mandos general protection error ...

Dick Middleton dick at fouter.net
Mon Jan 26 23:05:25 CET 2009 

Teddy Hogeborn wrote:

> So did the key generation complete?  Did you type in a passphrase?

Yes.  No errors.  Yes "that took a long time".
> 
> Did the key generation really take 2½ hours?

Yes.  Not much happens on the system I'm using.
> 
>> Enter passphrase to unlock the disk: Error[-64] while reading the OpenPGP key 
>> pair ('keydir/pubkey.txt', 'keydir/seckey.txt')
>> The GnuTLS error is: Error while reading file.
>> init_gnutls_global failed
>> mkfifo: No such file or directory
> 
> What's in the "keydir" directory?  Are the pubkey.txt and seckey.txt
> files which should be there looking OK?

Indeed they look fine.

>> Any help?
> 
> I sorry to say you're not giving us much to work with, here.

I appreciate that.  I just did what I was asked and reported what I saw.

   Could
> you please be very much more explicit in writing all commands you
> type, all the input you give, all the outputs you receive, and in what
> order?

I did what you asked except I aborted and restarted the keygen process and 
installed missing dependencies python-gobject and fping.

Loco(root):~/mandos-trunk# make run-server SERVERARGS="--no-dbus --servicename=Test"
install --directory keydir
./mandos-keygen --dir keydir --force
gpg: WARNING: some OpenPGP programs can't handle a DSA key with this digest size
...+++++.++++++++++..++++++++++++++++++++++++++++++...+++++..++++++++++++++++++++.++++++++++++++++++++++++++++++++++++++++.+++++.+++++++++++++++..++++++++++.+++++>.++++++++++..++++++++++.+++++>+++++.>+++++..............................................................+++++
.++++++++++++++++++++++++++++++++++++++++.+++++++++++++++..+++++++++++++++++++++++++.++++++++++++++++++++++++++++++...++++++++++.+++++.+++++++++++++++.+++++>++++++++++>+++++>.+++++............................................................................................>.+++++.....<+++++..............................>+++++..........<.+++++.........................>.+++++.........<+++++...>...+++++............................................................................................+++++^^^
install --directory confdir
install --mode=u=rw clients.conf confdir/clients.conf
./mandos-keygen --dir keydir --password >> confdir/clients.conf
Enter passphrase:
Repeat passphrase:
./mandos --debug --configdir=confdir --no-dbus --servicename=Test
mandos: DEBUG: Creating client 'Loco.lingbrae'
mandos: DEBUG:   Fingerprint: 2525E6235B8E823248E25380CB011E9ABC2ACC9C
mandos: INFO: Starting checker 'fping -q -- Loco\\.lingbrae' for Loco.lingbrae
/bin/sh: fping: command not found
mandos: INFO: Now listening on address '::', port 43463, flowinfo 0, scope_id 0
mandos: DEBUG: Adding Zeroconf service 'Test' of type '_mandos._tcp' ...
mandos: DEBUG: Starting main loop
mandos: INFO: Checker for Loco.lingbrae failed
mandos: DEBUG: Avahi state change: 1
mandos: DEBUG: Avahi state change: 2
mandos: DEBUG: Zeroconf service established.
mandos: INFO: Starting checker 'fping -q -- Loco\\.lingbrae' for Loco.lingbrae
/bin/sh: fping: command not found
mandos: INFO: Checker for Loco.lingbrae failed
mandos: INFO: Starting checker 'fping -q -- Loco\\.lingbrae' for Loco.lingbrae
/bin/sh: fping: command not found
mandos: INFO: Checker for Loco.lingbrae failed
mandos: INFO: Starting checker 'fping -q -- Loco\\.lingbrae' for Loco.lingbrae
/bin/sh: fping: command not found
mandos: INFO: Checker for Loco.lingbrae failed
mandos: INFO: Starting checker 'fping -q -- Loco\\.lingbrae' for Loco.lingbrae
/bin/sh: fping: command not found
mandos: INFO: Checker for Loco.lingbrae failed

mandos: INFO: Disabling client Loco.lingbrae

**********  At this point I aborted server, installed fping and restarted server.
Loco(root):~/mandos-trunk# make run-server SERVERARGS="--no-dbus --servicename=Test"
./mandos --debug --configdir=confdir --no-dbus --servicename=Test
mandos: DEBUG: Creating client 'Loco.lingbrae'
mandos: DEBUG:   Fingerprint: 2525E6235B8E823248E25380CB011E9ABC2ACC9C
mandos: INFO: Starting checker 'fping -q -- Loco\\.lingbrae' for Loco.lingbrae
mandos: INFO: Now listening on address '::', port 37188, flowinfo 0, scope_id 0
mandos: DEBUG: Adding Zeroconf service 'Test' of type '_mandos._tcp' ...
mandos: DEBUG: Starting main loop
mandos: INFO: Checker for Loco.lingbrae succeeded
mandos: DEBUG: Avahi state change: 1
mandos: DEBUG: Avahi state change: 2
mandos: DEBUG: Zeroconf service established.


