php(36): ControllerMessageView->index()\n#5 /var/www/xxx/htdocs-ssl/system/front.php(14): Fro in /var/www/xxx/htdocs-ssl/system/helper/TrustedTimestamps.php on line 186 I see that TrustedTimestamps.php throws an exception, but I don't understand why...It says "Verification: OK" which should indicate that everything has gone well, right? openssl is installed (1.1.1), the cron job signing messages using TrustedTimestamps.php is also running fine. But using the gui throws an exception... Help anyone? Kind regardsFrank Schmitz
Re: Piler 1.3.5 on Ubuntu 18.04 WebUI doesn't render timestamped Mails
Regarding TSA https://freetsa.org/ works well for me and is completely free... Am Freitag, 16. Oktober 2020, 21:20:02 MESZ hat Folgendes geschrieben: Hello Patrick, for starters the DECRYPT_ATTACHMENT_BINARY should be pileraget (not pilerget). Also it might be worth to go over the steps and check if everything is setup properly: https://bitbucket.org/jsuto/piler/issues/480/support-rfc3161-trusted-timestamps https://www.mail-archive.com/piler-user@list.acts.hu/msg00785.html In the meantime I try to find a TSA provider suitable for testing purposes. If anyone on the list was familiar with any, or better could provide a test account, it would be great. Janos On 2020-10-16 20:02, Patrick Wagner wrote: > Hello everyone, > > we're testing the TSA signing feature of Piler. When I login as > auditor all mails are listed correctly in the Web GUI upper pane / > list. When I click on a mail the header and content are displayed > below if that mail was not signed (yet). Clicking on a signed mail > however does not refresh the lower pane and continues to display > either the last non-stamped mail or remains blank (if no mail had been > selected before). With pilerget on the CLI the mails are displayed > correctly. > > What's wrong? Do I have to change any configuration? > > I added these lines in config-site.php: > $config['TSA_PUBLIC_KEY_FILE'] = '/etc/piler/tsa.publickey.pem'; > $config['TSA_START_ID'] = 1; > $config['TSA_STAMP_REQUEST_UNIT_SIZE'] = 500; > $config['TSA_URL'] = 'http://zeitstempel.dfn.de'; > > $config['DECRYPT_BINARY'] = '/usr/bin/pilerget'; > $config['DECRYPT_ATTACHMENT_BINARY'] = '/usr/bin/pilerget'; > > > Thanks, > Patrick > > # piler -V > piler 1.3.5, build 997, Janos SUTO > > Build Date: Sun Apr 21 16:50:30 UTC 2019 > ldd version: ldd (Ubuntu GLIBC 2.27-3ubuntu1) 2.27 > gcc version: gcc version 7.3.0 (Ubuntu 7.3.0-27ubuntu1~18.04) > OS: Linux 188ae4f9894f 4.15.0-47-generic #50-Ubuntu SMP Wed Mar 13 > 10:44:52 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux > Configure command: ./configure --prefix=/usr --sysconfdir=/etc > --localstatedir=/var --with-database=mariadb > MySQL client library version: 10.2.9 > Extractors: /usr/bin/pdftotext /usr/bin/catdoc /usr/bin/catppt > /usr/bin/xls2csv /usr/bin/unrtf /usr/bin/tnef > > Ubuntu 18.04.5 LTS > > PHP 7.2.24-0ubuntu0.18.04.6 (as supplied with the distro) > > MariaDB 10.1.44 (as supplied with the distro)
Re: Timestamp Authority "disbanded", what to do now?
Hi Janos, yeah I thought so too.The TSA isn't completely gone though, it currently just doesn't issue any new timestamps but checking hashes still seems to work.Even though I probably don't want to risk it disappearing completely. So any idea how I can restamp all mails in the archive? The stamps are all in the database right? Delete all hashes from the database and then simply run the stamping process? The archive is really small, but can I really stamp all mails at one time or do I need several timestamps? Thanks for the help! Am Sonntag, 14. April 2019, 21:41:55 MESZ hat Folgendes geschrieben: Hello Frank, well, I think your only option is to re-stamp existing emails, since you can't really use them to validate without the (now disappeared) TSA authority who issued them. Janos On 2019-04-13 23:33, Frank Schmitz wrote: > seems like the timestamping authority I used "disbanded" and kind of > tells me to go elsewhere for timestamping. > > Sure, I can configure another TSA to get NEW timestamps, but what > about all the old timestamps in my archive? > Do I have to restamp every mail in the archive? > What's the best way to do that? > Can I simply add another certificate to be able to verify older mails > with the old timestamps? > Anyone ever had this problem before? > > Thankful for any advice...
