Bug 1703445

Summary: tang provides wrong adv - signature generation issue
Product: Red Hat Enterprise Linux 7 Reporter: Martin Zelený <mzeleny>
Component: tangAssignee: Sergio Correia <scorreia>
Status: CLOSED ERRATA QA Contact: Martin Zelený <mzeleny>
Severity: medium Docs Contact: Jan Fiala <jafiala>
Priority: low    
Version: 7.7CC: dapospis, jafiala, lvrabec, mtowey, scorreia, tjaros
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: tang-6-2.el7 Doc Type: Bug Fix
Doc Text:
.Tang reliably updates its cache When the Tang application generates its keys, for example, at first installation, Tang updates its cache. Previously, this process was unreliable, and the application cache did not update correctly to reflect Tang keys. This caused problems with using a Tang pin in Clevis, with the client displaying the error message `Key derivation key not available`. With this update, key generation and cache update logic was moved to Tang, removing the file watching dependency. As a result, the application cache remains in a correct state after cache update.
 Story Points: ---
Clone Of: 1679186 Environment:
Last Closed: 2020-09-29 20:08:34 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1679186, 1714674    
Bug Blocks:    

Description Martin Zelený 2019-04-26 12:45:40 UTC 
Cloning bug also for RHEL-7.7. Found by TR#357809 (BaseOS / Tier 1 / Security / RHEL7.7 on RHEL-7.7-20190424.0 / Alpha-1.0). Observed only on s390x.

The clevis part is not fixed on RHEL-7.7 (no error message output).

+++ This bug was initially created as a clone of Bug #1679186 +++

This is the tang part of bug 1650246. The clevis part is already fixed, but the problem stays on tang side. It's connected with upstream issue "Using file watching to update /var/cache/tang is unreliable #23" [1]

[1] https://github.com/latchset/tang/issues/23
Comment 2 Sergio Correia 2019-10-02 12:44:50 UTC 
*** Bug 1746518 has been marked as a duplicate of this bug. ***
Comment 3 Martin Zelený 2019-10-08 13:20:12 UTC 
Triaged, scoped. Removed HW spec. It's not HW specific.
Comment 4 Sergio Correia 2020-03-16 12:20:59 UTC 
*** Bug 1698552 has been marked as a duplicate of this bug. ***
Comment 14 errata-xmlrpc 2020-09-29 20:08:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (tang bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3960