Uploaded image for project: 'CernVM'
  1. CernVM
  2. CVM-1604

cvmfs_server resign with Yubikey can generate bad signature

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: CernVM-FS 2.5
    • Fix Version/s: CernVM-FS 2.5.1
    • Component/s: CVMFS
    • Labels:
      None
    • Platforms:
      x86_64-slc6-gcc48-opt
    • Development:

      Description

      We had a case today where one signature made with cvmfs_server resign -w from a Yubikey was invalid; stratum 1s reported “failed to fetch manifest (8 - bad whitelist)”, even though resign reported no error.  Update the resign command to verify that a yubikey signature is valid before replacing a .cvmfswhitelist, and return an error if it is not valid.

        Attachments

          Activity

            People

            • Assignee:
              dwd Dave Dykstra
              Reporter:
              dwd Dave Dykstra
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                PlannedEnd:
                PlannedStart: