Removing /var/cache/tang breaks Tang #24
Labels
Comments
|
We can probably solve this problem with this advice: |
This would only solve the "no permissions to create" part, no? |
|
I agree the real problem is different here: Any application should work when their cache data is removed. That's why it is called a |
|
Hi, I have not tried the patch, but if it resolves the issue, it would help other distros to benefit from it ☺ |
|
So why not include this patch? Is there any news? IMHO this cache directory is making securing the tang server harder than it should be. Is the cache directory itself security-sensitive? I.e. can I run a tang server only with the cache and it is valid and can be used for encryption?
In any case, I just see no advantage in using this temp dir as an intermediate step. As the redhat patch also shows, this may cause problems and is likely the only reason tang depends on systemd unit to trigger all this – which is not needed if tang can do it itself. So to have "one point of trust/failure" I'd also argue not to spread the key material in different directories, but keep it in one place. |
This was referenced Nov 23, 2020
|
Thanks @cedricbu and @rugk for the helpful pointers. In my docker image (https://github.com/padhi-homelab/docker_tang) I have applied the patch and removed this cache directory (and |
|
I will prepare a PR for the patch. |
sergio-correia
added a commit
to sergio-correia/tang
that referenced
this issue
Nov 26, 2020
This effectively removes the cache directory -- usually /var/cache/tang --, which had pre-computed files with signed advertisements and JWK with keys for deriving new keys. This computation was done by the tangd-update script, which has also been removed in this commit. We relied on systemd to run this script whenever the JWK dir -- usually /var/db/tang, which is where the actual keys are located -- changed, to keep the cache directory updated, but this is sometimes unreliable, causing issues like the ones reported in latchset#23 and latchset#24. As of now, tang performs these computations itself and does not depend on external scripts to make sure it has reliable information regarding its keys. Tests added as well. Resolves: latchset#23 Resolves: latchset#24
sergio-correia
added a commit
to sergio-correia/tang
that referenced
this issue
Nov 28, 2020
We currently rely on the tangd-update script to read the keys and generate signed advertisements as well as JWKs for key derivation. Whenever there is a change in the directory containing the actual keys, we run tangd-update through a systemd file watching mechanism, so that we can have a cache directory with updated advertisements + JWKs. As reported in latchset#23 and latchset#24, this mechanism can be unreliable in certain situations, and having up-to-date information on the keys that are available is critical to tang, so the idea here is to remove this dependency on external scripts (e.g. tangd-update) and move this computation to tang itself. In this commit we add the related functions for key manipulation so that in a next step we can start using it in tang.
sergio-correia
added a commit
to sergio-correia/tang
that referenced
this issue
Nov 28, 2020
Use the key manipulation functions added in src/keys.{c|h} in tangd.
This effectively removes the need for a cache directory -- usually
/var/cache/tang --, which contained pre-computed files with signed
advertisements and JWK with keys for deriving new keys.
This computation was done by the tangd-update script, which has also
been removed in this commit.
We relied on systemd to run this script whenever the JWK dir -- usually
/var/db/tang, which is where the actual keys are located -- changed, to
keep the cache directory updated, but this is sometimes unreliable,
causing issues like the ones reported in latchset#23 and latchset#24.
As of now, tang performs these computations itself and does not depend
on external scripts to make sure it has reliable information regarding
its keys.
sergio-correia
added a commit
to sergio-correia/tang
that referenced
this issue
Nov 29, 2020
We currently rely on the tangd-update script to read the keys and generate signed advertisements as well as JWKs for key derivation. Whenever there is a change in the directory containing the actual keys, we run tangd-update through a systemd file watching mechanism, so that we can have a cache directory with updated advertisements + JWKs. As reported in latchset#23 and latchset#24, this mechanism can be unreliable in certain situations, and having up-to-date information on the keys that are available is critical to tang, so the idea here is to remove this dependency on external scripts (e.g. tangd-update) and move this computation to tang itself. In this commit we add the related functions for key manipulation so that in a next step we can start using it in tang.
sergio-correia
added a commit
to sergio-correia/tang
that referenced
this issue
Nov 29, 2020
Use the key manipulation functions added in src/keys.{c|h} in tangd.
This effectively removes the need for a cache directory -- usually
/var/cache/tang --, which contained pre-computed files with signed
advertisements and JWK with keys for deriving new keys.
This computation was done by the tangd-update script, which has also
been removed in this commit.
We relied on systemd to run this script whenever the JWK dir -- usually
/var/db/tang, which is where the actual keys are located -- changed, to
keep the cache directory updated, but this is sometimes unreliable,
causing issues like the ones reported in latchset#23 and latchset#24.
As of now, tang performs these computations itself and does not depend
on external scripts to make sure it has reliable information regarding
its keys.
sergio-correia
added a commit
to sergio-correia/tang
that referenced
this issue
Nov 29, 2020
We currently rely on the tangd-update script to read the keys and generate signed advertisements as well as JWKs for key derivation. Whenever there is a change in the directory containing the actual keys, we run tangd-update through a systemd file watching mechanism, so that we can have a cache directory with updated advertisements + JWKs. As reported in latchset#23 and latchset#24, this mechanism can be unreliable in certain situations, and having up-to-date information on the keys that are available is critical to tang, so the idea here is to remove this dependency on external scripts (e.g. tangd-update) and move this computation to tang itself. In this commit we add the related functions for key manipulation so that in a next step we can start using it in tang.
sergio-correia
added a commit
to sergio-correia/tang
that referenced
this issue
Nov 29, 2020
Use the key manipulation functions added in src/keys.{c|h} in tangd.
