https://github.com/osquery/osquery logo
Title
p

poisonous97

04/16/2020, 11:09 AM
i have your TUF server and when launcher auto update
{
  "caller": "handler.go:26",
  "err": "calling update: refreshing timestamp: signature validation failed for timestamp: signature threshold not met",
  "msg": "tuf updater returned",
  "severity": "info",
  "target": "linux/launcher-stable.tar.gz",
  "ts": "2020-04-16T11:08:24.056948287Z"
}
root@tuf:~# notary list kolide/launcher
NAME                            DIGEST                                                              SIZE (BYTES)    ROLE
----                            ------                                                              ------------    ----
linux/launcher-stable.tar.gz    64b082abdaa08816ad152c7aa0a93ff46fa0bc9514a6c50027e30d764006a00b    19650560        targets
root@tuf:~# curl -k <https://notary-server/v2/kolide/launcher/_trust/tuf/timestamp.json> | python -m json.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   495  100   495    0     0  10102      0 --:--:-- --:--:-- --:--:-- 10102
{
    "signatures": [
        {
            "keyid": "a4a1366a42b9147d912dc8487cf7dbe0df6a3f1b29cd97ae38b6b735abd65833",
            "method": "ecdsa",
            "sig": "EF7raqAfQhHD0FzoA95yTbpGMYVlcl1AYTEIs88chG9ZDXZy01+4wPCLlHAP9xabjx8JvtTrEL7zgIR70wHskw=="
        }
    ],
    "signed": {
        "_type": "Timestamp",
        "expires": "2020-04-30T10:46:48.632270065Z",
        "meta": {
            "snapshot": {
                "hashes": {
                    "sha256": "SokOffmyJUs3Kwe9UJr2Slo08rHvEUmjNtAu4GQ8gzQ=",
                    "sha512": "LFCGNq6W/E405taTxuVMREExvTn/fIkb3SIAX5AZpKOYDZ3Aio4zHPEXaGQVriaKEreLRdBMCq9vjXa1mJlVSw=="
                },
                "length": 683
            }
        },
        "version": 1
    }
}
s

seph

04/16/2020, 5:30 PM
Hrm. Let me take a look
That is not my notary server. That notary server is misconfigured.
p

poisonous97

04/16/2020, 5:45 PM
I use docker-compose to build notary server then add GUN, target public
I follow the doc in repo kolide/updater
Could you help me the problem?
It is my notary server. I build your notary server and upload package to my gcloud storage
s

seph

04/16/2020, 5:51 PM
I am not a notary export, to be honest, I’m often frustrated by it and trying to learn about it.
We do not have “a notary server”. Notary is it’s own tool. We probably have some docker images, but I would not recommend you use them.
I believe that error means you made a mistake dealing with your delegation keys. If you’re running your own, you also don’t need to use delegation keys.