Hi -

    I am building an initrd for a Fedora Core 13 machine (both x86_64 and i686 architectures on boxes and virtual machines). I had the perl-based fwknop v1.9.12 working inside an initrd build and decided to update to the fwknop-2.0rc1 libfko-based version to reduce the initrd size and complexity. However, after building the SRPM into the initrd environment (keeping the same GnuPG keys as before the update), I receive the following fko error upon the fwknopd server receipt of a SPA packet:
        Error creating fko context: This GPGME implementation does not support OpenGPG - GPG ERROR: Invalid crypt engine.

Steps to recreate:
    1) Untar existing initrd compressed tarball
    2) Copy in GnuPG keyring
    3) Build fwknop SRPM into initrd tree (inluding libfko libraries) & configure access.conf. fwknopd.conf
    4) Copy following RPMs (via rpm -q --filesbypkg <rpmname>:into initrd tree
        gpg
        glibc-devel
        libpcap-devel
    5) Copy in shared libraries for the following files (via ldd):
        /usr/bin/gpg
        /usr/lib/libnsl.so
        /usr/lib/libpcap.so
    5) Re-tar & compress customized initrd into /boot & modify grub
    6) Restart machine and boot into customized initrd, running fwknop daemon
    7) Send SPA packet from a different machine running a fwknop client to the machine running the fwknop server inside the customized initrd

The fwknop daemon successfully runs within the initrd. However, upon receipt of a valid SPA packet from the fwknop client  (client is v 1.9.12), the above error message arises. Do I need to rebuild the fwknop-server/ libfko SPRM with an additional flag and/ or copy specific OpenPGP libraries into the initrd environemnt (other than those included using the process noted above)?

As a side note, I am able to successfully ssh into the system with the customized initrd after a full boot up (after copying the appropriate configuration files from /etc/fwknop and GnuPG keyring). Given this, I think I am simply missing a few libraries from the initrd. I'll continue to dig a bit, but any pointers would be helpful!

BTW - the above processes are for testing purposes only and poses significant security risks if implemented into a production environment (particularly using the same configuration/ keys in the initrd and running system).

Thanks!
Will