我有一个唐服务器(U形夹/唐)在 Linux 容器(LXD)中。
根据 tangd.socket 配置,tangd 服务器在通过 TCP 端口 80 接收连接时启动:
root@tang2:~# systemctl cat tangd.socket
# /lib/systemd/system/tangd.socket
[Unit]
Description=Tang Server socket
Requires=tangd-update.service
Requires=tangd-update.path
After=tangd-update.service
[Socket]
ListenStream=80
Accept=true
[Install]
WantedBy=multi-user.target
连接时,服务器启动,但由于分段错误而立即被终止:
Jan 21 16:10:19 tang2 systemd[1]: Started Tang Server (10.0.0.122:50186).
Jan 21 16:10:19 tang2 systemd[1]: [email protected]:80-10.0.0.122:50186.service: Main process exited, code=killed, status=11/SEGV
Jan 21 16:10:19 tang2 systemd[1]: [email protected]:80-10.0.0.122:50186.service: Failed with result 'signal'.
在我看来,容器有足够的可用内存:
root@tang2:~# free -h
total used free shared buff/cache available
Mem: 7.8Gi 32Mi 7.6Gi 6.0Mi 184Mi 7.8Gi
Swap: 0B 0B 0B
更多信息:
root@tang2:~# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 31790
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1048576
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) unlimited
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
SO 是 Debian Linux 10 (Buster)
root@tang2:~# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
唐包信息:
Package: tang
Version: 7-1+deb10u1
State: installed
Automatically installed: no
Priority: optional
Section: net
Maintainer: Christoph Biedl <[email protected]>
Architecture: amd64
Uncompressed Size: 66.6 k
Depends: libc6 (>= 2.8), libhttp-parser2.8 (>= 2.1), libjansson4 (>= 2.10~), libjose0 (>= 10), jose
Description: network-based cryptographic binding server
Tang is a service for binding cryptographic keys to network presence. It offers a secure, stateless, anonymous
alternative to key escrow services.
Homepage: https://github.com/latchset/tang
root@tang2:~# ldd /usr/lib/x86_64-linux-gnu/tangd
linux-vdso.so.1 (0x00007fffb88f6000)
libjose.so.0 => /usr/lib/x86_64-linux-gnu/libjose.so.0 (0x00007f1df6639000)
libjansson.so.4 => /usr/lib/x86_64-linux-gnu/libjansson.so.4 (0x00007f1df662a000)
libhttp_parser.so.2.8 => /usr/lib/x86_64-linux-gnu/libhttp_parser.so.2.8 (0x00007f1df661f000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1df645e000)
libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007f1df6175000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007f1df5f57000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f1df5f34000)
/lib64/ld-linux-x86-64.so.2 (0x00007f1df6864000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f1df5f2f000)
我尝试使用 telnet 连接到 tang 服务器并 strace 服务器:
root@tang2:~# telnet localhost 80
Trying ::1...
Connected to localhost.
Escape character is '^]'.
GET /adv HTTP/1.0
Connection closed by foreign host.
这是 strace 输出:
root@tang2:~# ps ax|grep tang
995 ? Ss 0:00 /usr/lib/x86_64-linux-gnu/tangd /var/cache/tang
997 pts/2 S+ 0:00 grep tang
root@tang2:~# strace -f -p 995
strace: Process 995 attached
read(0, "GET /adv HTTP/1.0\r\n", 4095) = 19
--- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=NULL} ---
+++ killed by SIGSEGV +++
你知道tangd服务器为什么被杀吗?
这是来自正在运行的 tang 服务器的跟踪:
read(0, "GET /adv HTTP/1.0\r\n", 4095) = 19
read(0, "\r\n", 4095) = 2
write(2, "::1 GET /adv", 12) = 12
open("/var/cache/tang/default.jws", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=956, ...}) = 0
fstat(3, {st_mode=S_IFREG|0644, st_size=956, ...}) = 0
read(3, "{\"payload\":\"eyJrZXlzIjpbeyJhbGci"..., 4096) = 956
write(2, " => 200 (src/tangd.c:85)\n", 25) = 25
fstat(1, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lseek(1, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(1, "HTTP/1.1 200 OK\r\n", 17) = 17
fstat(1, {st_mode=S_IFSOCK|0777, st_size=0, ...}) = 0
lseek(1, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek)
write(1, "Content-Type: application/jose+j"..., 1016) = 1016
close(3) = 0
read(0, "\r\n", 4095) = 2
read(0, "", 4095) = 0
exit_group(0) = ?
+++ exited with 0 +++
问候,
答案1
好的,所以我将系统从 Buster 更新为 Bullseye,tangd 服务器开始工作。也许Buster tangd的上一个版本存在一些错误。