This effectively removes the need for a cache directory -- usually
/var/cache/tang --, which contained pre-computed files with signed
advertisements and JWK with keys for deriving new keys.
This computation was done by the tangd-update script, which has also
been removed in this commit.
We relied on systemd to run this script whenever the JWK dir -- usually
/var/db/tang, which is where the actual keys are located -- changed, to
keep the cache directory updated, but this is sometimes unreliable,
causing issues like the ones reported in latchset#23 and latchset#24.
As of now, tang performs these computations itself and does not depend
on external scripts to make sure it has reliable information regarding
its keys.
Additionally, tang also creates a new pair of keys if none exist.
sergio-correia
added a commit
to sergio-correia/tang
that referenced
this issue
Nov 29, 2020
Use the key manipulation functions added in src/keys.{c|h} in tangd.
This effectively removes the need for a cache directory -- usually
/var/cache/tang --, which contained pre-computed files with signed
advertisements and JWK with keys for deriving new keys.
This computation was done by the tangd-update script, which has also
been removed in this commit.
We relied on systemd to run this script whenever the JWK dir -- usually
/var/db/tang, which is where the actual keys are located -- changed, to
keep the cache directory updated, but this is sometimes unreliable,
causing issues like the ones reported in latchset#23 and latchset#24.
As of now, tang performs these computations itself and does not depend
on external scripts to make sure it has reliable information regarding
its keys.
Additionally, tang also creates a new pair of keys if none exist.
sergio-correia
added a commit
to sergio-correia/tang
that referenced
this issue
Nov 29, 2020
We currently rely on the tangd-update script to read the keys and generate signed advertisements as well as JWKs for key derivation. Whenever there is a change in the directory containing the actual keys, we run tangd-update through a systemd file watching mechanism, so that we can have a cache directory with updated advertisements + JWKs. As reported in latchset#23 and latchset#24, this mechanism can be unreliable in certain situations, and having up-to-date information on the keys that are available is critical to tang, so the idea here is to remove this dependency on external scripts (e.g. tangd-update) and move this computation to tang itself. In this commit we add the related functions for key manipulation so that in a next step we can start using it in tang.
sergio-correia
added a commit
to sergio-correia/tang
that referenced
this issue
Nov 29, 2020
Use the key manipulation functions added in src/keys.{c|h} in tangd.
This effectively removes the need for a cache directory -- usually
/var/cache/tang --, which contained pre-computed files with signed
advertisements and JWK with keys for deriving new keys.
This computation was done by the tangd-update script, which has also
been removed in this commit.
We relied on systemd to run this script whenever the JWK dir -- usually
/var/db/tang, which is where the actual keys are located -- changed, to
keep the cache directory updated, but this is sometimes unreliable,
causing issues like the ones reported in latchset#23 and latchset#24.
As of now, tang performs these computations itself and does not depend
on external scripts to make sure it has reliable information regarding
its keys.
Additionally, tang also creates a new pair of keys if none exist.
sergio-correia
added a commit
to sergio-correia/tang
that referenced
this issue
Nov 29, 2020
Use the key manipulation functions added in src/keys.{c|h} in tangd.
This effectively removes the need for a cache directory -- usually
/var/cache/tang --, which contained pre-computed files with signed
advertisements and JWK with keys for deriving new keys.
This computation was done by the tangd-update script, which has also
been removed in this commit.
We relied on systemd to run this script whenever the JWK dir -- usually
/var/db/tang, which is where the actual keys are located -- changed, to
keep the cache directory updated, but this is sometimes unreliable,
causing issues like the ones reported in latchset#23 and latchset#24.
As of now, tang performs these computations itself and does not depend
on external scripts to make sure it has reliable information regarding
its keys.
Additionally, tang also creates a new pair of keys if none exist.
sergio-correia
added a commit
that referenced
this issue
Dec 1, 2020
We currently rely on the tangd-update script to read the keys and generate signed advertisements as well as JWKs for key derivation. Whenever there is a change in the directory containing the actual keys, we run tangd-update through a systemd file watching mechanism, so that we can have a cache directory with updated advertisements + JWKs. As reported in #23 and #24, this mechanism can be unreliable in certain situations, and having up-to-date information on the keys that are available is critical to tang, so the idea here is to remove this dependency on external scripts (e.g. tangd-update) and move this computation to tang itself. In this commit we add the related functions for key manipulation so that in a next step we can start using it in tang.
sergio-correia
added a commit
that referenced
this issue
Dec 1, 2020
Use the key manipulation functions added in src/keys.{c|h} in tangd.
This effectively removes the need for a cache directory -- usually
/var/cache/tang --, which contained pre-computed files with signed
advertisements and JWK with keys for deriving new keys.
This computation was done by the tangd-update script, which has also
been removed in this commit.
We relied on systemd to run this script whenever the JWK dir -- usually
/var/db/tang, which is where the actual keys are located -- changed, to
keep the cache directory updated, but this is sometimes unreliable,
causing issues like the ones reported in #23 and #24.
As of now, tang performs these computations itself and does not depend
on external scripts to make sure it has reliable information regarding
its keys.
Additionally, tang also creates a new pair of keys if none exist.
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Applications should survive the removal of their data in
/var/cache/and regenerate them as necessary.With Tang, one needs to explicitly run
tangd-updateafterrm -rf /var/cache/tang. And even then,tangd-updatefails to create/var/cache/tangsince it doesn't run as root.The text was updated successfully, but these errors were encountered: