New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Keys problem with latest packages #546
Comments
Encountered by @nickelskevin and @cconstab Reproduced by @tinashe404 and workaround identified. The fact that this workaround works points to where the problem is @sonle-geekyants please can you investigate urgently as we have a broken collection of published packages right now |
@sonle-geekyants this is happening in production What are you asking to be checked? Why do you need it be checked? Sorry, your message isn't clear to me. Have you followed the instructions I gave in the bug description as to how to reproduce the issue? |
More context: Issue was encountered by Scott, then by @cconstab and @nickelskevin. Reproduced by @tinashe404 yesterday using instructions given above. |
@sonle-geekyants The repo is public. The app code is here: https://github.com/atsign-foundation/mwc_demo/tree/trunk/flutter/iot_receiver You will fail to find public:publickey@atsign if onboarding has not been completed for that atSign. Did you reset the atSign at some point? |
I tried reverting back a few packages to use the previous versions and it started working for me, here's the branch https://github.com/atsign-foundation/mwc_demo/tree/fix/new_onboarding_atsigns, and here's the commit atsign-foundation/mwc_demo@1472997. Will try to figure out if it is happening because of any one of the packages. |
Thank you @nitesh2599 ! |
I see when we use at_client: 3.0.38 it is working but if upgrade to version 3.0.39 (or 3.0.40) it will work failure |
Thank you @sonle-geekyants! @VJag can you/team investigate what changed in at_persistence_secondary_server between 3.0.34 and 3.0.36 please, and see if you can diagnose the problem? |
I use version 3.0.35 and it's working so I'm comparing version 3.0.35 and 3.0.36. |
Ok thank you @sonle-geekyants @VJag let's wait until @sonle-geekyants has finished their investigation |
Ok @gkc |
Sorry, I've investigated but haven't found the cause yet. Could you ask someone who knows this library to investigate with me? @gkc |
Investigated the issue and suspect the following changes might be causing the issue: atsign-foundation/at_server#893 Reasoning:The signing_privatekey and signing_publickey are being skipped from sync and the changes are available on the client side, but the corresponding changes on the server are NOT released to production yet. Hence server tries to send the signing keys to the client (to sync); client receives the keys but does not update the local commit id (since on client side, skip signing keys are in-place) which leads to sync run into a loop. As a result, the encryption public key does not sync to the remote secondary and hence throws public:publicekey@ not found the key store. Possible fixes (If above mentioned results to be root cause of the issue):
Tested # 1 on @are83asparagus and works good. Pushed the changes to revert_skip_signing_keys Following is the test performed on mwc demo receiver app:
@gkc @VJag @murali-shris : Please suggest on which of the above approaches to take in order fix the issue. |
Basing on discussion between Jagan, Murali and myself, the approach-1 seems feasible. Also the initial thought to skip signing keys is to resolve the decryption error in the sync conflict resolution ( because the data in the server is not encrypted which we are trying to decrypt in client side) Later we added a check 'isEncrypted ' before decrypting the data in sync conflict resolution. Hence skip signing keys is no longer needed. Please share your thoughts on this? |
|
@gkc : Tested the below scenario's on the canary servers and staging server
On Staging atsign's:
|
Tested the issue on a staging atsign: onboard_new_atsign_app.mp4 |
As an immediate solution, we are reverting the changes related to the skip sync of signing keys and statsNotificationId and publishing the at_persistence_secondary_server and at_client packages. We will investigate possible approaches to accommodate skipping of certain keys on client/server. Also we have to revisit the condition that result in sync loop. |
Got it. And to be specific, the condition that never becomes false is in _syncFromServer, |
Reopening as we have not yet published the new package nor pushed the new canary server release |
Fixes the issues in at_persistence_secondary_server with 3.0.39 and at_client 3.0.41 |
Complete. Turned out to be a lot of work! |
Problem
Keys of newly-created atsigns become unusable upon app restart when using latest libraries
To reproduce
Workaround
Observations
The text was updated successfully, but these errors were encountered: