Title
#kolide
p

poisonous97

04/16/2020, 11:09 AM
i have your TUF server and when launcher auto update
{
  "caller": "handler.go:26",
  "err": "calling update: refreshing timestamp: signature validation failed for timestamp: signature threshold not met",
  "msg": "tuf updater returned",
  "severity": "info",
  "target": "linux/launcher-stable.tar.gz",
  "ts": "2020-04-16T11:08:24.056948287Z"
}
11:10 AM
root@tuf:~# notary list kolide/launcher
NAME                            DIGEST                                                              SIZE (BYTES)    ROLE
----                            ------                                                              ------------    ----
linux/launcher-stable.tar.gz    64b082abdaa08816ad152c7aa0a93ff46fa0bc9514a6c50027e30d764006a00b    19650560        targets
11:11 AM
root@tuf:~# curl -k <https://notary-server/v2/kolide/launcher/_trust/tuf/timestamp.json> | python -m json.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   495  100   495    0     0  10102      0 --:--:-- --:--:-- --:--:-- 10102
{
    "signatures": [
        {
            "keyid": "a4a1366a42b9147d912dc8487cf7dbe0df6a3f1b29cd97ae38b6b735abd65833",
            "method": "ecdsa",
            "sig": "EF7raqAfQhHD0FzoA95yTbpGMYVlcl1AYTEIs88chG9ZDXZy01+4wPCLlHAP9xabjx8JvtTrEL7zgIR70wHskw=="
        }
    ],
    "signed": {
        "_type": "Timestamp",
        "expires": "2020-04-30T10:46:48.632270065Z",
        "meta": {
            "snapshot": {
                "hashes": {
                    "sha256": "SokOffmyJUs3Kwe9UJr2Slo08rHvEUmjNtAu4GQ8gzQ=",
                    "sha512": "LFCGNq6W/E405taTxuVMREExvTn/fIkb3SIAX5AZpKOYDZ3Aio4zHPEXaGQVriaKEreLRdBMCq9vjXa1mJlVSw=="
                },
                "length": 683
            }
        },
        "version": 1
    }
}
s

seph

04/16/2020, 5:30 PM
Hrm. Let me take a look
5:41 PM
That is not my notary server. That notary server is misconfigured.
p

poisonous97

04/16/2020, 5:45 PM
I use docker-compose to build notary server then add GUN, target public
5:46 PM
I follow the doc in repo kolide/updater
5:47 PM
Could you help me the problem?
5:49 PM
It is my notary server. I build your notary server and upload package to my gcloud storage
s

seph

04/16/2020, 5:51 PM
I am not a notary export, to be honest, I’m often frustrated by it and trying to learn about it.
5:51 PM
We do not have “a notary server”. Notary is it’s own tool. We probably have some docker images, but I would not recommend you use them.
5:52 PM
I believe that error means you made a mistake dealing with your delegation keys. If you’re running your own, you also don’t need to use delegation keys.