fedmsg signature validation appears to fail when messages are played back
Closed this issue · 3 comments
I don't actually know what pieces are responsible for playing back fedmsgs, but the-new-hotness failed to validate all the messages it got:
[ fedmsg INFO] Retrieving datagrepper page 2 of 813
[fedmsg.crypto.x509 WARNING] Failed validation. bad signature
[moksha.hub WARNING] Received invalid message RuntimeWarning('Failed to authn message.',)
...
I believe this is one of the messages it played back and did not validate. Based on my brief examination of the code, it seems to be failing here. This is odd since it's using the certificate it loaded from the message itself, and it seems like that certificate must have been signed by the CA to get that far.
I think this is related to fedora-infra/datanommer#87
Any news on this? It's really quite a big deal for real-world usage of fedmsg because it means any missed messages are not acted upon on restart. This was hidden until recently because of the bug which prevented signature verification actually working properly at all, but ever since that was fixed, it's a real issue. Thanks.
As promised, I have a fix for this. However, it doesn't fix all cases so some messages will still fail validation. The reason for this is datanommer is mutating the original message which, in my opinion, is a very bad idea. This fix is a plaster and is quite fragile. If datanommer changes its format in any way this will break again.
Thanks a lot for that, I'll report back if we still have issues in practice.