Home Explore Help
Sign In
diogo
/
gnu-social
Watch 19
Star 39
Fork 35
Files Issues 116 Pull Requests 5 Wiki
Labels Milestones
New Issue

#266 persistent "ActivityPub Inbox: HTTP Signature: Invalid signature" after temporarily turning on "sessions" and "sessions debugging"

Open
opened 3 years ago by Gijs · 2 comments
Gijs commented 3 years ago

On Wed Dec 15 (at 10:39, Apache error logs show) I tried out "sessions" and "sessions debugging" (available to the admin in "your_site"/panel/sessions).

Session debugging did not work: logs filled with this message:

"PHP Warning: fopen(errors.txt): failed to open stream: Permission denied in /var/www/gnu-social/lib/util/util.php on line 186"

So I turned-off sessions on Fri Dec 17 (at 10:24).

However, that same Wednesday - and just after 10:36 - gnu-social started throwing this error for all but two of the folks I subscribe to:

POST /index.php/inbox.json] ActivityPub Inbox: HTTP Signature: Invalid signature.

In many (but not all) cases this is preceded by:

"index.php/inbox.json] An error ocurred while grabbing remote avatar[File] DB_DataObject error []: MDB2 Error: constraint violation"

I've run fix_subscriptions.php -a -i 1 to no avail. I've added other persons to my subscription lists, but their posts also don't show up.

I don't see anything in the logs that points to a connection between sessions and signature validation. I also don't understand why some posts get through (it's someone I started following when sessions was running, on December 16).

To make things even more complicated: I was running Version 2 Nightly. But Aab, who has been very helpful tracking down /this/ issue, told me to switch to Master. I've been on Master since Dec 23.

On Wed Dec 15 (at 10:39, Apache error logs show) I tried out "sessions" and "sessions debugging" (available to the admin in "your_site"/panel/sessions). Session debugging did not work: logs filled with this message: "PHP Warning: fopen(errors.txt): failed to open stream: Permission denied in /var/www/gnu-social/lib/util/util.php on line 186" So I turned-off sessions on Fri Dec 17 (at 10:24). However, that same Wednesday - and just after 10:36 - gnu-social started throwing this error for all but two of the folks I subscribe to: POST /index.php/inbox.json] ActivityPub Inbox: HTTP Signature: Invalid signature. In many (but not all) cases this is preceded by: "index.php/inbox.json] An error ocurred while grabbing remote avatar[File] DB_DataObject error []: MDB2 Error: constraint violation" I've run fix_subscriptions.php -a -i 1 to no avail. I've added other persons to my subscription lists, but their posts also don't show up. I don't see anything in the logs that points to a connection between sessions and signature validation. I also don't understand why some posts get through (it's someone I started following when sessions was running, on December 16). To make things even more complicated: I was running Version 2 Nightly. But Aab, who has been very helpful tracking down /this/ issue, told me to switch to Master. I've been on Master since Dec 23.
aab commented 3 years ago

More info:

  • The "fopen" error is in https://notabug.org/diogo/gnu-social/src/master/lib/util/util.php#L1866 (not line 186). It seems like ownership issues, but Gijs checked and the log file (error.txt) was owned by www-data.
  • I suggested the fix_subscriptions script as it seems an issue with ActivityPub federation; OStatus seems to be working fine (see https://post.hillenius.net/gijs/all)
  • I've seen the "Invalid signature" error (far less than before the fix in #104), but I thought it was because non-logged visits or -really- invalid signatures. I've just searched, and indeed, many are preceded by the error Gijs says. An example:

2021-12-27 23:59:12 LOG_INFO: [khp.ignorelist.com:2559797.b1d830b9 POST /inbox.json] HTTPClient: HTTP GET https://mastodont.cat/users/nan - 200 OK 2021-12-27 23:59:12 LOG_DEBUG: [khp.ignorelist.com:2559797.b1d830b9 POST /inbox.json] ActivityPub Explorer: Found a valid remote actor for https://mastodont.cat/users/nan 2021-12-27 23:59:12 LOG_DEBUG: [khp.ignorelist.com:2559797.b1d830b9 POST /inbox.json] Updating local Profile:4394 from remote ActivityPub profile 2021-12-27 23:59:12 LOG_DEBUG: [khp.ignorelist.com:2559797.b1d830b9 POST /inbox.json] ActivityPub Explorer: Started grabbing remote avatar from: https://mastodont.cat/system/accounts/avatars/000/051/457/origi> 2021-12-27 23:59:12 LOG_DEBUG: [khp.ignorelist.com:2559797.b1d830b9 POST /inbox.json] Performing HEAD request for incoming activity to avoid unnecessarily downloading too large files. URL: https://mastodont.c> 2021-12-27 23:59:13 LOG_INFO: [khp.ignorelist.com:2559797.b1d830b9 POST /inbox.json] HTTPClient: HTTP HEAD https://mastodont.cat/system/accounts/avatars/000/051/457/original/d9209fa51e20541f.png - 200 OK 2021-12-27 23:59:13 LOG_INFO: [khp.ignorelist.com:2559797.b1d830b9 POST /inbox.json] HTTPClient: HTTP GET https://mastodont.cat/system/accounts/avatars/000/051/457/original/d9209fa51e20541f.png - 200 OK 2021-12-27 23:59:13 LOG_DEBUG: [khp.ignorelist.com:2559797.b1d830b9 POST /inbox.json] An error ocurred while grabbing remote avatar[File] DB_DataObject error []: MDB2 Error: constraint violation 2021-12-27 23:59:13 LOG_DEBUG: [khp.ignorelist.com:2559797.b1d830b9 POST /inbox.json] ActivityPub Inbox: HTTP Signature: Invalid signature. 2021-12-27 23:59:20 LOG_DEBUG: [khp.ignorelist.com:2559798.f643ff41 POST /inbox.json] ActivityPub Inbox: Received a POST request.

