From 9bcd874fc3f83e2517f89db122ed49cad4e9e599 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Fri, 27 Jan 2017 18:49:37 -0500 Subject: Accumulate primary keys instead of objects to work around Django caching. This is nasty, and I still don't entirely understand it why this was happening. We collect ca_detail objects during bulk ROA processing, so that we can defer manifest and CRL updates until the end of the batch. Somehow, Django's caching code was causing the parent CA's issued serial number to roll back as part of this caching, which caused us to reuse serial numbers. Which is (very) bad. Replacing the collection of ca_detail objects with a collection of primary key values for those same ca_detail objects seems to have worked, presumably because it lets us force creation of a new queryset when it's time for us to process the relevant ca_detail objects. The question is how many other booby traps like this might be lurking. --- rpki/rpkid_tasks.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/rpki/rpkid_tasks.py b/rpki/rpkid_tasks.py index 7137c973..a39b0a82 100644 --- a/rpki/rpkid_tasks.py +++ b/rpki/rpkid_tasks.py @@ -431,7 +431,7 @@ class UpdateROAsTask(AbstractTask): roa = roas.pop(0) try: roa.update(publisher = publisher) - ca_details.add(roa.ca_detail) + ca_details.add(roa.ca_detail.pk) except rpki.exceptions.NoCoveringCertForROA: logger.warning("%r: No covering certificate for %r, skipping", self, roa) except: @@ -440,13 +440,13 @@ class UpdateROAsTask(AbstractTask): if not postponing: for roa in orphans: try: - ca_details.add(roa.ca_detail) + ca_details.add(roa.ca_detail.pk) roa.revoke(publisher = publisher) except: logger.exception("%r: Could not revoke %r", self, roa) if not publisher.empty(): - for ca_detail in ca_details: + for ca_detail in rpki.rpkidb.models.CADetail.objects.filter(pk__in = ca_details): logger.debug("%r: Generating new CRL and manifest for %r", self, ca_detail) ca_detail.generate_crl_and_manifest(publisher = publisher) yield publisher.call_pubd() -- cgit v1.2.3