It was observed that when audit signing logs rotate, the first signature entry in the next log file (for the last entries of the previous rotated log file) would sometimes fail to verify. To reproduce, set log.instance.SignedAudit.maxFileSize to a small number (e.g. 3) and restart the server; Do a few issuance to cause some entries to be written and rotate; run AuditVerify to observe.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1404794
+1 for proposed priority and milestone.
Metadata Update from @cfu: - Issue set to the milestone: 10.4
Ticket #2634 indicates that audit verification is failing even for the initial log file, so that probably should be investigated before investigating this ticket (i.e. verification failure due to rotation).
Metadata Update from @edewata: - Custom field feature adjusted to '' - Custom field proposedmilestone adjusted to '' - Custom field proposedpriority adjusted to '' - Custom field reviewer adjusted to '' - Custom field version adjusted to '' - Issue close_status updated to: None
Metadata Update from @edewata: - Issue assigned to edewata
Fixed in master: * https://github.com/dogtagpki/pki/commit/fac7ebb8fd21f60a06241d6e132c8a4f5972a773
Metadata Update from @edewata: - Issue close_status updated to: fixed - Issue set to the milestone: 10.4.8 (was: 10.4) - Issue status updated to: Closed (was: Open)
Metadata Update from @mharmsen: - Issue set to the milestone: 10.4.9 (was: 10.4.8)
Metadata Update from @mharmsen: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1404794, https://bugzilla.redhat.com/show_bug.cgi?id=1463347 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1404794)
Metadata Update from @mharmsen: - Issue set to the milestone: 10.5 (was: 10.4.9)
Metadata Update from @mharmsen: - Issue set to the milestone: 10.5.0 (was: 10.5)
Metadata Update from @mharmsen: - Custom field fixedinversion adjusted to pki-core-10.5.0-1.fc27
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2681
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.