Mandos-client failing when run inside initramfs of Ubuntu 24.04
Teddy Hogeborn
teddy at recompile.se
Mon Sep 9 03:58:09 CEST 2024
Joe Rhodes <joe at joerhodes.com> writes:
> > Iv’e been using Mandos server/client for a while now with Ubuntu
> > 22.04. Recently, I’ve attempted to use it under Ubuntu 24.04 and
> > the client is failing. The critical log messages (when using
> > —debug) are:
> >
[…]
> > Mandos plugin mandos-client: Trying to decrypt OpenPGP data
> > Mandos plugin mandos-client: bad gpgme_op_decrypt: GnuPG: No secret key
[…]
> > Any help would be greatly appreciated!
>
> So answering my own question:
>
> The issue is that the gpg-agent and gpgconfig binaries are not being
> included in the initramfs under ubuntu 24.04. That stems from the
> fact that the libgpgme11 library has been renamed in 24.04 to
> libgpgme11t64. Because of that, the initramfs hook
> /usr/share/initramfs-tools/hooks/mandos doesn’t work correctly.
> Specifically, like 183 of that script:
>
> libgpgme11_version="`dpkg-query --showformat='${Version}' --show libgpgme11`”
>
> That line returns an empty string under Ubuntu 24.04 but works
> correctly under 22.04. It then doesn’t match the logic conditions
> later on, and the gig utilities do not get included. A simple fix
> that allows it to work on both Ubuntu 22.04 and 24.04 would be to just
> add an asterisk at the end of that line:
>
> libgpgme11_version="`dpkg-query --showformat='${Version}' --show libgpgme11*`”
>
> This is the work around I’ll use for now. Not sure if it would be
> possible to get either this fix or something more sophisticated
> included in a new version?
Thanks for the analysis! Fixed in trunk. By the way, this was
independently reported to Ubuntu as Launchpad bug #2068014:
<https://bugs.launchpad.net/ubuntu/+source/mandos/+bug/2068014>
/Teddy Hogeborn
--
The Mandos Project
https://www.recompile.se/mandos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 861 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20240909/24059952/attachment.sig>
More information about the Mandos-Dev
mailing list