From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id sMqvOfo4VGLEOQEAgWs5BA (envelope-from ) for ; Mon, 11 Apr 2022 16:19:38 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id oHYHN/o4VGJQiQAA9RJhRA (envelope-from ) for ; Mon, 11 Apr 2022 16:19:38 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 425A08ACE for ; Mon, 11 Apr 2022 16:19:38 +0200 (CEST) Received: from localhost ([::1]:60750 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ndutF-0003YD-AZ for larch@yhetil.org; Mon, 11 Apr 2022 10:19:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:58078) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nduog-0002Is-IU for guix-patches@gnu.org; Mon, 11 Apr 2022 10:14:54 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50978) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ndulu-0008VI-Fb for guix-patches@gnu.org; Mon, 11 Apr 2022 10:12:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ndulu-0008Ng-2E for guix-patches@gnu.org; Mon, 11 Apr 2022 10:12:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54723] [PATCH] Check URI when verifying narinfo validity. Resent-From: Guillaume Le Vaillant Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 11 Apr 2022 14:12:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54723 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 54723@debbugs.gnu.org Received: via spool by 54723-submit@debbugs.gnu.org id=B54723.164968627732151 (code B ref 54723); Mon, 11 Apr 2022 14:12:02 +0000 Received: (at 54723) by debbugs.gnu.org; 11 Apr 2022 14:11:17 +0000 Received: from localhost ([127.0.0.1]:44875 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndulB-0008MU-7i for submit@debbugs.gnu.org; Mon, 11 Apr 2022 10:11:17 -0400 Received: from mout02.posteo.de ([185.67.36.66]:54013) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndul8-0008MF-TX for 54723@debbugs.gnu.org; Mon, 11 Apr 2022 10:11:15 -0400 Received: from submission (posteo.de [185.67.36.169]) by mout02.posteo.de (Postfix) with ESMTPS id 15ABF24010D for <54723@debbugs.gnu.org>; Mon, 11 Apr 2022 16:11:08 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1649686269; bh=QZ51usSpZo+MHPzGHa3FwjUAvDJo0YhPEfDya3teiqk=; h=From:To:Cc:Subject:Date:From; b=LKpph57GDQ6zOcZMvNEw8+MYUW961nDznhabxlOq5lHWEo2rfsTv/yePSV9x5oZjJ gxTqQuRDwZfpmnIMT2LEmU/g6j3LnJZwcXuUBHZARCntuYNxrIehs1ZENFDAFdd98e YPqmcFaNrZ2NZRAuguk7UufNYt9WpUJr8opxFuYotDddPQlhAOkujSUw93xsqsQsuM Oyyw2Os1DJNm4D8An373Pp3/zrxX0b1mYFS2InrG2Gus9jaNCqoN2JhdCRtvXJSGhy vXhWAyfDoHV8o/dYCNORZH7y9+vkTJASuZcQiE5uJ3armgq19beR9FCoTKEBfUvDEX mSBjMN97yv6OQ== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4KcW3w0RY1z9rxW; Mon, 11 Apr 2022 16:11:07 +0200 (CEST) References: <87a6czbzvh.fsf@kitej> <877d83lapv.fsf@gnu.org> <875ynnbe65.fsf@kitej> <87pmlq6lqx.fsf_-_@gnu.org> <877d7ydjwk.fsf@kitej> From: Guillaume Le Vaillant Date: Mon, 11 Apr 2022 13:31:31 +0000 In-reply-to: <877d7ydjwk.fsf@kitej> Message-ID: <87wnfv90cl.fsf@kitej> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1649686778; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post: dkim-signature; bh=Ag726MnrnrPh1eAcc6PgBvFx90HqZG3L3/5Zrrff/ao=; b=c7POmZh3nWPZLMtaT6pKgA+B1WEwLaY2ZpxT3dwfSSEe86qCkOjmhI0DKtl6NrO3FYZBPV cQ+WmI+NNKCtRYCWgt6fwU62+6jNXRMFB3T5cTx84T45tHTbu46D5/b19n5R2NHttEvZoc E1bRnNzTOZW0UFkxmgPJlRNU/xo1RMDL2VKBi1QmxOZeQ6M9SqCOrO/2JjPdwuaHkx/I+i kdsF5QcOLpCbf0gBb1qp+t+WjPZfj/eOnrQjA9r48wHMWWOBv8i1y3a6qlFXjs9hxYXhtO /7Cjv5EHxXH0k3X1dx/72wMFqTpYG1JYpIGPCqKnL3tfIKTYcEDXggOalkzHOw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1649686778; a=rsa-sha256; cv=none; b=K40mNMmvlAiJK1e8w8s2neJvAL9laCPXskSvIzpX1hLLTlw2NlEgkld654gMA7XYz/U3WN LnK3zZVLqj1OsaYJ7sj9soOp9nCijyq4JMz28BZXLQ25fiOeR6k15UBIhIPovBBcIT4OuQ i3c3t/KuiCnp5r0t5HezFxRjOhb+Nr3+ZRrkT0c+ebw1/CDC6OigL0347I1AqTF7Da3iSk 0b2Ph3VH88Xgyy4rFsbJmr7Wykt1r+vHfga7IEZX43YbIJ1GPVEt+KlonwJR90OFr5hYDi uX8ejKgkVpLt9FNIfoSb+17PedB8Gyzpxm0PEr985kfn0A+xUBf0VObPwFcOYg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=posteo.net header.s=2017 header.b=LKpph57G; dmarc=fail reason="SPF not aligned (strict)" header.from=posteo.net (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 4.33 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=posteo.net header.s=2017 header.b=LKpph57G; dmarc=fail reason="SPF not aligned (strict)" header.from=posteo.net (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 425A08ACE X-Spam-Score: 4.33 X-Migadu-Scanner: scn0.migadu.com X-TUID: 42kV+kfC3EZ8 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Guillaume Le Vaillant skribis: > There are 2 errors that occur a lot in the guix-publish log files: > > - "In procedure fport_write: Broken pipe" > It happens when trying to write to a socket apparently. > > - "In procedure sign: gcrypt: Cannot allocate memory" > The machine has 64 GiB of RAM, of which at least 50 GiB is free, so > gcrypt should have enough to make a signature... I captured the network traffic between the "guix publish" server and a "guix upgrade" client to see if the "broken pipe" errors could come from real networking issues. According to wireshark the problem doesn't come from there, the TCP stream didn't have any error. However, looking at the full TCP stream in wireshark I saw that the "guix publish" server sends some bad narinfo responses. Sometimes some parts of the response are missing (here, Signature incomplete, URL and Compression fields missing): =2D-8<---------------cut here---------------start------------->8--- HTTP/1.1 200 OK Content-Length: 959 Content-Type: application/x-nix-narinfo;charset=3DUTF-8 StorePath: /gnu/store/dxpaqmix7zixm8pwcvvmq8q969q50jpp-pngload-2.0.0-2.91f1= d70-checkout NarHash: sha256:0s94fdbrbqj12qvgyn2g4lfwvz7qhhzbclrpz5ni7adwxgrmvxl1 NarSize: 245224 References:=20 Deriver: ybdimrfjs090kzmimf5j1x5hs8y4d24p-pngload-2.0.0-2.91f1d70-checkout.= drv Signature: 1;kitej;KHNpZ25hdHVyZSAKIChkYXRhIAogIChmbGFncyByZmM2OTc5KQogICho= YXNoIHNoYTI1NiAjNDY3NDk2RTJEOTZBMzc0QzFGN0M1MzJCNjc3MTM1NzVFOTkyRjQ0Qzc3MzQ= wRDUwQTcyRTkyMDJGRURDQkQxMyMpCiAgKQogKHNpZy12YWwgCiAgKGVjZHNhIAogICAociAjMD= ZEQTAwMkQyNjE3MEQ3ODVDNkM3NkMyMUEwM0UzNDlCMkUwMDc4MTUyQzFBQURFNjhFMEZGOUJDR= kUyMUFDNSMpCiAgIChzICMwNjNDM0UyNjg2MEU2OTIzNDdEMjNGNTQ4RUM3RDJGRUZGQjc0Q0I4= NjNEMjlDMUE3QjA4REFCQjEzQjZDRjAxIykKICAgKQogICkKIChwdWJsaWMta2V5IAogIC =2D-8<---------------cut here---------------end--------------->8--- Sometimes the response looks like almost complete garbage: =2D-8<---------------cut here---------------start------------->8--- HTTP/1.1 200 OK Content-Length: 970 Content-Type: application/x-nix-narinfo;charsetcharsetHTTP/=3DUTF-8 1 1 1 .S =2D-8<---------------cut here---------------end--------------->8--- When the client receives these bad narinfos, it often makes it crash with errors like: - Wrong type (expecting exact integer): #f - unmatched line "1\r" - Wrong type argument in position 1 (expecting pair): () So it looks like the broken pipe problem comes from the "guix publish" server, or from Guile... And making the code reconstructing narinfos from HTTP responses more robust in case of bad input would be useful. --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIUEAREKAC0WIQTLxZxm7Ce5cXlAaz5r6CCK3yH+PwUCYlQ2+g8cZ2x2QHBvc3Rl by5uZXQACgkQa+ggit8h/j+M5AD+N63kh7hCuBNzyKtnlmunk6FIsv0lrnvQvH9K ER1LZH4A/jPLvyEzcUq9MDLfg2xD69YBUorxzncfB0t4lOpiKVZa =6EVZ -----END PGP SIGNATURE----- --=-=-=--