From matthewf at prolific.ca Mon Feb 5 15:24:58 2024 From: matthewf at prolific.ca (Matthew Fey) Date: Mon, 5 Feb 2024 15:24:58 +0000 Subject: [ZendTo] Rocky 9 SHA1 Depreciation References: Message-ID: When trying to run the installer on Rocky 9, installing the ZendTo package fails because the rpm is signed with SHA1, which is no longer supported by default in RHEL9 and equivalent. Because of that, all further steps fail as the package and configuration files are never installed. I suspect this is the issue that Scott was having back in November when trying to do the same. I could force the install to go through with the -nogpgcheck option, but I'd really rather avoid it. Any chance of having the package updated soon with a SHA256 or SHA512 signature to take care of this going forward? Thanks, Matthew Fey, CCNA | Network System Administrator Direct 204 697 6983 -------------- next part -------------- An HTML attachment was scrubbed... URL: From m.a.young at durham.ac.uk Mon Feb 5 15:36:55 2024 From: m.a.young at durham.ac.uk (Michael Young) Date: Mon, 5 Feb 2024 15:36:55 +0000 (GMT) Subject: [ZendTo] Rocky 9 SHA1 Depreciation In-Reply-To: References: <869f6039-3edb-29d0-c954-16621e917b03@durham.ac.uk> Message-ID: On Mon, 5 Feb 2024, Matthew Fey via ZendTo wrote: > [EXTERNAL EMAIL] > > When trying to run the installer on Rocky 9, installing the ZendTo package > fails because the rpm is signed with SHA1, which is no longer supported by > default in RHEL9 and equivalent. > > Because of that, all further steps fail as the package and configuration > files are never installed. I suspect this is the issue that Scott was having > back in November when trying to do the same. > > I could force the install to go through with the ?nogpgcheck option, but I?d > really rather avoid it. > > Any chance of having the package updated soon with a SHA256 or SHA512 > signature to take care of this going forward? The package installs for me on RHEL9 though I do have the zendto.gpg.asc signing key installed (see the downloads page). I don't however use the installer so it may be that which is exiting before finishing. Michael Young From matthewf at prolific.ca Mon Feb 5 16:29:00 2024 From: matthewf at prolific.ca (Matthew Fey) Date: Mon, 5 Feb 2024 16:29:00 +0000 Subject: [ZendTo] Rocky 9 SHA1 Depreciation In-Reply-To: <869f6039-3edb-29d0-c954-16621e917b03@durham.ac.uk> References: <869f6039-3edb-29d0-c954-16621e917b03@durham.ac.uk> Message-ID: Interesting, when I try and import the key manually, I still get the following error: [root at zendto-demo install.ZendTo]# rpm --import https://zend.to/files/zendto.gpg.asc warning: Signature not supported. Hash algorithm SHA1 not available. error: https://zend.to/files/zendto.gpg.asc: key 1 import failed. I guess for now I will just stick with --nogpgcheck, but I'd be nice to see it resigned in 256 in the future. Matthew Fey -----Original Message----- From: Michael Young Sent: Monday, February 5, 2024 9:37 AM To: Matthew Fey via ZendTo Cc: Matthew Fey Subject: Re: [ZendTo] Rocky 9 SHA1 Depreciation On Mon, 5 Feb 2024, Matthew Fey via ZendTo wrote: > [EXTERNAL EMAIL] > > When trying to run the installer on Rocky 9, installing the ZendTo > package fails because the rpm is signed with SHA1, which is no longer > supported by default in RHEL9 and equivalent. > > Because of that, all further steps fail as the package and > configuration files are never installed. I suspect this is the issue > that Scott was having back in November when trying to do the same. > > I could force the install to go through with the ?nogpgcheck option, > but I?d really rather avoid it. > > Any chance of having the package updated soon with a SHA256 or SHA512 > signature to take care of this going forward? The package installs for me on RHEL9 though I do have the zendto.gpg.asc signing key installed (see the downloads page). I don't however use the installer so it may be that which is exiting before finishing. Michael Young From orion at nwra.com Wed Feb 21 18:19:05 2024 From: orion at nwra.com (Orion Poplawski) Date: Wed, 21 Feb 2024 11:19:05 -0700 Subject: [ZendTo] Rocky 9 SHA1 Depreciation In-Reply-To: References: Message-ID: On 2/5/24 08:24, Matthew Fey via ZendTo wrote: > When trying to run the installer on Rocky 9, installing the ZendTo package > fails because the rpm is signed with SHA1, which is no longer supported by > default in RHEL9 and equivalent. > > Because of that, all further steps fail as the package and configuration files > are never installed. I suspect this is the issue that Scott was having back in > November when trying to do the same. > > ? > > I could force the install to go through with the ?nogpgcheck option, but I?d > really rather avoid it. > > Any chance of having the package updated soon with a SHA256 or SHA512 > signature to take care of this going forward? I'm running into this as well and would like to see the GPG key updated as well. Here is some info for how to do it without invalidating your current key: https://www.redhat.com/en/blog/updating-gpg-keys-for-fedora-and-rhel -- Orion Poplawski he/him/his - surely the least important thing about me Manager of IT Systems 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion at nwra.com Boulder, CO 80301 https://www.nwra.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3826 bytes Desc: S/MIME Cryptographic Signature URL: From orion at nwra.com Mon Feb 26 18:00:28 2024 From: orion at nwra.com (Orion Poplawski) Date: Mon, 26 Feb 2024 11:00:28 -0700 Subject: [ZendTo] Invalid JSON Captcha In-Reply-To: References: <1896043164.185668.1695202002651.JavaMail.zimbra@sivom-bethunois.fr> Message-ID: On 9/20/23 03:26, Frederic BOER via ZendTo wrote: > Hello > I have a problem with my Zendto which is in version 6.13-3, I have just placed > it behind a NGINX proxy and I have a problem with the captcha. > I have sent a document to an external user. he has received the mail, connects > to retrieve the documents. there is a captcha that is validated but Zendto > returns an Invalid-json error.? > what can I do?? > Thanks in advance So, I just ran into this moving to a different RHEL host. Our issue was two-fold: * Needed to enable the httpd_can_network_connect SELinux boolean * Needed to open up the firewall to allow https connections out from the server This is needed for the recaptcha php code to connect to google's servers. I would like to redirect PHP to use our proxy server, but this seems to be not very straightforward to do in general and may need modification to the zendto code. Suggestions welcome. As for the invalid-json message, it comes from: /opt/zendto/www/ReCaptcha/Response.php: public static function fromJson($json) { $responseData = json_decode($json, true); if (!$responseData) { return new Response(false, array('invalid-json')); } I added a quick hack to display $json and it was empty - but it might be helpful to display the contents in general in this situation. I looked at the network traffic returned by google in the browswer and it looked like: )]}' ["uvresp","03AHJ...jUo",1,120] Which freaked me out for a bit due to the leading characters - but apparently this is a marker and google's JS code strips it. See: https://stackoverflow.com/questions/36693906/recaptcha-invalid-json-response Hopefully this helps some one in the future. -- Orion Poplawski he/him/his - surely the least important thing about me Manager of IT Systems 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion at nwra.com Boulder, CO 80301 https://www.nwra.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3826 bytes Desc: S/MIME Cryptographic Signature URL: