Exit code 2 from PHP script

Hello,

This issue has been addressed several times on this list, but after
several hours of searching, I cannot find a solution that works for me.
Here's a simple test case that I cannot get to work:

$out = exec("/usr/bin/gpg --list-keys",$output,$return);

This, and everything like it, except "gpg --help" returns an exit code
of 2, with nothing in the output.

Ultimately, I want to encrypt a message and then email it, but I reduced
it to this simple case in an attempt to get it to work.  Now, some other
things: I can successfully do pretty much anything with gpg by running a
PHP script from the command line, as the same user that Apache runs
under (daemon, on my machine).  I have changed the permissions on
everything in daemon's .gnupg folder to 777.  I have confirmed that the
path to gpg is correct.  I've also tried every flag that looks like it
might remotely be of use.  Does anybody have any ideas about something
else I could try?  I feel like I've pretty much ruled out user-related
and permission-related problems - what are the other candidates for the
source of this kind of thing?

Thanks for taking the time, I appreciate it.

Brent

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Brent Hagany wrote on 19.01.2008 02:39: You don't have to specify full path to the executable if it's in your
system PATH. As to the specific problem, try to use system() instead of
exec(), however if playing with process handles don't scares you,
consider proc_open().

> Thanks for taking the time, I appreciate it.
>
> Brent

--
SATtva | security & privacy consulting
www.vladmiller.info | www.pgpru.com



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Apologies for the delay, it was a busy weekend.

> You don't have to specify full path to the executable if it's in your
> system PATH.

I'm aware, I just thought it would head off the "make sure it's in your
path" suggestions.

Anyway, I tried system(); it gave the same result, so I went about
playing with proc_open() like so:

$message = "This is a test message";
$process = proc_open("/usr/bin/gpg",
                     array(0 => array("pipe","r"),
                           1 => array("pipe","w"),
                           2 => array("file","errors.log","a")),
                     $pipes);

if(is_resource($process)) {
  fwrite($pipes[0], "--list-keys --homedir=/home/daemon");
  fclose($pipes[0]);

  echo stream_get_contents($pipes[1]);
  fclose($pipes[1]);

  echo proc_close($process);
}

This still doesn't work, but at least I get a somewhat helpful error
message in the log file:

gpg: fatal: can't create directory `//.gnupg': Permission denied
secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768

Anybody know why it's trying to write to /, and how to stop it?  I tried
adding the --homedir flag above, but that did not work.  Also, this is
my first time using proc_open(), so I'm not sure that my usage is 100%
correct.

Thanks much,
Brent

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Vlad "SATtva" Miller
Sent: Saturday, January 19, 2008 4:29 AM
To: Gnupg-users
Subject: Re: Exit code 2 from PHP script

Brent Hagany wrote on 19.01.2008 02:39:
> Hello,
>
> This issue has been addressed several times on this list, but after
> several hours of searching, I cannot find a solution that works for
me.
> Here's a simple test case that I cannot get to work:
>
> $out = exec("/usr/bin/gpg --list-keys",$output,$return);
>
> This, and everything like it, except "gpg --help" returns an exit code
> of 2, with nothing in the output.
>
> Ultimately, I want to encrypt a message and then email it, but I
reduced
> it to this simple case in an attempt to get it to work.  Now, some
other
> things: I can successfully do pretty much anything with gpg by running
a
> PHP script from the command line, as the same user that Apache runs
> under (daemon, on my machine).  I have changed the permissions on
> everything in daemon's .gnupg folder to 777.  I have confirmed that
the
> path to gpg is correct.  I've also tried every flag that looks like it
> might remotely be of use.  Does anybody have any ideas about something
> else I could try?  I feel like I've pretty much ruled out user-related
> and permission-related problems - what are the other candidates for
the
> source of this kind of thing?

You don't have to specify full path to the executable if it's in your
system PATH. As to the specific problem, try to use system() instead of
exec(), however if playing with process handles don't scares you,
consider proc_open().

