Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

verifier fails with AttributeError: 'NoneType' object has no attribute 'checksum' #1306

Closed
kkaarreell opened this issue Feb 10, 2023 · 4 comments
Closed

verifier fails with AttributeError: 'NoneType' object has no attribute 'checksum' #1306

kkaarreell opened this issue Feb 10, 2023 · 4 comments
Labels
bug

Comments

@kkaarreell
Copy link
Contributor

Is your issue a feature request? If so, please raise it as an enhancement

Environment

  • OS / version: Fedora36-Fedora38, C9S
  • Processor architecture: x86_64
  • TPM Manufacturer: swtpm
  • Keylime version: current latest upstream fb817ee

Description

keylime_verifier fails to attest an agent and fails with the following error

Feb 10 14:33:00 ip-172-31-30-136.us-east-2.compute.internal keylime_verifier[123613]: 2023-02-10 14:33:00.446 - keylime.verifier - ERROR - Polling thread error for agent ID d432fbb3-d2f1-4a97-9ef7-75bd81c00000: 'NoneType' object has no attribute 'checksum'
keylime_verifier[123613]: 2023-02-10 14:33:00.446 - keylime.verifier - ERROR - 'NoneType' object has no attribute 'checksum'
keylime_verifier[123613]: Traceback (most recent call last):
keylime_verifier[123613]:   File "/usr/local/lib/python3.9/site-packages/keylime-6.6.0-py3.9.egg/keylime/cloud_verifier_tornado.py", line 1310, in process_agent
keylime_verifier[123613]:     runtime_policy = verifier_read_policy_from_cache(stored_agent)
keylime_verifier[123613]:   File "/usr/local/lib/python3.9/site-packages/keylime-6.6.0-py3.9.egg/keylime/cloud_verifier_tornado.py", line 135, in verifier_read_policy_from_cache
keylime_verifier[123613]:     if stored_agent.ima_policy.checksum not in GLOBAL_POLICY_CACHE[str(stored_agent.agent_id)]:
keylime_verifier[123613]: AttributeError: 'NoneType' object has no attribute 'checksum'

This is a regression introduced with #1272.
This bug has not been catched in CI, unfortunately the respective test has been accidentally disabled during the IMA policy overhaul update.

Expected behavior vs. actual behavior

verifier works properly and attests an agent

Steps to reproduce problem

  1. see last test results of e2e test /functional/tenant-runtime-policy-sanity

Relevant logs

Logs from Rawhide are currently available at
https://artifacts.dev.testing-farm.io/2db622b2-5743-4765-b867-6c9094e9b098/work-upstream-keylime-tests-github-ci_zf645l9/plans/upstream-keylime-tests-github-ci/execute/data/functional/tenant-runtime-policy-sanity/data/
This was referenced Feb 10, 2023
Merged
Merged
@ansasaki ansasaki added the bug label Feb 10, 2023
@kkaarreell kkaarreell mentioned this issue Feb 10, 2023
Merged
@stefanberger stefanberger mentioned this issue Feb 10, 2023
Merged
@maugustosilva
Copy link
Contributor

@mdrocco looks like one of the tests was accidentally disabled

@maugustosilva
Copy link
Contributor

The fix seems simple enough, will take a look.

@mdrocco
Copy link
Contributor

mdrocco commented Feb 10, 2023

Thanks, in fact that spot of the code has always been problematic with respect to my type-fixing adventure. Let me know if I can help somehow to fix this.

@kkaarreell kkaarreell mentioned this issue Feb 10, 2023
Merged
maugustosilva pushed a commit to maugustosilva/keylime that referenced this issue Feb 13, 2023
verifier,tenant : fix IMA runtime policy bug (issue keylime#1306)
d96088f 
A bit of context: some runtime-policy tests were accidentally disabled
(fixed by PR keylime#1307) were accidentally disabled. Once re-enabled they
show a couple of bugs on the `verifier` and `tenant` code.

This PR contains fixes for all these (basically need for checking for
the presence of certain attributes/keys before referring to and use it)

Signed-off-by: Marcio Silva <[email protected]>
@maugustosilva
Copy link
Contributor

@mdrocco submitted a bugfix

maugustosilva pushed a commit to maugustosilva/keylime that referenced this issue Feb 13, 2023
verifier,tenant : fix IMA runtime policy bug (issue keylime#1306)
8bb18fb 
A bit of context: some runtime-policy tests were accidentally disabled
(fixed by PR keylime#1307) were accidentally disabled. Once re-enabled they
show a couple of bugs on the `verifier` and `tenant` code.

This PR contains fixes for all these (basically need for checking for
the presence of certain attributes/keys before referring to and use it)

Signed-off-by: Marcio Silva <[email protected]>
maugustosilva pushed a commit to maugustosilva/keylime that referenced this issue Feb 13, 2023
verifier,tenant : fix IMA runtime policy bug (issue keylime#1306)
3b0e9ff 
A bit of context: some runtime-policy tests were accidentally disabled
(fixed by PR keylime#1307) were accidentally disabled. Once re-enabled they
show a couple of bugs on the `verifier` and `tenant` code.

This PR contains fixes for all these (basically need for checking for
the presence of certain attributes/keys before referring to and use it)

Signed-off-by: Marcio Silva <[email protected]>
mpeters pushed a commit that referenced this issue Feb 13, 2023
@mpeters
verifier,tenant : fix IMA runtime policy bug (issue #1306)
fc9d55f 
A bit of context: some runtime-policy tests were accidentally disabled
(fixed by PR #1307) were accidentally disabled. Once re-enabled they
show a couple of bugs on the `verifier` and `tenant` code.

This PR contains fixes for all these (basically need for checking for
the presence of certain attributes/keys before referring to and use it)

Signed-off-by: Marcio Silva <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mdrocco @maugustosilva @kkaarreell @ansasaki