Trying to register the same key twice results in a 500 error

Bug #1843825 reported by Daniel Manrique
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Snap Store Server
Confirmed
Medium
Unassigned

Bug Description

How to reproduce:

$ snapcraft create-key just-a-throwaway-key-i-will-never-use
...
$ snapcraft register-key just-a-throwaway-key-i-will-never-use
Registering key ...
Done. The key "just-a-throwaway-key-i-will-never-use" (19_X-nPQpWtxr40cSKtVgE2u-k9mpQQ7a6UjRPtX9VEoxg7TWVAEcuXLIMKiN6_X) may be used to sign your assertions.

(this creates an assertion for the key)

$ SNAPCRAFT_ENABLE_DEVELOPER_DEBUG=yes snapcraft register-key just-a-throwaway-key-i-will-never-use
Registering key ...

Enter your Ubuntu One e-mail address and password.
If you do not have an Ubuntu One account, you can create one at https://snapcraft.io/account
Email: (blahblahblah)
Password:
Calling https://dashboard.snapcraft.io/dev/api/acl/ with params None and headers {'User-Agent': 'snapcraft/3.8 Ubuntu/18.04 (amd64)', 'Accept': 'application/json'}
Calling https://login.ubuntu.com/api/v2/tokens/discharge with params None and headers {'Content-Type': 'application/json', 'User-Agent': 'snapcraft/3.8 Ubuntu/18.04 (amd64)', 'Accept': 'application/json'}
Second-factor auth: XXXXXXX
Calling https://dashboard.snapcraft.io/dev/api/acl/ with params None and headers {'User-Agent': 'snapcraft/3.8 Ubuntu/18.04 (amd64)', 'Accept': 'application/json'}
Calling https://login.ubuntu.com/api/v2/tokens/discharge with params None and headers {'Content-Type': 'application/json', 'User-Agent': 'snapcraft/3.8 Ubuntu/18.04 (amd64)', 'Accept': 'application/json'}
Calling https://dashboard.snapcraft.io/dev/api/account with params None and headers {'User-Agent': 'snapcraft/3.8 Ubuntu/18.04 (amd64)', 'Authorization': '<macaroon>', 'Accept': 'application/json'}
Calling https://dashboard.snapcraft.io/dev/api/account with params None and headers {'User-Agent': 'snapcraft/3.8 Ubuntu/18.04 (amd64)', 'Authorization': '<macaroon>', 'Accept': 'application/json'}
Registering key ...
Calling https://dashboard.snapcraft.io/dev/api/account with params None and headers {'User-Agent': 'snapcraft/3.8 Ubuntu/18.04 (amd64)', 'Authorization': '<macaroon>', 'Accept': 'application/json'}
Calling https://dashboard.snapcraft.io/dev/api/account/account-key with params None and headers {'Content-Type': 'application/json', 'User-Agent': 'snapcraft/3.8 Ubuntu/18.04 (amd64)', 'Authorization': '<macaroon>', 'Accept': 'application/json'}
Store error response: {'connection': <requests.adapters.HTTPAdapter object at 0x7fdbd96d7c18>, 'reason': 'Internal Server Error', 'raw': <urllib3.response.HTTPResponse object at 0x7fdbd9673da0>, '_next': None, 'elapsed': datetime.timedelta(0, 0, 378112), 'encoding': None, 'status_code': 500, 'url': 'https://dashboard.snapcraft.io/dev/api/account/account-key', '_content_consumed': True, '_content': b'{"error_list": [{"extra": {"assertion": "account-key-request"}, "code": "assertion-creation-failed", "message": "Failed to save account-key-request assertion for account_id Q8HSISyvcdrniz52oa8Qjh6HlZwv0wiT: invalid revision: could not add assertion (revision 0 is already the current revision)"}]}', 'request': <PreparedRequest [POST]>, 'headers': {'Content-Type': 'application/json', 'X-Cache': 'MISS from juju-4610b3-prod-mojo-ols-prod-scasnap-xenial-3', 'X-VCS-Revision': '38dc21a', 'Transfer-Encoding': 'chunked', 'Connection': 'close', 'Vary': 'Authorization,Accept-Language,Cookie', 'Date': 'Thu, 12 Sep 2019 19:45:17 GMT', 'Server': 'gunicorn/19.7.0', 'X-Request-Id': 'XXqgTH8AAQEAAHQMeV0AAABv1', 'Content-Language': 'en', 'X-View-Name': 'api-account-key', 'X-Cache-Lookup': 'MISS from juju-4610b3-prod-mojo-ols-prod-scasnap-xenial-3:3128', 'Strict-Transport-Security': 'max-age=2592000', 'ETag': '"bc78a45f5e3e273bcab4bc4e76956b48"', 'Via': '1.1 juju-4610b3-prod-mojo-ols-prod-scasnap-xenial-3 (squid/3.5.12)'}, 'history': [], 'cookies': <RequestsCookieJar[]>}
