commit 560d6cd671cb602a362ff491eefe9718ea66bea2 Author: Damian Johnson atagar@torproject.org Date: Wed Jul 16 09:41:48 2014 -0700

Noting the authority that's missing signatures

We recently had an issue where clock skew on urras resulted in consensuses missing signatures. DocTor made plenty of noise about this, but the messages didn't really help much in figuring out what was up since it didn't not *who's* consensus was missing the signatures. Including that in its notices...

NOTICE: Consensus belonging to urras was missing the following authority signatures: maatuska --- consensus_health_checker.py | 19 +++++++++++-------- data/consensus_health.cfg | 2 +- 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/consensus_health_checker.py b/consensus_health_checker.py index dd77c2a..e85ece1 100755 --- a/consensus_health_checker.py +++ b/consensus_health_checker.py @@ -410,27 +410,30 @@ def consensuses_have_same_votes(latest_consensus, consensuses, votes): def has_all_signatures(latest_consensus, consensuses, votes): "Check that the consensuses have signatures for authorities that voted on it."

- missing_authorities = set() + issues = []

- for consensus in consensuses.values(): - authority_signatures = set([authority.fingerprint for authority in consensus.directory_authorities]) - signature_signatures = set([sig.identity for sig in consensus.signatures]) + for consensus_of, consensus in consensuses.items(): + voting_authorities = set([authority.fingerprint for authority in consensus.directory_authorities]) + signing_authorities = set([sig.identity for sig in consensus.signatures]) + missing_authorities = set()

- for missing_signature in authority_signatures.difference(signature_signatures): + for missing_signature in voting_authorities.difference(signing_authorities): # Attempt to translate the missing v3ident signatures into authority # nicknames, falling back to just notifying of the v3ident if not found.

missing_authority = missing_signature

- for authority in directory_authorities().values(): + for authority in DIRECTORY_AUTHORITIES.values(): if authority.v3ident == missing_signature: missing_authority = authority.nickname break

missing_authorities.add(missing_authority)

- if missing_authorities: - return Issue(Runlevel.NOTICE, 'MISSING_SIGNATURE', authorities = ', '.join(missing_authorities)) + if missing_authorities: + issues.append(Issue(Runlevel.NOTICE, 'MISSING_SIGNATURE', consensus_of = consensus_of, authorities = ', '.join(missing_authorities))) + + return issues

def voting_bandwidth_scanners(latest_consensus, consensuses, votes): diff --git a/data/consensus_health.cfg b/data/consensus_health.cfg index f42ab30..2175d55 100644 --- a/data/consensus_health.cfg +++ b/data/consensus_health.cfg @@ -6,7 +6,7 @@ msg DIFFERENT_RECOMMENDED_VERSION => The following directory authorities recomme msg UNKNOWN_CONSENSUS_PARAMETERS => The following directory authorities set unknown consensus parameters: {parameters} msg MISMATCH_CONSENSUS_PARAMETERS => The following directory authorities set conflicting consensus parameters: {parameters} msg CERTIFICATE_ABOUT_TO_EXPIRE => The certificate of the following directory authority expires within the next {duration}: {authority} -msg MISSING_SIGNATURE => The signatures of the following, previously voting authorities are missing from at least one consensus: {authorities} +msg MISSING_SIGNATURE => Consensus belonging to {consensus_of} was missing the following authority signatures: {authorities} msg MISSING_BANDWIDTH_SCANNERS => The following directory authorities are not reporting bandwidth scanner results: {authorities} msg EXTRA_BANDWIDTH_SCANNERS => The following directory authorities were not expected to report bandwidth scanner results: {authorities} msg MISSING_VOTES => The consensuses downloaded from the following authorities are missing votes that are contained in consensuses downloaded from other authorities: {authorities}