Timestamp Authority "disbanded", what to do now?
Hello,seems like the timestamping authority I used "disbanded" and kind of tells me to go elsewhere for timestamping. Sure, I can configure another TSA to get NEW timestamps, but what about all the old timestamps in my archive?Do I have to restamp every mail in the archive?What's the best way to do that? Can I simply add another certificate to be able to verify older mails with the old timestamps?Anyone ever had this problem before? Thankful for any advice...
Re: GOBD certification
Hi Janos, a GoBD certification would surely result in a higher "visibility" for piler, since quite a lot of companies are basing their business decisions on those. But please do NOT believe that Piler needs a GoBD certification to be used in germany!The ministry of finance in germany does not care whether the software is certified, it cares about 1. whether the software fulfills the legal requirements (i.e. to use piler for GoBD in germany you need to use timestamping)2. how the company USES the software (You need a procedural documentation) In case of an audit, both will be checked and the auditor won't care whether piler is certified or not... To prove the point: https://www.bundesfinanzministerium.de/Content/DE/Downloads/BMF_Schreiben/Weitere_Steuerthemen/Abgabenordnung/Datenzugriff_GDPdU/2014-11-14-GoBD.pdf?__blob=publicationFile This is an official statement from the ministry of finance in germany, under heading 12 / 181 (last page) it reads: „Zertifikate“ oder „Testate“ Dritter können bei der Auswahl eines Softwareproduktes dem Unternehmen als Entscheidungskriterium dienen, entfalten jedoch aus den in Rz. 179 genannten Gründen gegenüber der Finanzbehörde keine Bindungswirkung. Roughly translated: Certificates or testimonies of third parties may be used by companies to choose a software, but they DO NOT have a binding effect for the ministry of finance because of the reasons named in Rz. 179. In short, those certificates for GoBD compliance aren't worth the paper they're written on if an auditor is knocking on your door... You must be able to show that piler is able to fulfill all GoBD Requirements. For a (german) "checklist" you can look those up here 15 Kriterien für GoBD-konforme Software | Scopevisio Ratgeber or here Neue GoBD: Ein umfassender Überblick. I'm no expert by any means, but as far as I understand it, piler is quite capable of doing all that IF you use timestamping so you can prove the emails haven't been changed since they were timestamped/received... Apart from the technical requirements, you will also need an "extensive" documentation about what exactly you are doing with your receipts/invoices/etc. You can even find a sample documentation to use here: GoBD - Verfahrensdokumentation, praxisrelevante Hilfestellungen / PSP München if you have no idea what to do... Make no mistake, THIS is what really matters to an auditor! (Well, maybe not if you use really crappy software ;-)) So unless you really want to spend several thousand euros on increasing the visibility/user base of piler, I would recommend you forget about purchasing a GoBD certificate... Speaking for myself, I would certainly consider throwing a bit of money into crowdfunding "useful" additions to piler, but for this I won't pay anything at all, sorry... Kind regards,Frank | | | | || | | | | | GoBD - Verfahrensdokumentation, praxisrelevante Hilfestellungen / PSP München Von PSP / Developer: Michael Cammannn Erfahren Sie in den Fachbeiträgen zur Verfahrensdokumentation, wie ein Unternehmen die Vollständigkeit, Ordnung ... | | | | | | | Neue GoBD: Ein umfassender Überblick Von Stefan Groß VeR-Vorsitzender Stefan Groß erklärt in diesem Fachbeitrag, was Unternehmen über die neuen Buchführungsregeln wi... | | | | | | 15 Kriterien für GoBD-konforme Software | Scopevisio Ratgeber Die GoBD definieren Anforderungen an elektronische Buchführung. Unsere Checkliste sagt Ihnen, ob Ihre Software a... | | | "s...@acts.hu"schrieb am 20:56 Montag, 24.Juli 2017: Dear piler users (especially the German ones at this time), probably all of you have heard that German law mandates that all German businesses must archive emails starting from this year. I've been convinced that it's worth to obtain GOBD certification for piler to offer the choice of freedom to German users to pick an open source email archiving product. Unfortunately it costs huge money* even for open source applications as well, so I thought some crowdfunding might help getting the required amount of money. For a successful fundraising campaign I need some helpers from Germany to spread the word (email, social media, etc) before the actual campaign launches, pick a crowdfunding platform, donating the initial seed (I have a small donation in mind, like 5 EUR or so), etc. If you agreed and willing to help, then please drop me a line. Perhaps I'll create a mailing list for the topic. Janos *: I got a quote from Audicon of 6500 EUR (not sure if any additional costs may occur during the process)