Tangサーバーがあります(U字型クリップ/タン)Linuxコンテナ(LXD)から。
tangd.socket設定によると、tangdサーバーはTCPポート80を介して接続をリッスンしたときに起動されます。
root@tang2:~# systemctl cat tangd.socket
# /lib/systemd/system/tangd.socket
[Unit]
Description=Tang Server socket
Requires=tangd-update.service
Requires=tangd-update.path
After=tangd-update.service
[Socket]
ListenStream=80
Accept=true
[Install]
WantedBy=multi-user.target
接続するとサーバーが起動しますが、分割エラーのためすぐにシャットダウンされます。
Jan 21 16:10:19 tang2 systemd[1]: Started Tang Server (10.0.0.122:50186).
Jan 21 16:10:19 tang2 systemd[1]: [email protected]:80-10.0.0.122:50186.service: Main process exited, code=killed, status=11/SEGV
Jan 21 16:10:19 tang2 systemd[1]: [email protected]:80-10.0.0.122:50186.service: Failed with result 'signal'.
コンテナに十分な空きメモリがあるようです。
root@tang2:~# free -h
total used free shared buff/cache available
Mem: 7.8Gi 32Mi 7.6Gi 6.0Mi 184Mi 7.8Gi
Swap: 0B 0B 0B
追加情報:
root@tang2:~# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 31790
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1048576
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) unlimited
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
SOはDebian Linux 10(Buster)です。
root@tang2:~# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
タンバオ情報:
Package: tang
Version: 7-1+deb10u1
State: installed
Automatically installed: no
Priority: optional
Section: net
Maintainer: Christoph Biedl <[email protected]>
Architecture: amd64
Uncompressed Size: 66.6 k
Depends: libc6 (>= 2.8), libhttp-parser2.8 (>= 2.1), libjansson4 (>= 2.10~), libjose0 (>= 10), jose
Description: network-based cryptographic binding server
Tang is a service for binding cryptographic keys to network presence. It offers a secure, stateless, anonymous
alternative to key escrow services.
Homepage: https://github.com/latchset/tang
root@tang2:~# ldd /usr/lib/x86_64-linux-gnu/tangd
linux-vdso.so.1 (0x00007fffb88f6000)
libjose.so.0 => /usr/lib/x86_64-linux-gnu/libjose.so.0 (0x00007f1df6639000)
libjansson.so.4 => /usr/lib/x86_64-linux-gnu/libjansson.so.4 (0x00007f1df662a000)
libhttp_parser.so.2.8 => /usr/lib/x86_64-linux-gnu/libhttp_parser.so.2.8 (0x00007f1df661f000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1df645e000)
libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f1df6175000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f1df5f57000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f1df5f34000)
/lib64/ld-linux-x86-64.so.2 (0x00007f1df6864000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f1df5f2f000)
Telnetを使用してTangサーバーに接続し、サーバーを追跡してみました。
root@tang2:~# telnet localhost 80
Trying ::1...
Connected to localhost.
Escape character is '^]'.
GET /adv HTTP/1.0
Connection closed by foreign host.
これはトレース出力です。
root@tang2:~# ps ax|grep tang
995 ? Ss 0:00 /usr/lib/x86_64-linux-gnu/tangd /var/cache/tang
997 pts/2 S+ 0:00 grep tang
root@tang2:~# strace -f -p 995
strace: Process 995 attached
read(0, "GET /adv HTTP/1.0\r\n", 4095) = 19
--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} ---
+++ killed by SIGSEGV +++
tangdサーバーがなぜ死んだのか知っていますか?
以下は、実行中のTangサーバーのトレースです。
read(0, "GET /adv HTTP/1.0\r\n", 4095) = 19
read(0, "\r\n", 4095) = 2
write(2, "::1 GET /adv", 12) = 12
open("/var/cache/tang/default.jws", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=956, ...}) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=956, ...}) = 0
read(3, "{\"payload\":\"eyJrZXlzIjpbeyJhbGci"..., 4096) = 956
write(2, " => 200 (src/tangd.c:85)\n", 25) = 25
fstat(1, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lseek(1, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(1, "HTTP/1.1 200 OK\r\n", 17) = 17
fstat(1, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lseek(1, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(1, "Content-Type: application/jose+j"..., 1016) = 1016
close(3) = 0
read(0, "\r\n", 4095) = 2
read(0, "", 4095) = 0
exit_group(0) = ?
+++ exited with 0 +++
挨拶、
答え1
さて、私はシステムをBusterからBullseyeに更新し、tangdサーバーが動作し始めました。おそらく、以前のバージョンのBuster tangdにはいくつかのバグがあるかもしれません。