Issue #2561: Audit Log Signature verification sometimes fails on last entries of previous rotated log file - dogtagpki

dogtagpki

#2561 Audit Log Signature verification sometimes fails on last entries of previous rotated log file

Closed: fixed 6 years ago Opened 7 years ago by cfu.

It was observed that when audit signing logs rotate, the first signature entry in the next log file (for the last entries of the previous rotated log file) would sometimes fail to verify.
To reproduce, set log.instance.SignedAudit.maxFileSize to a small number (e.g. 3)
and restart the server; Do a few issuance to cause some entries to be written and rotate; run AuditVerify to observe.

mharmsen commented 7 years ago

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1404794

cfu commented 7 years ago

+1 for proposed priority and milestone.

Metadata Update from @cfu:
- Issue set to the milestone: 10.4

7 years ago

edewata commented 7 years ago

Ticket #2634 indicates that audit verification is failing even for the initial log file, so that probably should be investigated before investigating this ticket (i.e. verification failure due to rotation).

Metadata Update from @edewata:
- Custom field feature adjusted to ''
- Custom field proposedmilestone adjusted to ''
- Custom field proposedpriority adjusted to ''
- Custom field reviewer adjusted to ''
- Custom field version adjusted to ''
- Issue close_status updated to: None

7 years ago

Metadata Update from @edewata:
- Issue assigned to edewata

6 years ago

edewata commented 6 years ago

Fixed in master:
* https://github.com/dogtagpki/pki/commit/fac7ebb8fd21f60a06241d6e132c8a4f5972a773

Metadata Update from @edewata:
- Issue close_status updated to: fixed
- Issue set to the milestone: 10.4.8 (was: 10.4)
- Issue status updated to: Closed (was: Open)

6 years ago

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.4.9 (was: 10.4.8)

6 years ago

Metadata Update from @mharmsen:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1404794, https://bugzilla.redhat.com/show_bug.cgi?id=1463347 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1404794)

6 years ago

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.5 (was: 10.4.9)

6 years ago

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.5.0 (was: 10.5)

6 years ago

Metadata Update from @mharmsen:
- Custom field fixedinversion adjusted to pki-core-10.5.0-1.fc27

6 years ago

dmoluguw commented 3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2681

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata

Assignee

edewata

Tags

None

Blocking

None

Depending on

None

Priority

critical

Milestone

10.5.0

lowhangingfruit

None

reporter

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1404794
https://bugzilla.redhat.com/show_bug.cgi?id=1463347

type

defect

version

keywords

None

estimate

None

feature

origin

RHCust

proposedpriority

fixedinversion

pki-core-10.5.0-1.fc27

platforms

None

blockedby

None

blocking

None

reviewer

component

General

proposedmilestone

dogtagpki

Source Code

#2561 Audit Log Signature verification sometimes fails on last entries of previous rotated log file Closed: fixed 6 years ago Opened 7 years ago by cfu.

Metadata

#2561 Audit Log Signature verification sometimes fails on last entries of previous rotated log file

Closed: fixed 6 years ago Opened 7 years ago by cfu.