[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#981047: marked as done (buster-pu: package tang/7-1)

Your message dated Sat, 06 Feb 2021 10:39:26 +0000
with message-id <6425525e38201ecf9a2d3e0f1e63c0d3b08e0fc0.camel@adam-barratt.org.uk>
and subject line Closing p-u bugs for updates in 10.8
has caused the Debian Bug report #981047,
regarding buster-pu: package tang/7-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
981047: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981047
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Hello stable release team,

for the upcoming stable point release, I've just uploaded src:tang
("network-based cryptographic binding server") as version 7-1+deb10u1.
There is just one change:

* Avoid race condition between keygen and update, resulting in "Key
  derivation key not available!".

Type: upstream bug
Debian bug: https://bugs.debian.org/975343
Upstream bug: https://github.com/latchset/tang/issues/52
Fixed in in stable and testing: 7-3 (Januar 2020)

Problem: There is a race condition between two processes in the tang
ecosystem that manifests on slower hardware, resulting in an unusable
tang server.

Remark: The solution provided here and initially proposed in the
upstream bug report differs from the solution upstream and
unstable/testing - since upstream's fix came together with a massive
change of the infrastructure, and cherry-picking all this would have
been huge and rather a backport.

The new version was successfully tested on both a fast system (no
regression) and on a slow one (problem no longer manifests, broken
condition is healed upon upgrade).

Regards,

    Christoph

-- System Information:
Debian Release: 10.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.10 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)


diff -Nru tang-7/debian/changelog tang-7/debian/changelog
--- tang-7/debian/changelog	2018-08-12 00:57:45.000000000 +0200
+++ tang-7/debian/changelog	2021-01-25 18:37:46.000000000 +0100
@@ -1,3 +1,10 @@
+tang (7-1+deb10u1) buster; urgency=medium
+
+  * Avoid race condition between keygen and update, resulting in "Key
+    derivation key not available!". Closees: #975343
+
+ -- Christoph Biedl <debian.axhn@manchmal.in-ulm.de>  Mon, 25 Jan 2021 18:37:46 +0100
+
 tang (7-1) unstable; urgency=medium
 
   * New upstream version 7
diff -Nru tang-7/debian/patches/local.avoid-keygen-race.patch tang-7/debian/patches/local.avoid-keygen-race.patch
--- tang-7/debian/patches/local.avoid-keygen-race.patch	1970-01-01 01:00:00.000000000 +0100
+++ tang-7/debian/patches/local.avoid-keygen-race.patch	2021-01-25 18:05:30.000000000 +0100
@@ -0,0 +1,28 @@
+Description: Avoid race condition between keygen and update, resulting in "Key derivation key not available!"
+Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
+Bug: https://github.com/latchset/tang/issues/52
+Bug-Debian: https://bugs.debian.org/975343
+Last-Update: 2021-01-25
+
+--- a/units/tangd-update.service.in
++++ b/units/tangd-update.service.in
+@@ -1,5 +1,7 @@
+ [Unit]
+ Description=Tang Server key update script
++Requires=tangd-keygen.service
++After=tangd-keygen.service
+ 
+ [Service]
+ Type=oneshot
+--- a/units/tangd.socket.in
++++ b/units/tangd.socket.in
+@@ -1,9 +1,7 @@
+ [Unit]
+ Description=Tang Server socket
+-Requires=tangd-keygen.service
+ Requires=tangd-update.service
+ Requires=tangd-update.path
+-After=tangd-keygen.service
+ After=tangd-update.service
+ 
+ [Socket]
diff -Nru tang-7/debian/patches/series tang-7/debian/patches/series
--- tang-7/debian/patches/series	2018-08-12 00:57:45.000000000 +0200
+++ tang-7/debian/patches/series	2021-01-25 18:00:51.000000000 +0100
@@ -1,2 +1,3 @@
 local.use-asciidoctor-to-build-manpages.patch
 local.add-systemd-documentation-key.patch
+local.avoid-keygen-race.patch

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 10.8

Hi,

Each of the updates referenced by these bugs was included in today's
10.8 point release.

Regards,

Adam

--- End Message ---
Reply to: