Idea #8936
Updated by Tom Clegg about 8 years ago
The real signing key should be generated from both the random configured signing key, and the configured block TTL. This way, when the sysadmin changes the TTL, the effective signing key changes, and clients are in a better position to detect that and retry write operations if needed. Update: * The API server key generation logic (@app/models/blob.rb#generate_signature@), see note-4 below. (@app/models/blob.rb#generate_signature@) - Make sure to add a test that changing - TBD: What is the TTL causes actual logic? Tom to update the permission signature to change. relevant wiki page and link it here. * The Keepstore/SDK Keepstore key generation logic (@sdk/go/keepclient/perms.go@). (@sdk/go/keepclient/perms.go@) - Make sure to update the "known good signature" fixture(s). add a test * The install guide documentation - Where the TTL is mentioned, add a note that it effectively becomes part of the signing key, and will cause clients to retry or fail if it is changed while they are in progress. * The "Upgrading to master" wiki page, to note that you must upgrade both keepstore and API server at the same time, with no operations in progress and nothing in arv-put resume caches -- otherwise operations upgrading to this version will fail. functionally change your client key