Package: tang Version: 6-1 Severity: important Dear Maintainer,
when tang is first started, implicitely via advertisement query, it generates an initial advertisement. This is triggered by a clevis call, or manually via a HTTP request such as: $ curl http://localhost/adv {"payload":"eyJrZXlzIjpbeyJhbGciOiJFUzUxMiIsImNydiI6IlAtNTIxIiwia2V5X29wcyI6WyJ2ZXJpZnkiXSwia3R5IjoiRUMiLCJ4IjoiQUNhMmpsZkE3alRBWlFqcnJSRXNMWlR2NFZJVFR2aElaOTFleG1SakloLTRuVGJsd0ZZZzhDLVlDdXVWeU9jZ0FkWS1kWVgzRHlfYWhfVEtPU29VMjVPNSIsInkiOiJBUW12QUZIUXF2d2hxOUFBcUJjRVplNGd0RjlYcGVxWm1YaFg1WDF4ZjdmWFBjbURWaUJCalhLVmx2NXBjekhqaE9oSDRBTkV0VExwNThzbDlUWm9pb2hhIn0seyJhbGciOiJFQ01SIiwiY3J2IjoiUC01MjEiLCJrZXlfb3BzIjpbImRlcml2ZUtleSJdLCJrdHkiOiJFQyIsIngiOiJBQ2hEZVoydGhfQlVRUTNIYXpiUzB6Nkx4QkFpbUt2dUhJcllNU3I1ejhZdVZWOENlZGtiS0RMZG83N29oWktETXlGX204SFhYOXZEMkFSOGQ4dUpPdTA0IiwieSI6IkFINHFHSkg1ZlloWExLOHVueE1TeWFndTFhMmJWUDNmc2l1RnJfdm9oZk5EWms2TkljT3d1NDdtSjZ6WllBNFNnQzJuMVBDVzR6ZklfYXlTaTNlTXVpU08ifV19",{"protected":"eyJhbGciOiJFUzUxMiIsImN0eSI6Imp3ay1zZXQranNvbiJ9","signature":"AUj7ceNoJCzk0dIYYEOH7zws8pgxn5CmUBOE__JxDFkTMuBGrAS_iFxRiD3-064ZdgotXuLexAWaoTkHgkFiRJY6AYKdGfc9ODkr9tSdEp5QrrU2YJukBWnwOiqYuo8rbgPOHbZgWCfy54bGy4JA5CukS05NU9lUwjF7kIKjs2fm2-KI"}} But as you can see (and verify via JSON parser, e.g., jshon), this is invalid JSON. This leads to clevis giving errors, e.g. $ clevis encrypt tang '{"url":"http://localhost"}' < PLAINTEXT.txt > JWE.txt Invalid json! ... $ clevis luks bind -d /dev/sda5 '{"url":"http://localhost"}' Invalid json! ... Looks like this is created as /var/cache/tang/default.jws by /usr/lib/x86_64-linux-gnu/tangd-update Best regards, Roland -- System Information: Debian Release: 9.3 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
