Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FIXED] Killed server on restart could render encrypted stream unrecoverable #4210

Merged
merged 2 commits into from
Jun 4, 2023

Conversation

derekcollison
Copy link
Member

When a server was killed on restart before an encrypted stream was recovered the keyfile was removed and could cause the stream to not be recoverable.

We only needed to delete the key file when converting ciphers and right before we add the stream itself.

Signed-off-by: Derek Collison derek@nats.io

Resolves #4195

…covered the keyfile was removed and could cause the stream to not be recoverable.

We only needed to delete the key file when converting ciphers and right before we add the stream itself.

Signed-off-by: Derek Collison <derek@nats.io>
Signed-off-by: Derek Collison <derek@nats.io>
@derekcollison derekcollison requested a review from a team as a code owner June 3, 2023 18:34
Copy link
Member

@philpennock philpennock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This still leaves a window with no key on disk. Shouldn't it write the new key to a new file name before writing the data, close them both, then atomically rename the new keyfile over the old one? And do so with a predictable name so that recovery can detect the situation?

@derekcollison
Copy link
Member Author

Yes you are correct and will look at that for 2.10 vs making that big of a change here. This is only for when you are converting ciphers.

@derekcollison
Copy link
Member Author

Meaning the server that is restarting is converting ciphers and its killed (kill -9) mid-way between a restore of a stream.

@derekcollison
Copy link
Member Author

Plus have more changes to encryption for 2.10, so won't make that change here.

@derekcollison derekcollison merged commit eb09ddd into main Jun 4, 2023
@derekcollison derekcollison deleted the meta-enc-kill branch June 4, 2023 00:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

NATS Server corrupts the meta.inf file when it gets killed/closed/exited during startup stream loading time.
3 participants