[tor-commits] [doctor/master] Check that authorities have the descriptors of each other

Sat Mar 24 22:07:57 UTC 2018

commit 6451efe53ed524df7a1aa0f4d866880a796f3133
Author: Damian Johnson <atagar at torproject.org>
Date:   Sat Mar 24 15:06:26 2018 -0700

    Check that authorities have the descriptors of each other
    
    Stem's integ tests ran into an issue where tor26 lacked moria1's server
    descriptor. Turns out this is a longstanding issue due to tor26 holding
    on to an outdated ed25519 key. Providing a notice for this.
---
 consensus_health_checker.py | 25 +++++++++++++++++++++++++
 data/consensus_health.cfg   |  1 +
 2 files changed, 26 insertions(+)

diff --git a/consensus_health_checker.py b/consensus_health_checker.py
index 72f50f9..13dddd4 100755
--- a/consensus_health_checker.py
+++ b/consensus_health_checker.py
@@ -315,6 +315,7 @@ def run_checks(consensuses, votes):
 
   checker_functions = (
     missing_latest_consensus,
+    missing_authority_descriptor,
     consensus_method_unsupported,
     different_recommended_client_version,
     different_recommended_server_version,
@@ -367,6 +368,30 @@ def missing_latest_consensus(latest_consensus, consensuses, votes):
     return Issue(runlevel, 'MISSING_LATEST_CONSENSUS', authorities = ', '.join(stale_authorities), to = stale_authorities)
 
 
+def missing_authority_descriptor(latest_consensus, consensuses, votes):
+  """
+  Check that each authority has server descriptors for the others. This arises
+  when authorities change their Ed25519 key, but others still have the old key
+  cached...
+
+    Mar 23 11:51:42.617 [warn] http status 400 ("Looks like your keypair has
+    changed? This authority previously recorded a different RSA identity for
+    this Ed25519 identity (or vice versa.) Did you replace or copy some of your
+    key files, but not the others? You should either restore the expected
+    keypair, or delete your keys and restart Tor to start your relay with a new
+    identity.") response from dirserver '199.58.81.140:80'. Please correct.
+  """
+
+  issues = []
+
+  for authority, vote in votes.items():
+    for peer in DIRECTORY_AUTHORITIES.values():
+      if peer.fingerprint not in vote.routers:
+        issues.append(Issue(Runlevel.WARNING, 'MISSING_AUTHORITY_DESC', authority = authority, peer = peer.nickname, to = authority))
+
+  return issues
+
+
 def consensus_method_unsupported(latest_consensus, consensuses, votes):
   "Checks that all of the votes support the present consensus method."
 
diff --git a/data/consensus_health.cfg b/data/consensus_health.cfg
index 326aa20..39aa2e5 100644
--- a/data/consensus_health.cfg
+++ b/data/consensus_health.cfg
@@ -2,6 +2,7 @@
 
 msg LATENCY => Downloading the consensus from {authority} took {time_taken}. Median download time is {median_time}: {authority_times}
 msg MISSING_LATEST_CONSENSUS => The consensuses published by the following directory authorities are more than one hour old and therefore not fresh anymore: {authorities}
+msg MISSING_AUTHORITY_DESC => {authority} is missing the server descriptor of {peer}
 msg CONSENSUS_METHOD_UNSUPPORTED => The following directory authorities do not support the consensus method that the consensus uses: {authorities}
 msg DIFFERENT_RECOMMENDED_VERSION => The following directory authorities recommend other {type} versions than the consensus: {differences}
 msg UNKNOWN_CONSENSUS_PARAMETERS => The following directory authorities set unknown consensus parameters: {parameters}

