Re: gpg on cron task
Hi Werner, Werner Koch wrote: > On Fri, 10 Feb 2006 10:28:20 +0100, Olaf Gellert said: > >> And even when "--no-tty" and "--batch" are given on the >> commandline, GPG may ask questions, if I remember correctly. > > No, there shall be no interactive input with --batch. If you noticed > such a case, it is a bug and should be reported. We found such a case some time ago: Signing a key non- interactively. When the key to be signed had an expiry date, gpg asked for how long the signature should be valid (even when --no-tty and --batch and --yes were specified). I tested last week and this bug is obviously gone, so I do not know of any other issue like that. Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg on cron task
On Fri, 10 Feb 2006 10:28:20 +0100, Olaf Gellert said: > And even when "--no-tty" and "--batch" are given on the > commandline, GPG may ask questions, if I remember correctly. No, there shall be no interactive input with --batch. If you noticed such a case, it is a bug and should be reported. Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg on cron task
Anders Zachrison wrote: > * enediel gonzalez <[EMAIL PROTECTED]> [060206 16:57]: > >> #!/bin/bash >> cd /tmp/backup && /bin/echo apassword | /usr/bin/gpg -se --passphrase-fd 0 >> --logger-fd 1 -r [EMAIL PROTECTED] /tmp/backup/backup20060206100521 >> >> /tmp/debug3.txt You should be aware that any user on the system who can run "ps" might see the password while your commands are running... >> Executing it from a cron task I obtained in /tmp/debug3.txt the following >> line >> gpg: cannot open `/dev/tty': No such device or address > > As you are going to run gpg from a cron job, ie without any associated > tty, have you checked `man gpg`? Especially the options '--batch' and > '--no-tty'? > > You're running gpg as a batch job and from cron, ie no tty available. > GPG can in some occasions still print warnings to the tty even though > --batch is used as on option. And even when "--no-tty" and "--batch" are given on the commandline, GPG may ask questions, if I remember correctly. For encrpytion it should work anyway, without questions. Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg on cron task
On Sat, Feb 04, 2006 at 12:13:45AM -0500, Atom Smasher wrote: > On Sat, 4 Feb 2006, enediel gonzalez wrote: > > > === > > why are you using php for a cron job? many people deploy PHP cron scripts because thats the only language they know (which is probably the case) on one of such occassions I've been asked if cron jobs are allowed to run longer than 30 seconds (standard Apache subprocess time limit) sigh a. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg on cron task
* enediel gonzalez <[EMAIL PROTECTED]> [060206 16:57]: > #!/bin/bash > cd /tmp/backup && /bin/echo apassword | /usr/bin/gpg -se --passphrase-fd 0 > --logger-fd 1 -r [EMAIL PROTECTED] /tmp/backup/backup20060206100521 >> > /tmp/debug3.txt > Executing it from a cron task I obtained in /tmp/debug3.txt the following > line > gpg: cannot open `/dev/tty': No such device or address As you are going to run gpg from a cron job, ie without any associated tty, have you checked `man gpg`? Especially the options '--batch' and '--no-tty'? You're running gpg as a batch job and from cron, ie no tty available. GPG can in some occasions still print warnings to the tty even though --batch is used as on option. /Anders -- All theoretical chemistry is really physics; and all theoretical chemists know it. -- Richard P. Feynman pgp4s6DrDUnZf.pgp Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
RE: gpg on cron task
"enediel gonzalez" <[EMAIL PROTECTED]> wrote: > Hello: > > I use debian sarge and I need to encrypt and decrypt > automatically backup files using gpg > > I created a php script will the whole procedure, which > includes the following declaration > > ... > > > $str_execute = "cd /tmp/backup && \ > /bin/echo apassword | /usr/bin/gpg -se \ > --passphrase-fd 0 -r [EMAIL PROTECTED] \ > /tmp/backup/$filename"; > exec($str_execute); > >?> > > [EMAIL PROTECTED] is included into the trusted > chain for the root user. > > When I execute the script manually as root, I > obtain the encrypted file, but if I put the same > script as a cron's task, the whole script works > perfectly except the encryption process, and I not > receive any error. > > I'll appreciate if somebody help me with that, > basically what I need is to encrypt and decrypt > specific files automatically using gpg. > > Thanks in advance for any answer > Enediel > Linux user 300141 > Debian GNU/Linux First, I question why you are doing this as root rather than as a normal user, since you can make it for a normal user to use cron. I also don't like php (would prefer Korn Shell or PERL), but since you say it works interactively we will drop that for a while (we will come back to it). 