The remote shell can mix up responses after an execution has been aborted
From #11832-note_3:
[...]
calling as amnesia: gpg --batch --list-keys '10CC5BC7'
Tor operation failed (Try 1 of 10) with:
Timeout::Error: try_for() timeout expired
Last ignored exception was: ExecutionFailedInVM: Command failed: gpg --batch --list-keys '10CC5BC7'
error code: 2
stderr: gpg: error reading key: public key not found
.
<false> is not true.
Forcing new Tor circuit...
calling as root: . /usr/local/lib/tails-shell-library/tor.sh && tor_control_send "signal NEWNYM"
call returned: [2, "", "gpg: error reading key: public key not found\n"]
When I fetch the "10CC5BC7" OpenPGP key using Seahorse # features/step_definitions/torified_gnupg.rb:154
Command failed: . /usr/local/lib/tails-shell-library/tor.sh && tor_control_send "signal NEWNYM"
error code: 2
stderr: gpg: error reading key: public key not found
.
<false> is not true. (ExecutionFailedInVM)
./features/support/helpers/vm_helper.rb:442:in `rescue in execute_successfully'
./features/support/helpers/vm_helper.rb:439:in `execute_successfully'
./features/support/helpers/misc_helpers.rb:94:in `force_new_tor_circuit'
./features/support/helpers/misc_helpers.rb:104:in `block in retry_tor'
./features/support/helpers/misc_helpers.rb:133:in `call'
./features/support/helpers/misc_helpers.rb:133:in `rescue in block in retry_action'
./features/support/helpers/misc_helpers.rb:125:in `block in retry_action'
./features/support/helpers/misc_helpers.rb:124:in `loop'
./features/support/helpers/misc_helpers.rb:124:in `retry_action'
./features/support/helpers/misc_helpers.rb:108:in `retry_tor'
./features/step_definitions/torified_gnupg.rb:172:in `/^I fetch the "([^"]+)" OpenPGP key using Seahorse( via the OpenPGP Applet)?$/'
features/torified_gnupg.feature:22:in `When I fetch the "10CC5BC7" OpenPGP key using Seahorse'
and look closer at:
calling as root: . /usr/local/lib/tails-shell-library/tor.sh && tor_control_send "signal NEWNYM"
call returned: [2, "", "gpg: error reading key: public key not found\n"]
I.e. the remote shell has mixup up the response from the gpg
call
earlier. That gpg
call was aborted (by a try_for
timeout) while it
was executing on the guest, before writing back the response. So our
remote shell is too simplistic here — we need an ID that ties a response
to a specific call.
Simple solution: when the client sends a request to the remote shell, except the command line it also sends an ID. The remote shell will put that ID on the response. Whenever the client reads a reponse it will drop those with unmatching ID (since they must have been aborted).
Feature Branch: test/11846-remote-shell-request-ids
Related issues
- Related to #10502 (closed)
- Related to #12040
Original created by @anonym on 11846 (Redmine)
Edited by intrigeri