**********  ran client:

Loco(root):~/mandos-trunk# make run-client
cc -O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs -Wswitch-default 
-Wswitch-enum -Wunused-parameter -Wstrict-aliasing=2 -Wextra -Wfloat-equal 
-Wundef -Wshadow -Wunsafe-loop-optimizations -Wpointer-arith -Wbad-function-cast 
-Wcast-qual -Wcast-align -Wwrite-strings -Wconversion -Wstrict-prototypes 
-Wold-style-definition -Wpacked -Wnested-externs -Winline 
-Wvolatile-register-var  -D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC -fPIE 
-Os -std=gnu99 -I/usr/include -I/usr/include    -DVERSION='"1.0.5"'   -pie 
-Xlinker -z -Xlinker relro -Xlinker -fPIE  plugin-runner.c   -o plugin-runner
cc -O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs -Wswitch-default 
-Wswitch-enum -Wunused-parameter -Wstrict-aliasing=2 -Wextra -Wfloat-equal 
-Wundef -Wshadow -Wunsafe-loop-optimizations -Wpointer-arith -Wbad-function-cast 
-Wcast-qual -Wcast-align -Wwrite-strings -Wconversion -Wstrict-prototypes 
-Wold-style-definition -Wpacked -Wnested-externs -Winline 
-Wvolatile-register-var  -D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC -fPIE 
-Os -std=gnu99 -I/usr/include -I/usr/include    -DVERSION='"1.0.5"'   -pie 
-Xlinker -z -Xlinker relro -Xlinker -fPIE  plugins.d/password-prompt.c   -o 
plugins.d/password-prompt
cc -O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs -Wswitch-default 
-Wswitch-enum -Wunused-parameter -Wstrict-aliasing=2 -Wextra -Wfloat-equal 
-Wundef -Wshadow -Wunsafe-loop-optimizations -Wpointer-arith -Wbad-function-cast 
-Wcast-qual -Wcast-align -Wwrite-strings -Wconversion -Wstrict-prototypes 
-Wold-style-definition -Wpacked -Wnested-externs -Winline 
-Wvolatile-register-var  -D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC -fPIE 
-Os -std=gnu99 -I/usr/include -I/usr/include    -DVERSION='"1.0.5"'   -c -o 
plugins.d/mandos-client.o plugins.d/mandos-client.c
plugins.d/mandos-client.c: In function 'start_mandos_communication':
plugins.d/mandos-client.c:560: warning: conversion to 'short unsigned int' from 
'int' may alter its value
cc  -pie -Xlinker -z -Xlinker relro -Xlinker -fPIE  -lgnutls -lavahi-common 
-lavahi-core   -lgpgme -lgpg-error \
                  plugins.d/mandos-client.o   -o plugins.d/mandos-client
cc -O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs -Wswitch-default 
-Wswitch-enum -Wunused-parameter -Wstrict-aliasing=2 -Wextra -Wfloat-equal 
-Wundef -Wshadow -Wunsafe-loop-optimizations -Wpointer-arith -Wbad-function-cast 
-Wcast-qual -Wcast-align -Wwrite-strings -Wconversion -Wstrict-prototypes 
-Wold-style-definition -Wpacked -Wnested-externs -Winline 
-Wvolatile-register-var  -D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC -fPIE 
-Os -std=gnu99 -I/usr/include -I/usr/include    -DVERSION='"1.0.5"'   -pie 
-Xlinker -z -Xlinker relro -Xlinker -fPIE  plugins.d/usplash.c   -o 
plugins.d/usplash
cc -O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs -Wswitch-default 
-Wswitch-enum -Wunused-parameter -Wstrict-aliasing=2 -Wextra -Wfloat-equal 
-Wundef -Wshadow -Wunsafe-loop-optimizations -Wpointer-arith -Wbad-function-cast 
-Wcast-qual -Wcast-align -Wwrite-strings -Wconversion -Wstrict-prototypes 
-Wold-style-definition -Wpacked -Wnested-externs -Winline 
-Wvolatile-register-var  -D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC -fPIE 
-Os -std=gnu99 -I/usr/include -I/usr/include    -DVERSION='"1.0.5"'   -pie 
-Xlinker -z -Xlinker relro -Xlinker -fPIE  plugins.d/splashy.c   -o 
plugins.d/splashy
cc -O -Wall -Wformat=2 -Winit-self -Wmissing-include-dirs -Wswitch-default 
-Wswitch-enum -Wunused-parameter -Wstrict-aliasing=2 -Wextra -Wfloat-equal 
-Wundef -Wshadow -Wunsafe-loop-optimizations -Wpointer-arith -Wbad-function-cast 
-Wcast-qual -Wcast-align -Wwrite-strings -Wconversion -Wstrict-prototypes 
-Wold-style-definition -Wpacked -Wnested-externs -Winline 
-Wvolatile-register-var  -D_FORTIFY_SOURCE=2 -fstack-protector-all -fPIC -fPIE 
-Os -std=gnu99 -I/usr/include -I/usr/include    -DVERSION='"1.0.5"'   -pie 
-Xlinker -z -Xlinker relro -Xlinker -fPIE  plugins.d/askpass-fifo.c   -o 
plugins.d/askpass-fifo
./plugin-runner --plugin-dir=plugins.d \
                 --config-file=plugin-runner.conf \
 