1. When you do a (without the quotes), "crontab -l" how does the entry show up? What I am getting at is WHERE DOES THE OUTPUT OF STDOUT AND STDERR go? This can reveal a lot. I ALWAYS log the stdout and stderr to cron log file. 2. I am also assuming you have cron turned on. If you do a "ps -eadf | grep cron" and you don't have a crond showing, then cron isn't running. You will have to activate it. More than one version of Linux (I haven't used Debian since it has never installed on my hardware - too new) doesn't have cron on and depends on anacron for everything. 3. Okay, we have come back to it. One of the very first things I do on a Linux box I am setting up is to find all of the dirs in the $PATH, and then I go change /etc/profile to HARD SET the dirs in the $PATH in the order I want them. This always puts the following dirs first: /usr/local/sbin:/usr/local/bin with the other dirs in the order that they should be in. The problem is, a cron'd job invariably does NOT get the full path since /etc/profile is NOT guaranteed to be sourced. Since it looks like your script is using the full path for all of the commands executed this is probably not a problem. I am just warning you - it CAN be a problem. 4. In addition to the PATH environment variable, there are a LOT of other environment variables that frequently don't get set by a cron job, that are set in a shell. A simple shell script that is run interactively, then via cron can show anything that is different by having both doing an env to a file. For that matter, it can show whether or not cron is working (start with something simpler first). You didn't say whether you have tons of other stuff working with cron(I am assuming you do). I still would be a lot happier with either a Bourne shell script (run with either bash or ksh). What I suspect is one of the environment variables that are there in interactive mode are not there in cron. Most notably something that should be specified with the "--homedir ..." option. HHH __ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg on cron task
I'm sorry Atom for the personal email, I just replied the message without
change the address.
Following the suggestions I created the script
#!/bin/bash
cd /tmp/backup && /bin/echo apassword | /usr/bin/gpg -se --passphrase-fd 0
--logger-fd 1 -r [EMAIL PROTECTED] /tmp/backup/backup20060206100521 >>
/tmp/debug3.txt
Executing it from a cron task I obtained in /tmp/debug3.txt the following
line
gpg: cannot open `/dev/tty': No such device or address
according to this line, it looks line the way I use to pass the password to
gpg is incorrect when the script is used on a cron task.
?Could somebody show me an example how to do it in any way?
I'm sorry, I searched without find the answer to this question.
Thanks in advance for any answer
Enediel
Linux user 300141
Debian GNU/Linux
From: Atom Smasher <[EMAIL PROTECTED]>
To: enediel gonzalez <[EMAIL PROTECTED]>
Subject: Re: gpg on cron task
Date: Sat, 4 Feb 2006 11:50:26 -0500 (EST)
On Sat, 4 Feb 2006, enediel gonzalez wrote:
This computer is not critical, is a black box containing a specific system
with a web interface.
I understand your point regarding the password, for the nature of this
case it's not the most important thing, I gonna save the backup file on an
external ftp server, where I'll need this protection.
My question is, no matter if I use php or another shell for the scripts,
why if as root I execute my script and I obtained the .gpg file, and when
I execute a root's cron task, the same script fails.
=
if your using gpg and php, at least check this out -
http://business-php.com/opensource/gpg_encrypt/
i can make a lot of guesses about why it's not working, but the only thing
that will really give me a hint is to know why it's not working. run the
cron job with a verbose flag and record the output to stderr. something
like this, but you'll probably have to modify it based on your particular
script:
{ gpg -ea *file* ; } 2>&1
or add this to the gpg options on the command line:
--logger-fd 1
then send us the output and someone here can probably figure it out really
quickly.
