tiup icon indicating copy to clipboard operation
tiup copied to clipboard
verified publisher icon pingcap

SIGSEGV on tiup mirror renew with expired repo

Open borissavelev opened this issue 1 year ago • 5 comments

Bug Report

Please answer these questions before submitting your issue. Thanks!

  1. What did you do?

I have my own custom tiup local repository. Apparently, it expired and I wanted to renew a component.

tiup mirror set /Users/.../remote
tiup mirror renew alertmanager --days 365
  1. What did you expect to see?

Successful component renew

  1. What did you see instead?
tiup mirror renew alertmanager --days 365
read manifest from mirror(/Users/.../remote) failed: manifest timestamp.json has expired at: 2024-03-28T09:00:36+02:00
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x13d2e20]

goroutine 1 [running]:
github.com/pingcap/tiup/pkg/repository/v1manifest.(*Component).Base(0x49c7853411cd?)
        github.com/pingcap/tiup/pkg/repository/v1manifest/types.go:174
github.com/pingcap/tiup/pkg/repository/v1manifest.RenewManifest({0x182fe00, 0x0}, {0xc000241b98?, 0x1?, 0x1cd5720?}, {0xc000241b50, 0x1, 0x0?})
        github.com/pingcap/tiup/pkg/repository/v1manifest/manifest.go:420 +0x4c
github.com/pingcap/tiup/cmd.newMirrorRenewCmd.func1(0xc0002cb500?, {0xc0002ce5d0, 0x1, 0x172a6c7?})
        github.com/pingcap/tiup/cmd/mirror.go:371 +0x1b8
github.com/spf13/cobra.(*Command).execute(0xc0002cb500, {0xc0002ce570, 0x3, 0x3})
        github.com/spf13/[email protected]/command.go:916 +0x87c
github.com/spf13/cobra.(*Command).ExecuteC(0xc0002c4000)
        github.com/spf13/[email protected]/command.go:1044 +0x3a5
github.com/spf13/cobra.(*Command).Execute(...)
        github.com/spf13/[email protected]/command.go:968
github.com/pingcap/tiup/cmd.Execute()
        github.com/pingcap/tiup/cmd/root.go:238 +0x46
main.main()
        github.com/pingcap/tiup/main.go:21 +0xf
  1. What version of TiUP are you using (tiup --version)?
tiup --version                           
1.15.0 v1.15.0-nightly-1
Go Version: go1.21.8
Git Ref: master
GitHash: 6f016925ab0d259bb07657f5ab83f2a2d7ef5656

borissavelev avatar Apr 04 '24 06:04 borissavelev

This is coming from https://github.com/pingcap/tiup/blob/48f15f405450faf7d57136e629285724a0713cde/pkg/repository/v1manifest/types.go#L174

Maybe there is something wrong with the manifest and it is also not validated correctly.

dveeden avatar Apr 05 '24 10:04 dveeden

A failed attempt at reproducing this:

dvaneeden@dve-carbon:~$ tiup --version
1.15.0 tiup
Go Version: go1.21.8
Git Ref: v1.15.0
GitHash: 48f15f405450faf7d57136e629285724a0713cde
dvaneeden@dve-carbon:~$ tiup mirror show
https://tiup-mirrors.pingcap.com/
dvaneeden@dve-carbon:~$ tiup mirror clone /tmp/tiup-mirror -o linux -a amd64 --br v8.0.0
Start to clone mirror, targetDir is /tmp/tiup-mirror, source mirror is https://tiup-mirrors.pingcap.com/, selectedVersions are []
If this does not meet expectations, please abort this process, read `tiup mirror clone --help` and run again
Arch [amd64]
OS [linux]
br linux/amd64 selected version is v8.0.0
download https://tiup-mirrors.pingcap.com/br-v8.0.0-linux-amd64.tar.gz 82.32 MiB / 82.32 MiB 100.00% 137.89 MiB/s                                     
download https://tiup-mirrors.pingcap.com/tiup-linux-amd64.tar.gz 4.98 MiB / 4.98 MiB 100.00% ? MiB/s                                                 
dvaneeden@dve-carbon:~$ tiup mirror set /tmp/tiup-mirror
Successfully set mirror to /tmp/tiup-mirror
dvaneeden@dve-carbon:~$ tiup list --all
Available components:
Name  Owner    Description
----  -----    -----------
br    pingcap  TiDB/TiKV cluster backup restore tool.
dvaneeden@dve-carbon:~$ tiup mirror renew br --days 365
Error: invalid signature
dvaneeden@dve-carbon:~$ find /tmp/tiup-mirror
/tmp/tiup-mirror
/tmp/tiup-mirror/keys
/tmp/tiup-mirror/keys/19b723eb64b0075f-root.json
/tmp/tiup-mirror/keys/cfb7879f8d52e538-root.json
/tmp/tiup-mirror/keys/9ac341b84580326a-root.json
/tmp/tiup-mirror/keys/8ee224880571ef3f-index.json
/tmp/tiup-mirror/keys/e95c8a03d0778fc8-snapshot.json
/tmp/tiup-mirror/keys/17127065cfad4c94-timestamp.json
/tmp/tiup-mirror/keys/4c793e7bbaec350a-pingcap.json
/tmp/tiup-mirror/br-v8.0.0-linux-amd64.tar.gz
/tmp/tiup-mirror/tiup-linux-amd64.tar.gz
/tmp/tiup-mirror/1.index.json
/tmp/tiup-mirror/1.root.json
/tmp/tiup-mirror/root.json
/tmp/tiup-mirror/snapshot.json
/tmp/tiup-mirror/timestamp.json
/tmp/tiup-mirror/8512.br.json
/tmp/tiup-mirror/local_install.sh

dveeden avatar Apr 05 '24 10:04 dveeden

Most likely it fails because you don't have a private key to sign the repo.

I have my own private key for signing and custom components singed by this key.

Moreover, it fails with sigsegv only with expired signature

borissavelev avatar Apr 05 '24 10:04 borissavelev

Does the manifest for the component have a key with signed and subkeys for _type,spec_version,expires and version?

Like this:

$ jq '.signed._type' /tmp/tiup-mirror/8512.br.json 
"component"

If it can't work because of not having the right private key then it should report something like Error: invalid signature.

dveeden avatar Apr 05 '24 11:04 dveeden

Ok, I now get what's happening:

https://github.com/dveeden/tiup/blob/48f15f405450faf7d57136e629285724a0713cde/cmd/mirror.go#L361-L369

For the component it calls GetComponentManifest() which returns a component manifest and an error.

Then it checks if the error is caused by expiration via IsExpirationError(), which in this case is true. This means it just prints the error (which is in the output you shared) and continues.

However the manifest that GetComponentManifest() returned is then used in the call to RenewManifest(). However the problem with this is that GetComponentManifest() returns a nil manifest if it returns an error.

dveeden avatar Apr 05 '24 11:04 dveeden