Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FIXED] Killed server on restart could render encrypted stream unrecoverable #4210

Merged
merged 2 commits into from
Jun 4, 2023
Merged

[FIXED] Killed server on restart could render encrypted stream unrecoverable #4210

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
d5ae96f
When a server was killed on restart before an encrypted stream was re…
derekcollison Jun 3, 2023
4c1b93d
Make sure to put the keyfile back if we did not recover the stream.
derekcollison Jun 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
When a server was killed on restart before an encrypted stream was re… 
…covered the keyfile was removed and could cause the stream to not be recoverable.

We only needed to delete the key file when converting ciphers and right before we add the stream itself.

Signed-off-by: Derek Collison <derek@nats.io>
  • Loading branch information
@derekcollison
derekcollison committed Jun 3, 2023
commit d5ae96f54d6b0fc2c5cf4357e316f8c1f1939e35
5 changes: 2 additions & 3 deletions server/jetstream.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1234,9 +1234,6 @@ func (a *Account) EnableJetStream(limits map[string]JetStreamAccountLimits) erro
}
buf = nbuf
plaintext = false

// Remove the key file to have system regenerate with the new cipher.
os.Remove(keyFile)
}

var cfg FileStreamInfo
Expand Down Expand Up @@ -1288,6 +1285,8 @@ func (a *Account) EnableJetStream(limits map[string]JetStreamAccountLimits) erro
s.Noticef(" Encrypting stream '%s > %s'", a.Name, cfg.StreamConfig.Name)
} else if convertingCiphers {
s.Noticef(" Converting from %s to %s for stream '%s > %s'", osc, sc, a.Name, cfg.StreamConfig.Name)
// Remove the key file to have system regenerate with the new cipher.
os.Remove(keyFile)
}
}

Expand Down