--
...atom
_
PGP key - http://atom.smasher.org/pgp.txt
762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808
-
"Freedom without opportunity is a devil's gift, and the
refusal to provide such opportunities is criminal"
-- Market Democracy in a Neoliberal Order:
Doctrines and Reality, Noam Chomsky
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg on cron task
Thanks Samuel for the answer as you can see on the line I execute, I include the full paths necessary for the execution regarding permissions, this task is a root's task, so, the referenced key ID in included within the trusted chain for root. $str_execute = "cd /tmp/backup && /bin/echo apassword | /usr/bin/gpg -se --passphrase-fd 0 -r [EMAIL PROTECTED] / tmp/backup/$filename"; exec($str_execute); Regards Enediel Linux user 300141 Debian GNU/Linux From: [EMAIL PROTECTED] (Samuel ]slund) Reply-To: GnuPG Users To: GnuPG Users Subject: Re: gpg on cron task Date: Sat, 4 Feb 2006 09:19:46 +0100 On Sat, Feb 04, 2006 at 02:23:47AM +, enediel gonzalez wrote: > Hello: > I use debian sarge and I need to encrypt and decrypt automatically backup > files using gpg > <<<< Snip >>>> > > When I execute the script manually as root, I obtain the encrypted file, > but if I put the same script as a cron's task, the whole script works > perfectly except the encryption process, and I not receive any error. Have you checked if the script has access to the key? (E.g. Permission or path problems.) HTH //Samuel ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg on cron task
Thanks for your attention -root is the owner of the script. -as a root user, if I execute my script manually I obtain what I want -the script was included as a cron task for root -running the same script from a cron task the encrypting process fails because I don't obtain any .gpg file, no error reported. -I know that the script was executed from the cron task because the same script previously created by itself the file I want to encrypt with gpg. -everything is done over /tmp where everybody can write Greeting Enediel Linux user 300141 Debian GNU/Linux From: [EMAIL PROTECTED] (Samuel ]slund) Reply-To: GnuPG Users To: GnuPG Users Subject: Re: gpg on cron task Date: Sat, 4 Feb 2006 09:19:46 +0100 On Sat, Feb 04, 2006 at 02:23:47AM +, enediel gonzalez wrote: > Hello: > I use debian sarge and I need to encrypt and decrypt automatically backup > files using gpg > <<<< Snip >>>> > > When I execute the script manually as root, I obtain the encrypted file, > but if I put the same script as a cron's task, the whole script works > perfectly except the encryption process, and I not receive any error. Have you checked if the script has access to the key? (E.g. Permission or path problems.) HTH //Samuel ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg on cron task
On Sat, Feb 04, 2006 at 02:23:47AM +, enediel gonzalez wrote: > Hello: > I use debian sarge and I need to encrypt and decrypt automatically backup > files using gpg > Snip > > When I execute the script manually as root, I obtain the encrypted file, > but if I put the same script as a cron's task, the whole script works > perfectly except the encryption process, and I not receive any error. Have you checked if the script has access to the key? (E.g. Permission or path problems.) HTH //Samuel ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: gpg on cron task
On Sat, 4 Feb 2006, enediel gonzalez wrote: === why are you using php for a cron job? signing or decrypting non-interactively requires that you either have a key without a passphrase, or a passphrase stored in a file. neither of these are secure. tell us a little more about what you're trying to accomplish, maybe we can help you figure something out... -- ...atom _ PGP key - http://atom.smasher.org/pgp.txt 762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808 - "If a baseball player slides into home plate and, right before the umpire rules if he is safe or out, the player says to the umpire - 'Here is $1,000.' What would we call that? We would call that a bribe. If a lawyer was arguing a case before a judge and said, 'Your honor before you decide on the guilt or innocence of my client, here is $1,000.' What would we call that? We would call that a bribe. But if an industry lobbyist walks into the office of a key legislator and hands her or him a check for $1,000, we call that a campaign contribution. We should call it a bribe." -- Janice Fine Dollars and Sense magazine ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
gpg on cron task
Hello: I use debian sarge and I need to encrypt and decrypt automatically backup files using gpg I create a php script will the whole procedure, which include the following declaration $str_execute = "cd /tmp/backup && /bin/echo apassword | /usr/bin/gpg -se --passphrase-fd 0 -r [EMAIL PROTECTED] / tmp/backup/$filename"; exec($str_execute); ?> [EMAIL PROTECTED] is included into the trusted chain for the root user. When I execute the script manually as root, I obtain the encrypted file, but if I put the same script as a cron's task, the whole script works perfectly except the encryption process, and I not receive any error. I'll appreciate if somebody help me with that, basically what I need is to encrypt and decrypt specific files automatically using gpg. Thanks in advance for any answer Enediel Linux user 300141 Debian GNU/Linux ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