--options-for=mandos-client:--seckey=keydir/seckey.txt,--pubkey=keydir/pubkey.txt \

Enter passphrase to unlock the disk: Error[-64] while reading the OpenPGP key 
pair ('keydir/pubkey.txt', 'keydir/seckey.txt')
The GnuTLS error is: Error while reading file.
init_gnutls_global failed
mkfifo: No such file or directory

make: *** wait: No child processes.  Stop.
make: *** Waiting for unfinished jobs....
make: *** wait: No child processes.  Stop.

*************

Loco(root):~/mandos-trunk# tail /var/log/syslog
Jan 26 19:30:38 Loco Mandos (Test): DEBUG: Creating client 'Loco.lingbrae'
Jan 26 19:30:38 Loco Mandos (Test): DEBUG:   Fingerprint: 
2525E6235B8E823248E25380CB011E9ABC2ACC9C
Jan 26 19:30:38 Loco Mandos (Test): INFO: Starting checker 'fping -q -- 
Loco\\.lingbrae' for Loco.lingbrae
Jan 26 19:30:38 Loco Mandos (Test): INFO: Now listening on address '::', port 
43463, flowinfo 0, scope_id 0
Jan 26 19:30:38 Loco Mandos (Test): DEBUG: Adding Zeroconf service 'Test' of 
type '_mandos._tcp' ...
Jan 26 19:30:38 Loco Mandos (Test): DEBUG: Starting main loop
Jan 26 19:30:38 Loco Mandos (Test): INFO: Checker for Loco.lingbrae failed
Jan 26 19:30:38 Loco Mandos (Test): DEBUG: Avahi state change: 1
Jan 26 19:30:39 Loco Mandos (Test): DEBUG: Avahi state change: 2
Jan 26 19:30:39 Loco Mandos (Test): DEBUG: Zeroconf service established.

**************

Loco(root):~/mandos-trunk# ll keydir/
total 12
drwxr-xr-x 2 root root   40 Jan 26 19:23 .
drwxr-xr-x 8 root root 4096 Jan 26 19:33 ..
-rw------- 1 root root 2299 Jan 26 19:23 pubkey.txt
-rw------- 1 root root 2411 Jan 26 19:23 seckey.txt

Loco(root):~/mandos-trunk# more keydir/pubkey.txt
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Mandos client key for Loco.lingbrae

