1. Forum
  2. Usenet
  3. NEWS.SOFTWARE.NNTP

  • Re: Cleanfeed example request

    From Jesse Rehmer@21:1/5 to i@secure.corradoroberto.it on Sun Feb 4 16:03:45 2024
    On Feb 4, 2024 at 9:40:57 AM CST, ""Roberto CORRADO"" <i@secure.corradoroberto.it> wrote:

    "Ivo Gandolfo" wrote:

    I've had the same problem as you in the past. Check your installed gpg
    version, and that perl-nocem can read the right keyring. In my case the
    keyring permissions file were wrong.

    Thanks you Ivo for reply me and Bravo for your server management!
    Before writing I checked the permission of keyring, is set 644 as perl-nocem helper, but I get the unknown error only on the key usenet ovh (EdDSA curve ed25519) others deletions work fine...
    On my system are installed both versions of GPG, as follows:

    """
    $ gpg --version
    gpg (GnuPG) 1.4.23
    Copyright (C) 2015 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.

    Home: ~/.gnupg
    Algoritmi supportati:
    A chiave pubblica: RSA, RSA-E, RSA-S, ELG-E, DSA
    Cifrari: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
    CAMELLIA128, CAMELLIA192, CAMELLIA256
    Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
    Compressione: Non compresso, ZIP, ZLIB, BZIP2
    """

    """
    $ gpg2 --version
    gpg (GnuPG) 2.4.4
    libgcrypt 1.10.3
    Copyright (C) 2024 g10 Code GmbH
    License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.

    Home: /usr/inn/.gnupg
    Algoritmi gestiti:
    A chiave pubblica: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
    Cifrari: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
    CAMELLIA128, CAMELLIA192, CAMELLIA256
    Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
    Compressione: Non compresso, ZIP, ZLIB, BZIP2
    """

    I checked and modified, specifically for call gpg2 and gpgv2 the file Config.pm, and
    actually called gpg2 during the deletion, (I personally checked the accton log)
    however the error remains.

    If you originally imported the key with gpg1 you may need to re-import with gpg2. I ran into that with this key on my system.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Roberto CORRADO@21:1/5 to Ivo Gandolfo on Sun Feb 4 16:40:57 2024
    "Ivo Gandolfo" wrote:

    I've had the same problem as you in the past. Check your installed gpg version, and that perl-nocem can read the right keyring. In my case the keyring permissions file were wrong.

    Thanks you Ivo for reply me and Bravo for your server management!
    Before writing I checked the permission of keyring, is set 644 as perl-nocem helper, but I get the unknown error only on the key usenet ovh (EdDSA curve ed25519) others deletions work fine...
    On my system are installed both versions of GPG, as follows:

    """
    $ gpg --version
    gpg (GnuPG) 1.4.23
    Copyright (C) 2015 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.

    Home: ~/.gnupg
    Algoritmi supportati:
    A chiave pubblica: RSA, RSA-E, RSA-S, ELG-E, DSA
    Cifrari: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
    CAMELLIA128, CAMELLIA192, CAMELLIA256
    Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
    Compressione: Non compresso, ZIP, ZLIB, BZIP2
    """

    """
    $ gpg2 --version
    gpg (GnuPG) 2.4.4
    libgcrypt 1.10.3
    Copyright (C) 2024 g10 Code GmbH
    License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.

    Home: /usr/inn/.gnupg
    Algoritmi gestiti:
    A chiave pubblica: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
    Cifrari: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
    CAMELLIA128, CAMELLIA192, CAMELLIA256
    Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
    Compressione: Non compresso, ZIP, ZLIB, BZIP2
    """

    I checked and modified, specifically for call gpg2 and gpgv2 the file Config.pm, and
    actually called gpg2 during the deletion, (I personally checked the accton log) however the error remains.



    F/U to the correct group news.software.nntp
    Thanks you for suggestions and correction

    I have another question <news:upllfo$o4c$1@gatto.corradoroberto.it>

    --
    Roberto

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Roberto CORRADO@21:1/5 to Jesse Rehmer on Sun Feb 4 17:52:23 2024
    "Jesse Rehmer" wrote:

    If you originally imported the key with gpg1 you may need to re-import with gpg2.

    Thanks for the reply.
    I forgot to say that I imported the keys with gpg2

    """
    gpg2 --no-default-keyring --allow-non-selfsigned-uid \
    --primary-keyring /usr/inn/.gnupg/ncmring.gpg --no-options \ --no-permission-warning --batch --import $xyz
    """

    I ran into that with this key on my system.
    42 :-(

    --
    Roberto

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Roberto CORRADO@21:1/5 to Roberto CORRADO on Sun Feb 4 17:54:33 2024
    "Roberto CORRADO" wrote:

    ncmring.gpg

    sorry, and copy the file in /etc/inn/... and check permission a owner

    --
    Roberto

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Ivo Gandolfo@21:1/5 to Roberto CORRADO on Sun Feb 4 18:01:34 2024
    On 04/02/2024 17:54, Roberto CORRADO wrote:
    "Roberto CORRADO" wrote:

    ncmring.gpg

    sorry, and copy the file in /etc/inn/... and check permission a owner



    I have searched and seem's your error is perl-nocem using gpg1 to do the
    work.

    Just uninstall gpgv1 and symlink to gpgv2, all work fine.


    Sincerely

    --
    Ivo Gandolfo

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Roberto CORRADO@21:1/5 to Ivo Gandolfo on Mon Feb 5 00:30:25 2024
    "Ivo Gandolfo" wrote:

    all work fine.