Anyway, I remembered about the MDB2 Error: #220

  • Diogo checked some days ago about "sessions" and it seems it is not related to this bug, but anyway, it does not hurt to try. I'm disabling them on my server for today, and will add more info tomorrow.
More info: - The "fopen" error is in https://notabug.org/diogo/gnu-social/src/master/lib/util/util.php#L1866 (not line 186). It seems like ownership issues, but Gijs checked and the log file (error.txt) was owned by www-data. - I suggested the fix_subscriptions script as it seems an issue with ActivityPub federation; OStatus seems to be working fine (see https://post.hillenius.net/gijs/all) - I've seen the "Invalid signature" error (far less than before the fix in https://notabug.org/diogo/gnu-social/issues/104), but I thought it was because non-logged visits or -really- invalid signatures. I've just searched, and indeed, many are preceded by the error Gijs says. An example: 2021-12-27 23:59:12 LOG_INFO: [khp.ignorelist.com:2559797.b1d830b9 POST /inbox.json] HTTPClient: HTTP GET https://mastodont.cat/users/nan - 200 OK 2021-12-27 23:59:12 LOG_DEBUG: [khp.ignorelist.com:2559797.b1d830b9 POST /inbox.json] ActivityPub Explorer: Found a valid remote actor for https://mastodont.cat/users/nan 2021-12-27 23:59:12 LOG_DEBUG: [khp.ignorelist.com:2559797.b1d830b9 POST /inbox.json] Updating local Profile:4394 from remote ActivityPub profile 2021-12-27 23:59:12 LOG_DEBUG: [khp.ignorelist.com:2559797.b1d830b9 POST /inbox.json] ActivityPub Explorer: Started grabbing remote avatar from: https://mastodont.cat/system/accounts/avatars/000/051/457/origi> 2021-12-27 23:59:12 LOG_DEBUG: [khp.ignorelist.com:2559797.b1d830b9 POST /inbox.json] Performing HEAD request for incoming activity to avoid unnecessarily downloading too large files. URL: https://mastodont.c> 2021-12-27 23:59:13 LOG_INFO: [khp.ignorelist.com:2559797.b1d830b9 POST /inbox.json] HTTPClient: HTTP HEAD https://mastodont.cat/system/accounts/avatars/000/051/457/original/d9209fa51e20541f.png - 200 OK 2021-12-27 23:59:13 LOG_INFO: [khp.ignorelist.com:2559797.b1d830b9 POST /inbox.json] HTTPClient: HTTP GET https://mastodont.cat/system/accounts/avatars/000/051/457/original/d9209fa51e20541f.png - 200 OK 2021-12-27 23:59:13 LOG_DEBUG: [khp.ignorelist.com:2559797.b1d830b9 POST /inbox.json] An error ocurred while grabbing remote avatar[File] DB_DataObject error []: MDB2 Error: constraint violation 2021-12-27 23:59:13 LOG_DEBUG: [khp.ignorelist.com:2559797.b1d830b9 POST /inbox.json] ActivityPub Inbox: HTTP Signature: Invalid signature. 2021-12-27 23:59:20 LOG_DEBUG: [khp.ignorelist.com:2559798.f643ff41 POST /inbox.json] ActivityPub Inbox: Received a POST request. Anyway, I remembered about the MDB2 Error: https://notabug.org/diogo/gnu-social/issues/220 - Diogo checked some days ago about "sessions" and it seems it is not related to this bug, but anyway, it does not hurt to try. I'm disabling them on my server for today, and will add more info tomorrow.
aab commented 3 years ago

Well, after almost a day running without having "sessions" activated, the "Invalid signature" and the "MDB2 Error: constraint violation" errors are about the same as having it on. So, not sure that it is related, but anyway, we have one (or more) bugs here.

Well, after almost a day running without having "sessions" activated, the "Invalid signature" and the "MDB2 Error: constraint violation" errors are about the same as having it on. So, not sure that it is related, but anyway, we have one (or more) bugs here.
Sign in to join this conversation.
Labels
Clear labels
bounty bug duplicate enhancement help wanted invalid question RFC v3 wontfix
No Label
bounty
bug
duplicate
enhancement
help wanted
invalid
question
RFC
v3
wontfix
Milestone
Clear milestone
No Milestone
Assignee
Clear assignee
No assignee
2 Participants
Write Preview
Loading...
Cancel
Save
There is no content yet.