mQMqBEl96jYRCACwFPvqq5diIWjTA2gRJ+MEAhEQcrXvT/0IeyK7sM1LXpJ0KCSi
lBirpmHBR6zq8b6RkcCdhFxIsE2F/ia+4P+q7NMpozCyZs9Fy2rSIU0BxaxdBUXr
SqPof6IRgaHA9ijhDhs2+YQ6K7KYmOZXX7AXePmQQaWLxlf4qM7Pzm+p6M6V/ytC
3BZrM7oMVyg8H+HLpdNL6/AfEOqTSLAb82uuH2zf3CYaXgqsLuIzuqusikiSHhHK
awdwSPZ5Fy1I+Pc6xrHej0BkXfg+2tfHxjTOtTQFepMjA3a79rUpfvsm3KyJgMzR
xuN25AKHJqay2Gk9Zys9R++2ycl1I937ON63AOCGa5ina/NiM0eg+tWKdY/2YpmN
.... [snip] ....
3j40XR124KeAoLn7wLj0hmQceAtw6NTfw+wdiE+q3FWk6CIrjmgPEDah8k/c6QSA
t5eh5ZFp086/1h9mq0IaeF8dBm5tR2zXQ0VHb0aFEJaC01QVlf3lajROIQnRRxma
oM2DRY7lh0qXHmQf9u2hxHq7bg6lypQ2uDNFlsKISkPzv2FUx4D5Sl7bLcsZ6a3c
zvU5S1wyE+Tdz/aTC0n81CIF0q22btqg5PzprXUFCLVQ5ulIWPo4B+dQgsAtVDvw
2aJm8SyknJo4hWiC3jFvDWDLi4ACi2E4n3urnmcEyINH5awRxJGoW1123BgjLD84
7eWIWQQYEQsACQUCSX3qNgIbDAAKCRDLAR6avCrMnBrSANsHCYgUDxaNgtYc8bLQ
cGxDCbrQCfUVQKIR6xpNAN4/I3pNymJ6SoSNkhyQylyMjYDMNqMrmzpSGq6H
=bOvt
-----END PGP PUBLIC KEY BLOCK-----


Loco(root):~/mandos-trunk# more keydir/seckey.txt
-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Mandos client key for Loco.lingbrae

lQNLBEl96jYRCACwFPvqq5diIWjTA2gRJ+MEAhEQcrXvT/0IeyK7sM1LXpJ0KCSi
lBirpmHBR6zq8b6RkcCdhFxIsE2F/ia+4P+q7NMpozCyZs9Fy2rSIU0BxaxdBUXr
SqPof6IRgaHA9ijhDhs2+YQ6K7KYmOZXX7AXePmQQaWLxlf4qM7Pzm+p6M6V/ytC
3BZrM7oMVyg8H+HLpdNL6/AfEOqTSLAb82uuH2zf3CYaXgqsLuIzuqusikiSHhHK
awdwSPZ5Fy1I+Pc6xrHej0BkXfg+2tfHxjTOtTQFepMjA3a79rUpfvsm3KyJgMzR
xuN25AKHJqay2Gk9Zys9R++2ycl1I937ON63AOCGa5ina/NiM0eg+tWKdY/2YpmN
rcpartX4GE2pB/98wuzdy/yQmLAVuqCKfbqW0TyiNK6JnfgGqWE3m4XdzaH3D3co
inqCv9+ttuUsDjJvRoQSoIk39OnhthiJOfiK58AgQVebM7v6j3unTzoFusXM3B/O
.... [snip] ....
3hZx6uZnrGNw8+IM2kzWMQPmFWCx3IgHA54P7w0IFWlxssSVwgp98mY44SfO4SEw
LNw24XO6u432pnQSlXcAAwUH/1rlNEBQwcKKIAO7gwZX3j40XR124KeAoLn7wLj0
hmQceAtw6NTfw+wdiE+q3FWk6CIrjmgPEDah8k/c6QSAt5eh5ZFp086/1h9mq0Ia
eF8dBm5tR2zXQ0VHb0aFEJaC01QVlf3lajROIQnRRxmaoM2DRY7lh0qXHmQf9u2h
xHq7bg6lypQ2uDNFlsKISkPzv2FUx4D5Sl7bLcsZ6a3czvU5S1wyE+Tdz/aTC0n8
1CIF0q22btqg5PzprXUFCLVQ5ulIWPo4B+dQgsAtVDvw2aJm8SyknJo4hWiC3jFv
DWDLi4ACi2E4n3urnmcEyINH5awRxJGoW1123BgjLD847eUAAVEBhSZvxynr5KMQ
ngZoumrzcw5IpcsrbdnWAxowCutuqEqMcPnVi28EDBXyE/+IWQQYEQsACQUCSX3q
NgIbDAAKCRDLAR6avCrMnBrSAN0eL9GS5tPSx8DbHSA2CSOvpeSI7RbvVODVFHyb
AN9URqO99K6/6zpwUjX4rVZPIJfgml+U9IKxFjeZ
=DQLe
-----END PGP PRIVATE KEY BLOCK-----

**************

I had to install python-gobject at some point - was missing on other system too. 
  (Might be worth mentioning in the install guide).  I can't remember exactly at 
which point I had to do that.  Before keygen I think.


If you're unahppy with what happened I'm willing to uninstall and repeat.

Dick

More information about the Mandos-Dev mailing list