[tahoe-dev] ticket #1767 landed: cautions to take when upgrading

Brian Warner warner at lothar.com
Tue Mar 19 01:02:52 UTC 2013 

I just pushed the fix for ticket #1767 to the github master branch. This
changes the sequence number used for Introducer announcements to be a
small integer counter instead of a timestamp. If you have a grid running
on trunk now, you need to take some precautions as you upgrade across
this change. The previous release version (1.9.2, or 1.9.0 for that
matter) does not use sequence numbers or signed announcements, so
upgrading from 1.9.2 to 1.10 won't cause any problems. It's only folks
who have been running on trunk for the last few months that need to pay
attention.

The (signed) sequence number exists to prevent replay attacks: where an
evil introducer records an old announcement (say version 3), then waits
until the server publishes some new ones (say version 5), then plays
back the v3 message, in the hopes of tricking some client to revert to
the older data. Clients remember the last sequence number they saw, and
ignore inbound announcements unless the seqnum is higher than what they
remember.

Until twenty minutes ago, these seqnums were timestamps, like
1363654636.097981 (number of seconds since the epoch in 1970). With this
commit, they're small integers, starting with 1. If you have a client
running before the upgrade, it will remember a seqnum of 1.3 billion,
and if you upgrade the server while the client (and the introducer) are
still running, that client will ignore the "seqnum=1", "seqnum=2"
messages for a very very long time.

When upgrading across this change, you must:

* shut down the server that you're upgrading
* reboot the introducer: this makes it forget about your server
* reboot each client: they'll forget too
* restart your server with the new code

You can hold off rebooting the client until later, but it will probably
ignore updates from the server until it gets rebooted. If you don't
restart the introducer, the introducer will ignore updates from the
server (and won't deliver them to anyone else).

This ticket is one of the last three blockers for 1.10, so we're getting
close!

cheers,
 -Brian

More information about the tahoe-dev mailing list