Skip to content

Automatic GPG fingerprint extraction not working when passbolt.php present #192

New issue
New issue
Closed
Closed
Automatic GPG fingerprint extraction not working when passbolt.php present#192
@a-ts

Description

@a-ts
a-ts
opened on Mar 6, 2023

Hi,
I have the following challenge: in my ansible automation, I need to create a passbolt.php to define the CA-file for the communication with a mail server (local CA):

    'EmailTransport' => [
   ...
            'context' => [
                'ssl' => [
                    'cafile' => '/usr/local/share/ca-certificates/my_root_certificate.crt'
                ],
            ],
   ...
   ];

By definining the passbolt.php the fingerprint of the automatically generated certificates is no longer extracted because of these lines:

passbolt_docker/scripts/entrypoint/passbolt/entrypoint.sh

Lines 96 to 98 in e51a518

if [ -z "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT+xxx}" ] && [ ! -f "$passbolt_config/passbolt.php" ]; then
gpg_auto_fingerprint="$(su -c "gpg --homedir $GNUPGHOME --list-keys --with-colons ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} |grep fpr |head -1| cut -f10 -d:" -ls /bin/bash www-data)"
export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint

Now, I had to implement a GPG key generation process and the fingerprint extraction in ansible, which is basically already present in your code.
Would it be possible to extend the if clause in the code snippet by some kind of flag that enables the automatic fingerprint handling even if a passbolt.php file is present? Is there maybe a different way of achieving my goal?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions