View Issue Details

IDProjectCategoryView StatusLast Update
0005696Talerexchangepublic2019-12-20 19:12
ReporterMarcello Stanisci Assigned ToMarcello Stanisci  
PriorityhighSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Versiongit (master) 
Target Version0.6Fixed in Version0.6 
Summary0005696: Some denoms don't get signed by the auditor.
DescriptionAfter a successful installation, some denomination keys do not seem to be signed by the auditor. This *might* belong to the logic, but needs some investigation.


stanisci@gv:~$ taler-exchange-httpd
Apr 19 16:58:56-275047 taler-exchange-httpd-23812 INFO Creating listen socket '/home/stanisci/sockets/exchange.http' with mode 660
Apr 19 16:58:56-275213 taler-exchange-httpd-23812 INFO set socket '/home/stanisci/sockets/exchange.http' to mode 660
Apr 19 16:58:56-278450 taler-exchange-httpd-23812 INFO (re-)loading keys
Apr 19 16:58:56-278502 taler-exchange-httpd-23812 INFO Loading keys from `/home/stanisci/shared-data/exchange/live-keys/'
Apr 19 16:58:56-337207 taler-exchange-httpd-23812 INFO Adding denomination key `TESTKUDOS_1000-JFWSSMKPDW1B8JMB076F' (ZYN5YB36) to active set
Apr 19 16:58:56-345443 taler-exchange-httpd-23812 INFO Adding denomination key `TESTKUDOS_10-6FRX9VGKHQN1S7RBKWV1' (CSSTFEW1) to active set
Apr 19 16:58:56-353865 taler-exchange-httpd-23812 INFO Adding denomination key `TESTKUDOS_5-1NF24YGWEDM5GWC1KY4D' (0TEB8HB2) to active set
Apr 19 16:58:56-362171 taler-exchange-httpd-23812 INFO Adding denomination key `TESTKUDOS_2-BRVRRZVW4FWBV38TTQAF' (P4Z9HEY4) to active set
Apr 19 16:58:56-370502 taler-exchange-httpd-23812 INFO Adding denomination key `TESTKUDOS_1-45XQ1XZB7RVTKVXBXGHG' (EGEZ6M8W) to active set
Apr 19 16:58:56-378896 taler-exchange-httpd-23812 INFO Adding denomination key `TESTKUDOS_0_1-2M8HD4RD44QCNP3YDK2Y' (J8SKSZAV) to active set
Apr 19 16:58:56-380520 taler-exchange-httpd-23812 WARNING Denomination key `8ES78RRY' at 0x55b8cf47c070 not signed by any auditor!
Apr 19 16:58:56-380537 taler-exchange-httpd-23812 WARNING Denomination key `17SGQT5S' at 0x55b8cf47c0c8 not signed by any auditor!
Apr 19 16:58:56-380548 taler-exchange-httpd-23812 WARNING Denomination key `EYWPF1H8' at 0x55b8cf47c120 not signed by any auditor!
Apr 19 16:58:56-380557 taler-exchange-httpd-23812 WARNING Denomination key `K0ZBJVEB' at 0x55b8cf47c178 not signed by any auditor!
Apr 19 16:58:56-380567 taler-exchange-httpd-23812 WARNING Denomination key `VCE09BY9' at 0x55b8cf47c1d0 not signed by any auditor!
Apr 19 16:58:56-380576 taler-exchange-httpd-23812 WARNING Denomination key `FGAWTHGV' at 0x55b8cf47c228 not signed by any auditor!
Steps To ReproduceInstall exchange
get the keys signed by the auditor
run exchange
TagsNo tags attached.

Activities

Christian Grothoff

2019-04-20 12:10

manager   ~0014311

This should only happen if you ever ran taler-exchange-keyup without the -o option once and thus generated some keys without exporting for the auditor (or never ran the auditor sign tool on those keys).

Marcello Stanisci

2019-06-09 16:05

reporter   ~0014522

Last edited: 2019-06-09 16:06

This deserves more attention, as even after using our deployment tools (like taler-deployment-keyup) on a clean setup, the exchange is still warning about some unsigned keys:

Jun 09 16:01:49-670989 taler-exchange-httpd-10964 WARNING Denomination key `4H426MR6' at 0x55f79e510500 not signed by any auditor!
Jun 09 16:01:49-671020 taler-exchange-httpd-10964 WARNING Denomination key `RQXVTYMM' at 0x55f79e510558 not signed by any auditor!
Jun 09 16:01:49-671036 taler-exchange-httpd-10964 WARNING Denomination key `CNKZ014K' at 0x55f79e5105b0 not signed by any auditor!
Jun 09 16:01:49-671051 taler-exchange-httpd-10964 WARNING Denomination key `9SDM9MJ0' at 0x55f79e510608 not signed by any auditor!
Jun 09 16:01:49-671065 taler-exchange-httpd-10964 WARNING Denomination key `5X54AFQV' at 0x55f79e510660 not signed by any auditor!

Marcello Stanisci

2019-06-13 15:58

reporter   ~0014542

Why this happens: the exchange "keystate" part crawls the *database* looking for additional denomination keys (other than the ones it has under "[exchange]/keydir"). So if denom X exists only in database and not on disk (**), then "taler-auditor-sign" is not able to sign those only-in-DB keys over, hence they remain unsigned.

**: this happens easily on our testing envs, as we often erase all denoms and regenerate new ones while not erasing tables from the DB.

Marcello Stanisci

2019-06-13 16:09

reporter   ~0014543

Putting as 'feedback', as not technically a bug, but need to be "fixed" somehow. Maybe by improving the wording (like labelling it as INFO)?

Marcello Stanisci

2019-06-13 16:24

reporter   ~0014544

I can confirm: I tried both locally on laptop and on Gv as 'test-blue', and resetting the DB makes the WARNINGs disappear.

Christian Grothoff

2019-06-13 18:37

manager   ~0014545

Then there is no bug. WARNING is appropriate, as it is usually VERY bad if we ever had denomination keys without signatures (in a production system). Sure, old stale DB entries will cause such warnings if the DB is not properly reset between re-installs, but that's OK to WARN about that. INFO would suggest that this was purely informational and could be easily ignored, which is too little. ERROR would mean that there was something definitively wrong, which is also not the case. So WARNING is perfect and should stay.

Issue History

Date Modified Username Field Change
2019-04-19 17:14 Marcello Stanisci New Issue
2019-04-19 17:14 Marcello Stanisci Status new => assigned
2019-04-19 17:14 Marcello Stanisci Assigned To => Christian Grothoff
2019-04-19 17:14 Marcello Stanisci Assigned To Christian Grothoff => Marcello Stanisci
2019-04-20 12:10 Christian Grothoff Note Added: 0014311
2019-06-09 16:05 Marcello Stanisci Note Added: 0014522
2019-06-09 16:06 Marcello Stanisci Priority normal => high
2019-06-09 16:06 Marcello Stanisci Note Edited: 0014522
2019-06-13 15:58 Marcello Stanisci Note Added: 0014542
2019-06-13 16:09 Marcello Stanisci Status assigned => feedback
2019-06-13 16:09 Marcello Stanisci Note Added: 0014543
2019-06-13 16:24 Marcello Stanisci Note Added: 0014544
2019-06-13 18:37 Christian Grothoff Status feedback => resolved
2019-06-13 18:37 Christian Grothoff Resolution open => fixed
2019-06-13 18:37 Christian Grothoff Fixed in Version => 0.6
2019-06-13 18:37 Christian Grothoff Note Added: 0014545
2019-06-13 18:37 Christian Grothoff Product Version => git (master)
2019-06-13 18:37 Christian Grothoff Target Version => 0.6
2019-12-20 19:12 Christian Grothoff Status resolved => closed