> Thanks for taking the time, I appreciate it.
>
> Brent

--
SATtva | security & privacy consulting
www.vladmiller.info | www.pgpru.com



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

I have found and corrected the problem: it should be
"--homedir=/home/daemon/.gnupg".  Also, for some reason, setting
GNUPGHOME directly does not work.

Getting a useful error message was a great help.  Thanks again, Vlad.

-----Original Message-----
From: gnupg-users-bounces+bhagany=[hidden email]
[mailto:gnupg-users-bounces+bhagany=[hidden email]] On Behalf Of
Brent Hagany
Sent: Monday, January 21, 2008 10:02 AM
To: Gnupg-users
Subject: RE: Exit code 2 from PHP script

Apologies for the delay, it was a busy weekend.

> You don't have to specify full path to the executable if it's in your
> system PATH.

I'm aware, I just thought it would head off the "make sure it's in your
path" suggestions.

Anyway, I tried system(); it gave the same result, so I went about
playing with proc_open() like so:

$message = "This is a test message";
$process = proc_open("/usr/bin/gpg",
                     array(0 => array("pipe","r"),
                           1 => array("pipe","w"),
                           2 => array("file","errors.log","a")),
                     $pipes);

if(is_resource($process)) {
  fwrite($pipes[0], "--list-keys --homedir=/home/daemon");
  fclose($pipes[0]);

  echo stream_get_contents($pipes[1]);
  fclose($pipes[1]);

  echo proc_close($process);
}

This still doesn't work, but at least I get a somewhat helpful error
message in the log file:

gpg: fatal: can't create directory `//.gnupg': Permission denied
secmem usage: 0/0 bytes in 0/0 blocks of pool 0/32768

Anybody know why it's trying to write to /, and how to stop it?  I tried
adding the --homedir flag above, but that did not work.  Also, this is
my first time using proc_open(), so I'm not sure that my usage is 100%
correct.

Thanks much,
Brent

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Vlad "SATtva" Miller
Sent: Saturday, January 19, 2008 4:29 AM
To: Gnupg-users
Subject: Re: Exit code 2 from PHP script

Brent Hagany wrote on 19.01.2008 02:39:
> Hello,
>
> This issue has been addressed several times on this list, but after
> several hours of searching, I cannot find a solution that works for
me.
> Here's a simple test case that I cannot get to work:
>
> $out = exec("/usr/bin/gpg --list-keys",$output,$return);
>
> This, and everything like it, except "gpg --help" returns an exit code
> of 2, with nothing in the output.
>
> Ultimately, I want to encrypt a message and then email it, but I
reduced
> it to this simple case in an attempt to get it to work.  Now, some
other
> things: I can successfully do pretty much anything with gpg by running
a
> PHP script from the command line, as the same user that Apache runs
> under (daemon, on my machine).  I have changed the permissions on
> everything in daemon's .gnupg folder to 777.  I have confirmed that
the
> path to gpg is correct.  I've also tried every flag that looks like it
> might remotely be of use.  Does anybody have any ideas about something
> else I could try?  I feel like I've pretty much ruled out user-related
> and permission-related problems - what are the other candidates for
the
> source of this kind of thing?

You don't have to specify full path to the executable if it's in your
system PATH. As to the specific problem, try to use system() instead of
exec(), however if playing with process handles don't scares you,
consider proc_open().

> Thanks for taking the time, I appreciate it.
>
> Brent

--
SATtva | security & privacy consulting
www.vladmiller.info | www.pgpru.com



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Brent Hagany wrote on 22.01.2008 01:10:
> I have found and corrected the problem: it should be
> "--homedir=/home/daemon/.gnupg".  Also, for some reason, setting
> GNUPGHOME directly does not work.
>
> Getting a useful error message was a great help.  Thanks again, Vlad.

Glad to help you. I'm using similar scheme in a couple of web
applications, and was unaware that not specifying a --homedir could lead
to such problems.


--
SATtva | security & privacy consulting
www.vladmiller.info | www.pgpru.com



_______________________________________________
Gnupg-users mailing list
[hidden email]
http://lists.gnupg.org/mailman/listinfo/gnupg-users