Initrd crypto error

Dick Middleton dick at fouter.net
Mon Sep 9 21:20:30 CEST 2013 

On 09/08/13 19:09, Teddy Hogeborn wrote:
> Dick Middleton <dick at fouter.net> writes:
> 
>> 	I wonder if somebody could suggest how to fix this:
>>
>> I just updated my Debian system.  Mandos was working fine before.
>>
>> Mandos-client test still works fine if run from the command line.
>>
>> However when I boot initrd (initramfs-tools) complains:
>>
>> mandos plugin mandos-client: bad gpgme engine
>>     check version GPGME: Invalid crypto engine.
>> mandos plugin mando-client: init_gpgme failed.
>>
>> Obviously there's something missing or initramfs has picked up something
>> wrongly.  I'm just not sure where to start looking.
>>
>> Any pointers would be appreciated.
> 
> If mandos-client works from the command line but not from the Initrd,
> then there must be something wrong with the Initrd environment.  To find
> out what is wrong with it, I would suggest two things:
> 
> 1. Try to run mandos-client with the --debug option byt adding it to the
>    /etc/mandos/plugin-runner.conf file (just uncomment the example
>    line).
> 
> 2. Boot with the extra Linux command line argument "break".  This will
>    start a shell in the initrd, and mandos-client can the be run
>    manually from the initrd to pinpoint the problem.

Thanks for your help.  There's no new error information after doing that.  After
the gnuTLS stuff it says:

   Mandos plugin mandos-client: GnuTLS: ASSERT: stream.c:515
   Mandos plugin mandos-client: Initializing GPGME

and then it says (more or less - it didn't write it down verbatim):

   bad gpgme engine check version GPGME: Invalid crypto engine.

Looking at gpgme faq it says this error means it's using the wrong version of
gpgme (version 2 rather than version 1).  There doesn't seem to be any version
2 gpgme libs on my system.

I have also changed the motherboard (but not the net interface).
 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI
Express Gigabit Ethernet Controller

I'm wondering if there's a lower level dependency missing.  Could it be
firmware or maybe some ipv6 library.  Or maybe gpgme doesn't play nicely with
gnutls.

 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI
Express Gigabit Ethernet Controller

I attach the list of files in the initrd in the hope someone can spot a
missing library or some such.

Dick


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: initrd-files.txt
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20130909/4870e5ed/attachment-0001.txt>

More information about the Mandos-Dev mailing list