Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SIGSEGV on tiup mirror renew with expired repo #2398

Open
borissavelev opened this issue Apr 4, 2024 · 5 comments
Open

SIGSEGV on tiup mirror renew with expired repo #2398

borissavelev opened this issue Apr 4, 2024 · 5 comments
Labels
type/bug Categorizes issue as related to a bug.

Comments

@borissavelev
Copy link
Contributor

borissavelev commented Apr 4, 2024

Bug Report

Please answer these questions before submitting your issue. Thanks!

  1. What did you do?

I have my own custom tiup local repository.
Apparently, it expired and I wanted to renew a component.

tiup mirror set /Users/.../remote
tiup mirror renew alertmanager --days 365
  1. What did you expect to see?

Successful component renew

  1. What did you see instead?
tiup mirror renew alertmanager --days 365
read manifest from mirror(/Users/.../remote) failed: manifest timestamp.json has expired at: 2024-03-28T09:00:36+02:00
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x13d2e20]

goroutine 1 [running]:
github.com/pingcap/tiup/pkg/repository/v1manifest.(*Component).Base(0x49c7853411cd?)
        github.com/pingcap/tiup/pkg/repository/v1manifest/types.go:174
github.com/pingcap/tiup/pkg/repository/v1manifest.RenewManifest({0x182fe00, 0x0}, {0xc000241b98?, 0x1?, 0x1cd5720?}, {0xc000241b50, 0x1, 0x0?})
        github.com/pingcap/tiup/pkg/repository/v1manifest/manifest.go:420 +0x4c
github.com/pingcap/tiup/cmd.newMirrorRenewCmd.func1(0xc0002cb500?, {0xc0002ce5d0, 0x1, 0x172a6c7?})
        github.com/pingcap/tiup/cmd/mirror.go:371 +0x1b8
github.com/spf13/cobra.(*Command).execute(0xc0002cb500, {0xc0002ce570, 0x3, 0x3})
        github.com/spf13/[email protected]/command.go:916 +0x87c
github.com/spf13/cobra.(*Command).ExecuteC(0xc0002c4000)
        github.com/spf13/[email protected]/command.go:1044 +0x3a5
github.com/spf13/cobra.(*Command).Execute(...)
        github.com/spf13/[email protected]/command.go:968
github.com/pingcap/tiup/cmd.Execute()
        github.com/pingcap/tiup/cmd/root.go:238 +0x46
main.main()
        github.com/pingcap/tiup/main.go:21 +0xf
  1. What version of TiUP are you using (tiup --version)?
tiup --version                           
1.15.0 v1.15.0-nightly-1
Go Version: go1.21.8
Git Ref: master
GitHash: 6f016925ab0d259bb07657f5ab83f2a2d7ef5656
@borissavelev borissavelev added the type/bug Categorizes issue as related to a bug. label Apr 4, 2024
@dveeden
Copy link
Contributor

dveeden commented Apr 5, 2024

This is coming from

return &manifest.SignedBase

Maybe there is something wrong with the manifest and it is also not validated correctly.

@dveeden
Copy link
Contributor

dveeden commented Apr 5, 2024

A failed attempt at reproducing this:

dvaneeden@dve-carbon:~$ tiup --version
1.15.0 tiup
Go Version: go1.21.8
Git Ref: v1.15.0
GitHash: 48f15f405450faf7d57136e629285724a0713cde
dvaneeden@dve-carbon:~$ tiup mirror show
https://tiup-mirrors.pingcap.com/
dvaneeden@dve-carbon:~$ tiup mirror clone /tmp/tiup-mirror -o linux -a amd64 --br v8.0.0
Start to clone mirror, targetDir is /tmp/tiup-mirror, source mirror is https://tiup-mirrors.pingcap.com/, selectedVersions are []
If this does not meet expectations, please abort this process, read `tiup mirror clone --help` and run again
Arch [amd64]
OS [linux]
br linux/amd64 selected version is v8.0.0
download https://tiup-mirrors.pingcap.com/br-v8.0.0-linux-amd64.tar.gz 82.32 MiB / 82.32 MiB 100.00% 137.89 MiB/s                                     
download https://tiup-mirrors.pingcap.com/tiup-linux-amd64.tar.gz 4.98 MiB / 4.98 MiB 100.00% ? MiB/s                                                 
dvaneeden@dve-carbon:~$ tiup mirror set /tmp/tiup-mirror
Successfully set mirror to /tmp/tiup-mirror
dvaneeden@dve-carbon:~$ tiup list --all
Available components:
Name  Owner    Description
----  -----    -----------
br    pingcap  TiDB/TiKV cluster backup restore tool.
dvaneeden@dve-carbon:~$ tiup mirror renew br --days 365
Error: invalid signature
dvaneeden@dve-carbon:~$ find /tmp/tiup-mirror
/tmp/tiup-mirror
/tmp/tiup-mirror/keys
/tmp/tiup-mirror/keys/19b723eb64b0075f-root.json
/tmp/tiup-mirror/keys/cfb7879f8d52e538-root.json
/tmp/tiup-mirror/keys/9ac341b84580326a-root.json
/tmp/tiup-mirror/keys/8ee224880571ef3f-index.json
/tmp/tiup-mirror/keys/e95c8a03d0778fc8-snapshot.json
/tmp/tiup-mirror/keys/17127065cfad4c94-timestamp.json
/tmp/tiup-mirror/keys/4c793e7bbaec350a-pingcap.json
/tmp/tiup-mirror/br-v8.0.0-linux-amd64.tar.gz
/tmp/tiup-mirror/tiup-linux-amd64.tar.gz
/tmp/tiup-mirror/1.index.json
/tmp/tiup-mirror/1.root.json
/tmp/tiup-mirror/root.json
/tmp/tiup-mirror/snapshot.json
/tmp/tiup-mirror/timestamp.json
/tmp/tiup-mirror/8512.br.json
/tmp/tiup-mirror/local_install.sh

@borissavelev
Copy link
Contributor Author

borissavelev commented Apr 5, 2024

Most likely it fails because you don't have a private key to sign the repo.

I have my own private key for signing and custom components singed by this key.

Moreover, it fails with sigsegv only with expired signature

@dveeden
Copy link
Contributor

dveeden commented Apr 5, 2024

Does the manifest for the component have a key with signed and subkeys for _type,spec_version,expires and version?

Like this:

$ jq '.signed._type' /tmp/tiup-mirror/8512.br.json 
"component"

If it can't work because of not having the right private key then it should report something like Error: invalid signature.

@dveeden
Copy link
Contributor

dveeden commented Apr 5, 2024

Ok, I now get what's happening:

https://github.com/dveeden/tiup/blob/48f15f405450faf7d57136e629285724a0713cde/cmd/mirror.go#L361-L369

For the component it calls GetComponentManifest() which returns a component manifest and an error.

Then it checks if the error is caused by expiration via IsExpirationError(), which in this case is true. This means it just prints the error (which is in the output you shared) and continues.

However the manifest that GetComponentManifest() returned is then used in the call to RenewManifest(). However the problem with this is that GetComponentManifest() returns a nil manifest if it returns an error.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
type/bug Categorizes issue as related to a bug.
Projects
None yet
Development

No branches or pull requests

2 participants