yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #52694
[Bug 1595467] [NEW] Signature verification failure leads to saving image
Public bug reported:
Overview:
When signature verification fails it can cause a 500 error. This causes the image to become stuck in the saving state.
What should happen is that it returns a 40? and the image is put into
the deleted state.
Reproducing:
glance image-create --name mySignedImage --container-format bare --disk-format qcow2 --property img_signature="WRONG SIGNATURE" --property img_signature_certificate_uuid="$cert_uuid" --property img_signature_hash_method='SHA-256' --property img_signature_key_type='RSA-PSS' < myimage
+--------------------------------+--------------------------------------+
| Property | Value |
+--------------------------------+--------------------------------------+
| checksum | None |
| container_format | bare |
| created_at | 2016-06-23T09:46:34Z |
| disk_format | qcow2 |
| id | f0839709-4ff6-4291-9997-a4d387e20582 |
| img_signature | |
| img_signature_certificate_uuid | cd7cc675-e573-419c-8fff-33a72734a243 |
| img_signature_hash_method | SHA-256 |
| img_signature_key_type | RSA-PSS |
| min_disk | 0 |
| min_ram | 0 |
| name | mySignedImage |
| owner | 7f065427534f49ab97a0b68ecc73fd07 |
| protected | False |
| size | None |
| status | queued |
| tags | [] |
| updated_at | 2016-06-23T09:46:34Z |
| virtual_size | None |
| visibility | private |
+--------------------------------+--------------------------------------+
500 Internal Server Error
The server has either erred or is incapable of performing the requested operation.
(HTTP 500)
nib@work-devstack:/tmp/testtmp/nest$ glance image-show f0839709-4ff6-4291-9997-a4d387e20582
+--------------------------------+--------------------------------------+
| Property | Value |
+--------------------------------+--------------------------------------+
| checksum | None |
| container_format | bare |
| created_at | 2016-06-23T09:46:34Z |
| disk_format | qcow2 |
| id | f0839709-4ff6-4291-9997-a4d387e20582 |
| img_signature | |
| img_signature_certificate_uuid | cd7cc675-e573-419c-8fff-33a72734a243 |
| img_signature_hash_method | SHA-256 |
| img_signature_key_type | RSA-PSS |
| min_disk | 0 |
| min_ram | 0 |
| name | mySignedImage |
| owner | 7f065427534f49ab97a0b68ecc73fd07 |
| protected | False |
| size | None |
| status | saving |
| tags | [] |
| updated_at | 2016-06-23T09:46:34Z |
| virtual_size | None |
| visibility | private |
+--------------------------------+--------------------------------------+
Console:
2016-06-23 09:46:35.619 TRACE glance.common.wsgi _('Signature verification failed')
2016-06-23 09:46:35.619 TRACE glance.common.wsgi SignatureVerificationError: Signature verification failed
2016-06-23 09:46:35.619 TRACE glance.common.wsgi
** Affects: glance
Importance: Undecided
Assignee: Niall Bunting (niall-bunting)
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Glance.
https://bugs.launchpad.net/bugs/1595467
Title:
Signature verification failure leads to saving image
Status in Glance:
New
Bug description:
Overview:
When signature verification fails it can cause a 500 error. This causes the image to become stuck in the saving state.
What should happen is that it returns a 40? and the image is put into
the deleted state.
Reproducing:
glance image-create --name mySignedImage --container-format bare --disk-format qcow2 --property img_signature="WRONG SIGNATURE" --property img_signature_certificate_uuid="$cert_uuid" --property img_signature_hash_method='SHA-256' --property img_signature_key_type='RSA-PSS' < myimage
+--------------------------------+--------------------------------------+
| Property | Value |
+--------------------------------+--------------------------------------+
| checksum | None |
| container_format | bare |
| created_at | 2016-06-23T09:46:34Z |
| disk_format | qcow2 |
| id | f0839709-4ff6-4291-9997-a4d387e20582 |
| img_signature | |
| img_signature_certificate_uuid | cd7cc675-e573-419c-8fff-33a72734a243 |
| img_signature_hash_method | SHA-256 |
| img_signature_key_type | RSA-PSS |
| min_disk | 0 |
| min_ram | 0 |
| name | mySignedImage |
| owner | 7f065427534f49ab97a0b68ecc73fd07 |
| protected | False |
| size | None |
| status | queued |
| tags | [] |
| updated_at | 2016-06-23T09:46:34Z |
| virtual_size | None |
| visibility | private |
+--------------------------------+--------------------------------------+
500 Internal Server Error
The server has either erred or is incapable of performing the requested operation.
(HTTP 500)
nib@work-devstack:/tmp/testtmp/nest$ glance image-show f0839709-4ff6-4291-9997-a4d387e20582
+--------------------------------+--------------------------------------+
| Property | Value |
+--------------------------------+--------------------------------------+
| checksum | None |
| container_format | bare |
| created_at | 2016-06-23T09:46:34Z |
| disk_format | qcow2 |
| id | f0839709-4ff6-4291-9997-a4d387e20582 |
| img_signature | |
| img_signature_certificate_uuid | cd7cc675-e573-419c-8fff-33a72734a243 |
| img_signature_hash_method | SHA-256 |
| img_signature_key_type | RSA-PSS |
| min_disk | 0 |
| min_ram | 0 |
| name | mySignedImage |
| owner | 7f065427534f49ab97a0b68ecc73fd07 |
| protected | False |
| size | None |
| status | saving |
| tags | [] |
| updated_at | 2016-06-23T09:46:34Z |
| virtual_size | None |
| visibility | private |
+--------------------------------+--------------------------------------+
Console:
2016-06-23 09:46:35.619 TRACE glance.common.wsgi _('Signature verification failed')
2016-06-23 09:46:35.619 TRACE glance.common.wsgi SignatureVerificationError: Signature verification failed
2016-06-23 09:46:35.619 TRACE glance.common.wsgi
To manage notifications about this bug go to:
https://bugs.launchpad.net/glance/+bug/1595467/+subscriptions
Follow ups
