Glance

Signature verification failure leads to saving image

Bug #1595467 reported by Niall Bunting
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Glance
Invalid
Undecided
Niall Bunting

Bug Description

Overview:
When signature verification fails it can cause a 500 error. This causes the image to become stuck in the saving state.

What should happen is that it returns a 40? and the image is put into the deleted state.

Reproducing:

glance image-create --name mySignedImage --container-format bare --disk-format qcow2 --property img_signature="WRONG SIGNATURE" --property img_signature_certificate_uuid="$cert_uuid" --property img_signature_hash_method='SHA-256' --property img_signature_key_type='RSA-PSS' < myimage
+--------------------------------+--------------------------------------+
| Property | Value |
+--------------------------------+--------------------------------------+
| checksum | None |
| container_format | bare |
| created_at | 2016-06-23T09:46:34Z |
| disk_format | qcow2 |
| id | f0839709-4ff6-4291-9997-a4d387e20582 |
| img_signature | |
| img_signature_certificate_uuid | cd7cc675-e573-419c-8fff-33a72734a243 |
| img_signature_hash_method | SHA-256 |
| img_signature_key_type | RSA-PSS |
| min_disk | 0 |
| min_ram | 0 |
| name | mySignedImage |
| owner | 7f065427534f49ab97a0b68ecc73fd07 |
| protected | False |
| size | None |
| status | queued |
| tags | [] |
| updated_at | 2016-06-23T09:46:34Z |
| virtual_size | None |
| visibility | private |
+--------------------------------+--------------------------------------+
500 Internal Server Error
The server has either erred or is incapable of performing the requested operation.
    (HTTP 500)

nib@work-devstack:/tmp/testtmp/nest$ glance image-show f0839709-4ff6-4291-9997-a4d387e20582
+--------------------------------+--------------------------------------+
| Property | Value |
+--------------------------------+--------------------------------------+
| checksum | None |
| container_format | bare |
| created_at | 2016-06-23T09:46:34Z |
| disk_format | qcow2 |
| id | f0839709-4ff6-4291-9997-a4d387e20582 |
| img_signature | |
| img_signature_certificate_uuid | cd7cc675-e573-419c-8fff-33a72734a243 |
| img_signature_hash_method | SHA-256 |
| img_signature_key_type | RSA-PSS |
| min_disk | 0 |
| min_ram | 0 |
| name | mySignedImage |
| owner | 7f065427534f49ab97a0b68ecc73fd07 |
| protected | False |
| size | None |
| status | saving |
| tags | [] |
| updated_at | 2016-06-23T09:46:34Z |
| virtual_size | None |
| visibility | private |
+--------------------------------+--------------------------------------+

Console:
2016-06-23 09:46:35.619 TRACE glance.common.wsgi _('Signature verification failed')
2016-06-23 09:46:35.619 TRACE glance.common.wsgi SignatureVerificationError: Signature verification failed
2016-06-23 09:46:35.619 TRACE glance.common.wsgi

Niall Bunting (niall-bunting)
Changed in glance:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.