-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/23/2012 07:04 AM, Paul Wouters wrote: > On Tue, 22 May 2012, Matthijs Mekking wrote: > >>> On restarting the signer I got : >>> >>> ods-signerd: signer/rrset.c:667: rrset_sign: assertion ctx >>> failed >> >> Do you also got this log message?: >> >> ods-signerd: [worker[1]] error creating libhsm context > > Yes I did. > >> I am not sure how to deal with a failing libhsm. We could abort >> the drudger, stop the signer, retry until eternity, ... > > There are still issues with running ods-hsmutil while opendnssec > is running. ods-hsmutil is used to get the current key ids out to > use for bind signing. But it seems to run into kasp.db locking > issues, and cause subsequent ods-hsmutil calls to hang as well. > > It wouls be nice if ods-ksmutil just failed, instead of blocked > forever. > > Perhaps it is possible to ask the enforced/signerd about the keys, > to avoid multiple apps needing to read the kasp.db, which it > apparently can't do very well?
This is unrelated to the creating libhsm context error. The signer does not access the kasp.db, that's the enforcer and ods-ksmutil. Best regards. Matthijs > > Paul -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPvJjYAAoJEA8yVCPsQCW5pjQIAJZVJHhUhZANktLxzWXjQnOP 0j4gWZQ76D3cgiSC/m1Er8sCRvlr3MwFISSZ0SumvwfjsmxytVlH8Q43wdbnZxaE IH7ItTd5SBEPjSjwIJmIYAwTkrMU+jlQkzYFAX0erkp34cwS9XH3XmgJ/pOEGhHW vbViuK0F846XRDxn9u6fapxcAvmHCpkbE3SFCz4/ojt5dHr9BxuL7Mr9B/MrxVuF Sgtl11C0Ra/L+5L3KUKNhI/AqXo+Xc8p47TsIFh5SEffOGdx4BJUhIWIZHVkb05g SXMRH77gmL2J8De4WfHp2T7J11B8Ws6COsRnqpHIVEuawFK4uTEEe8pefl3x9w4= =Nzw2 -----END PGP SIGNATURE----- _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