    IMHO, ( I'm a dumbass) is wrong a regexp statements on my Slackware(tm) machine, es. exception not managed...

    """
    $ /usr/bin/gpgv2 --status-fd=1 --keyring=/etc/inn/pgp/ncmring.gpg test2.txt [GNUPG:] NEWSIG
    gpgv: Firma effettuata dom 4 feb 2024, 22:30:02 CET
    gpgv: utilizzando la chiave RSA 570EE1F8CC166E5969A9977BF7A357009C7679D8
    [GNUPG:] KEY_CONSIDERED 570EE1F8CC166E5969A9977BF7A357009C7679D8 0
    [GNUPG:] SIG_ID NrW6nLCa+J8faWSjNqL+znlHkBA 2024-02-04 1707082202
    [GNUPG:] KEY_CONSIDERED 570EE1F8CC166E5969A9977BF7A357009C7679D8 0
    [GNUPG:] GOODSIG F7A357009C7679D8 i2pn2-nocem <i2pn2-nocem@i2pn2.org>
    gpgv: Firma valida da "i2pn2-nocem <i2pn2-nocem@i2pn2.org>"
    [GNUPG:] VALIDSIG 570EE1F8CC166E5969A9977BF7A357009C7679D8 2024-02-04 1707082202 0 4 0 1 10 01 570EE1F8CC166E5969A9977BF7A357009C7679D8
    """

    """
    $ /usr/bin/gpgv2 --status-fd=1 --keyring=/etc/inn/pgp/ncmring.gpg test.txt # this is a new sig
    [GNUPG:] NEWSIG nocem@usenet.ovh
    gpgv: Firma effettuata dom 4 feb 2024, 22:15:01 CET
    gpgv: utilizzando la chiave EDDSA 16BEEB50A7A31430DE6A41CE64DD21195789E33A
    gpgv: autorità emittente "nocem@usenet.ovh"
    [GNUPG:] KEY_CONSIDERED 16BEEB50A7A31430DE6A41CE64DD21195789E33A 0
    [GNUPG:] SIG_ID tHBBdXwOMM0AbTOiZWyT1gKeZBY 2024-02-04 1707081301
    [GNUPG:] KEY_CONSIDERED 16BEEB50A7A31430DE6A41CE64DD21195789E33A 0
    [GNUPG:] GOODSIG 64DD21195789E33A alfanet <nocem@usenet.ovh>
    gpgv: Firma valida da "alfanet <nocem@usenet.ovh>"
    [GNUPG:] VALIDSIG 16BEEB50A7A31430DE6A41CE64DD21195789E33A 2024-02-04 1707081301 0 4 0 22 8 01 16BEEB50A7A31430DE6A41CE64DD21195789E33A
    """

    """
    $ grep -A20 "#logmsg(\"Command line was: \$INN::Config::gpgv --status-fd=1\"" perl-nocem
    #logmsg("Command line was: $INN::Config::gpgv --status-fd=1"
    # . ($keyring ? ' --keyring=' . $keyring : '') . " $art", 'debug');
    #logmsg("Full PGP output: >>>$_<<<", 'debug');

    if (/^\[GNUPG:\]\s+GOODSIG\s+\S+\s+(.*)/m) {
    return 1 if $1 =~ /\Q$issuer\E/;
    logmsg("Article $msgid: signed by $1 instead of $issuer");
    } elsif (/^\[GNUPG:\]\s+NO_PUBKEY\s+(\S+)/m) {
    logmsg("Article $msgid: $issuer (ID $1) not in keyring");
    } elsif (/^\[GNUPG:\]\s+BADSIG\s+\S+\s+(.*)/m) {
    logmsg("Article $msgid: bad signature from $1");
    } elsif (/^\[GNUPG:\]\s+BADARMOR/m or /^\[GNUPG:\]\s+UNEXPECTED/m) {
    logmsg("Article $msgid: malformed signature");
    } elsif (/^\[GNUPG:\]\s+ERRSIG\s+(\S+)/m) {
    # safety net: we get there if we don't know about some token
    logmsg("Article $msgid: unknown error (ID $1)");
    #
    logmsg("Command line was: $INN::Config::gpgv --status-fd=1"
    . ($keyring ? ' --keyring=' . $keyring : '') . " $art", 'debug');
    logmsg("Full PGP output: >>>$_<<<", 'debug');
    } else {

    """
    grep -A1 -B1 "nocem: Command line was" news.log
    Feb 5 00:00:06 gatto nocem: Article <nocembot-fr.0.45327.0000231018@usenet.ovh>: unknown error (ID 64DD21195789E33A)
    Feb 5 00:00:06 gatto nocem: Command line was: /usr/bin/gpgv2 --status-fd=1 --keyring=/etc/inn/pgp/ncmring.gpg /var/spool/inn/tmp/nocem.17167
    Feb 5 00:00:06 gatto nocem: Full PGP output: >>>[GNUPG:] NEWSIG nocem@usenet.ovh
    --
    Feb 5 00:20:03 gatto nocem: Article <nocembot-fr.0.45327.0139118981@usenet.ovh>: unknown error (ID 64DD21195789E33A)
    Feb 5 00:20:03 gatto nocem: Command line was: /usr/bin/gpgv2 --status-fd=1 --keyring=/etc/inn/pgp/ncmring.gpg /var/spool/inn/tmp/nocem.17167
    Feb 5 00:20:03 gatto nocem: Full PGP output: >>>[GNUPG:] NEWSIG nocem@usenet.ovh
    """

    Thanks you all and sorry for the bustle

    --
    Roberto

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)