Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu
Hello stable release team,
for the upcoming stable point release, I've just uploaded src:tang
("network-based cryptographic binding server") as version 7-1+deb10u1.
There is just one change:
* Avoid race condition between keygen and update, resulting in "Key
derivation key not available!".
Type: upstream bug
Debian bug: https://bugs.debian.org/975343
Upstream bug: https://github.com/latchset/tang/issues/52
Fixed in in stable and testing: 7-3 (Januar 2020)
Problem: There is a race condition between two processes in the tang
ecosystem that manifests on slower hardware, resulting in an unusable
tang server.
Remark: The solution provided here and initially proposed in the
upstream bug report differs from the solution upstream and
unstable/testing - since upstream's fix came together with a massive
change of the infrastructure, and cherry-picking all this would have
been huge and rather a backport.
The new version was successfully tested on both a fast system (no
regression) and on a slow one (problem no longer manifests, broken
condition is healed upon upgrade).
Regards,
Christoph
-- System Information:
Debian Release: 10.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.10 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru tang-7/debian/changelog tang-7/debian/changelog --- tang-7/debian/changelog 2018-08-12 00:57:45.000000000 +0200 +++ tang-7/debian/changelog 2021-01-25 18:37:46.000000000 +0100 @@ -1,3 +1,10 @@ +tang (7-1+deb10u1) buster; urgency=medium + + * Avoid race condition between keygen and update, resulting in "Key + derivation key not available!". Closees: #975343 + + -- Christoph Biedl <debian.axhn@manchmal.in-ulm.de> Mon, 25 Jan 2021 18:37:46 +0100 + tang (7-1) unstable; urgency=medium * New upstream version 7 diff -Nru tang-7/debian/patches/local.avoid-keygen-race.patch tang-7/debian/patches/local.avoid-keygen-race.patch --- tang-7/debian/patches/local.avoid-keygen-race.patch 1970-01-01 01:00:00.000000000 +0100 +++ tang-7/debian/patches/local.avoid-keygen-race.patch 2021-01-25 18:05:30.000000000 +0100 @@ -0,0 +1,28 @@ +Description: Avoid race condition between keygen and update, resulting in "Key derivation key not available!" +Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de> +Bug: https://github.com/latchset/tang/issues/52 +Bug-Debian: https://bugs.debian.org/975343 +Last-Update: 2021-01-25 + +--- a/units/tangd-update.service.in ++++ b/units/tangd-update.service.in +@@ -1,5 +1,7 @@ + [Unit] + Description=Tang Server key update script ++Requires=tangd-keygen.service ++After=tangd-keygen.service + + [Service] + Type=oneshot +--- a/units/tangd.socket.in ++++ b/units/tangd.socket.in +@@ -1,9 +1,7 @@ + [Unit] + Description=Tang Server socket +-Requires=tangd-keygen.service + Requires=tangd-update.service + Requires=tangd-update.path +-After=tangd-keygen.service + After=tangd-update.service + + [Socket] diff -Nru tang-7/debian/patches/series tang-7/debian/patches/series --- tang-7/debian/patches/series 2018-08-12 00:57:45.000000000 +0200 +++ tang-7/debian/patches/series 2021-01-25 18:00:51.000000000 +0100 @@ -1,2 +1,3 @@ local.use-asciidoctor-to-build-manpages.patch local.add-systemd-documentation-key.patch +local.avoid-keygen-race.patch
Attachment:
signature.asc
Description: PGP signature