[tor-commits] [tor/master] More log messages for keygen problems

nickm at torproject.org nickm at torproject.org
Wed Aug 19 17:37:40 UTC 2015 

commit 426ef9c8eb1d88914ebff544d6704d5c6de23ba1
Author: Nick Mathewson <nickm at torproject.org>
Date:   Mon Aug 10 11:04:53 2015 -0400

    More log messages for keygen problems
---
 src/or/routerkeys.c |   21 +++++++++++++++++----
 src/or/routerkeys.h |    1 +
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/src/or/routerkeys.c b/src/or/routerkeys.c
index 025fa6f..80b26e6 100644
--- a/src/or/routerkeys.c
+++ b/src/or/routerkeys.c
@@ -246,6 +246,9 @@ write_secret_key(const ed25519_secret_key_t *key, int encrypted,
  * If INIT_ED_KEY_NO_REPAIR is set, and there is any issue loading the keys
  * from disk _other than their absence_ (full or partial), we do not try to
  * replace them.
+ *
+ * If INIT_ED_KEY_SUGGEST_KEYGEN is set, have log messages about failures
+ * refer to the --keygen option.
  */
 ed25519_keypair_t *
 ed_key_init_from_file(const char *fname, uint32_t flags,
@@ -358,8 +361,12 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
         /* If we have a secret key and we're reloading the public key,
          * the key must match! */
         if (! ed25519_pubkey_eq(&keypair->pubkey, &pubkey_tmp)) {
-          tor_log(severity, LD_OR, "%s does not match %s!",
-                  public_fname, loaded_secret_fname);
+          tor_log(severity, LD_OR, "%s does not match %s!  If you are trying "
+                  "to restore from backup, make sure you didn't mix up the "
+                  "key files. If you are absolutely sure that %s is the right "
+                  "key for this relay, delete %s or move it out of the way.",
+                  public_fname, loaded_secret_fname,
+                  loaded_secret_fname, public_fname);
           goto err;
         }
       } else {
@@ -389,11 +396,17 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
       !(flags & INIT_ED_KEY_MISSING_SECRET_OK)) {
     if (have_encrypted_secret_file) {
       tor_log(severity, LD_OR, "We needed to load a secret key from %s, "
-              "but it was encrypted. Try tor --keygen instead.",
+              "but it was encrypted. Try 'tor --keygen' instead, so you "
+              "can enter the passphrase.",
               secret_fname);
     } else {
       tor_log(severity, LD_OR, "We needed to load a secret key from %s, "
-              "but couldn't find it.", secret_fname);
+              "but couldn't find it. %s", secret_fname,
+              (flags & INIT_ED_KEY_SUGGEST_KEYGEN) ?
+              "If you're keeping your master secret key offline, you will "
+              "need to run 'tor --keygen' to generate new signing keys." :
+              "Did you forget to copy it over when you copied the rest of the "
+              "signing key material?");
     }
     goto err;
   }
diff --git a/src/or/routerkeys.h b/src/or/routerkeys.h
index 9b93358..b4e73aa 100644
--- a/src/or/routerkeys.h
+++ b/src/or/routerkeys.h
@@ -16,6 +16,7 @@
 #define INIT_ED_KEY_OMIT_SECRET                 (1u<<7)
 #define INIT_ED_KEY_TRY_ENCRYPTED               (1u<<8)
 #define INIT_ED_KEY_NO_REPAIR                   (1u<<9)
+#define INIT_ED_KEY_SUGGEST_KEYGEN              (1u<<10)
 
 struct tor_cert_st;
 ed25519_keypair_t *ed_key_init_from_file(const char *fname, uint32_t flags,

More information about the tor-commits mailing list