Sorry, an error occurred in Snapcraft:
The Snap Store encountered an error while processing your request: internal server error (code 500).
The operational status of the Snap Store can be checked at https://status.snapcraft.io/
Traceback (most recent call last):
  File "/snap/snapcraft/3440/bin/snapcraft", line 11, in <module>
    load_entry_point('snapcraft==3.8', 'console_scripts', 'snapcraft')()
  File "/snap/snapcraft/3440/lib/python3.5/site-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/snap/snapcraft/3440/lib/python3.5/site-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/snap/snapcraft/3440/lib/python3.5/site-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/snap/snapcraft/3440/lib/python3.5/site-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/snap/snapcraft/3440/lib/python3.5/site-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/snap/snapcraft/3440/lib/python3.5/site-packages/snapcraft/cli/assertions.py", line 74, in register_key
    snapcraft.register_key(key_name)
  File "/snap/snapcraft/3440/lib/python3.5/site-packages/snapcraft/_store.py", line 414, in register_key
    store.register_key(account_key_request)
  File "/snap/snapcraft/3440/lib/python3.5/site-packages/snapcraft/storeapi/_store_client.py", line 155, in register_key
    return self._refresh_if_necessary(self.sca.register_key, account_key_request)
  File "/snap/snapcraft/3440/lib/python3.5/site-packages/snapcraft/storeapi/_store_client.py", line 109, in _refresh_if_necessary
    return func(*args, **kwargs)
  File "/snap/snapcraft/3440/lib/python3.5/site-packages/snapcraft/storeapi/_sca_client.py", line 87, in register_key
    "Accept": "application/json",
  File "/snap/snapcraft/3440/lib/python3.5/site-packages/snapcraft/storeapi/_client.py", line 122, in post
    return self.request("POST", url, **kwargs)
  File "/snap/snapcraft/3440/lib/python3.5/site-packages/snapcraft/storeapi/_sca_client.py", line 51, in request
    response = super().request(*args, **kwargs)
  File "/snap/snapcraft/3440/lib/python3.5/site-packages/snapcraft/storeapi/_client.py", line 98, in request
    raise errors.StoreServerError(response)
snapcraft.storeapi.errors.StoreServerError: The Snap Store encountered an error while processing your request: internal server error (code 500).
The operational status of the Snap Store can be checked at https://status.snapcraft.io/
You can find the traceback in file '/tmp/tmpzyvvgjp_/trace.txt'.

Store-side, we bubble this as a 500. We could look into changing the result code into something snapcraft will show to the user in a more friendly manner; the problem here is that the existing key is already registered (the primary key for key assertions seems to be the key's sha384).

A workaround that totally sidesteps the issue is to create and register a different key; the best option, if the old key is still around, is to just use it to sign stuff, since it's already registered on the store.

Daniel Manrique (roadmr)
Changed in snapstore:
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Tong-Wook Shinn (tshinn) wrote :

Looks like this bug has been fixed:

tshinn@ubuntu-vm:~$ snapcraft register-key test-key
Enter your Ubuntu One e-mail address and password.
If you do not have an Ubuntu One account, you can create one at https://snapcraft.io/account
Email: <email address hidden>
Password:
Second-factor auth: xxxxxx
Registering key ...
Key registration failed: This account-key-request is already registered. This means that the account-key is likely already registered. If not then the solution might be to register a different key or to try sending a newer revision of the account-key-request for this key: invalid revision: could not add assertion (revision 0 is already the current revision)
tshinn@ubuntu-vm:~$

But the error message could be improved: "This account-key-request is already registered. This means that the account-key is likely already registered."

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.