Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GRPC can't read certificate after dropping perms #3265

Closed
johnnybubonic opened this issue Nov 15, 2017 · 0 comments · Fixed by #5552
Closed

GRPC can't read certificate after dropping perms #3265

johnnybubonic opened this issue Nov 15, 2017 · 0 comments · Fixed by #5552
Labels
gRPC help wanted Good community contribution opportunities linux server

Comments

@johnnybubonic
Copy link

I am using the same cert/key for Murmur TLS and GRPC TLS.

However, whereas Murmur reads the certificate and key before dropping privs to user=, it seems that GRPC does this after dropping privs. As a result, it cannot read the certificate/key specified if they are restricted to root permissions/access.

@mkrautz mkrautz added linux server help wanted Good community contribution opportunities labels Dec 1, 2017
@ghost ghost added the gRPC label Jan 30, 2018
Krzmbrzl added a commit to Krzmbrzl/mumble that referenced this issue Feb 6, 2022
The gRPC implementation never left the experimental state and never
reached a properly stable state to the point where we would feel good
about enabling it by default. In addition to that, there has been no
further attempts at finding and fixing the encountered issues in the
implementation (except mumble-voip#3947 but that was discontinued).

As such we had an essentially unmaintained piece of code in our server
implementation that was known to be buggy and that nobody wanted to fix.
In addition to that the implementation itself could not be considered
very clean or elegant and therefore only represented a few smelly
corners in our code base.

For this reason, we decided to remove the gRPC support entirely from
Mumble (for now).

What we hope to gain by that is:
- Prevent people from building unstable server versions and then coming
to us complaining that it crashed/misbehaved
- Removing (essentially) dead code
- Reduce the RPC implementation complexity

That last piece is crucial: By removing gRPC support we reduce the
amount of supported RPC frameworks to only one (ignoring DBus for now).
Our future plans include a refactoring of how RPC is being handled and
implemented and only having to worry about maintaining compatibility
with one RPC system is much easier than having to worry about two (with
(slightly) different APIs).
Once the RPC implementation has been rewritten, more RPC backends may be
reintroduced and in that process we might investigate adding a proper
gRPC implementation to the code (that then hopefully is more stable than
the current one).

Fixes mumble-voip#4567
Fixes mumble-voip#4197
Fixes mumble-voip#3496
Fixes mumble-voip#3429
Fixes mumble-voip#3265
Krzmbrzl added a commit to Krzmbrzl/mumble that referenced this issue Mar 16, 2022
The gRPC implementation never left the experimental state and never
reached a properly stable state to the point where we would feel good
about enabling it by default. In addition to that, there has been no
further attempts at finding and fixing the encountered issues in the
implementation (except mumble-voip#3947 but that was discontinued).

As such we had an essentially unmaintained piece of code in our server
implementation that was known to be buggy and that nobody wanted to fix.
In addition to that the implementation itself could not be considered
very clean or elegant and therefore only represented a few smelly
corners in our code base.

For this reason, we decided to remove the gRPC support entirely from
Mumble (for now).

What we hope to gain by that is:
- Prevent people from building unstable server versions and then coming
to us complaining that it crashed/misbehaved
- Removing (essentially) dead code
- Reduce the RPC implementation complexity

That last piece is crucial: By removing gRPC support we reduce the
amount of supported RPC frameworks to only one (ignoring DBus for now).
Our future plans include a refactoring of how RPC is being handled and
implemented and only having to worry about maintaining compatibility
with one RPC system is much easier than having to worry about two (with
(slightly) different APIs).
Once the RPC implementation has been rewritten, more RPC backends may be
reintroduced and in that process we might investigate adding a proper
gRPC implementation to the code (that then hopefully is more stable than
the current one).

Fixes mumble-voip#4567
Fixes mumble-voip#4197
Fixes mumble-voip#3496
Fixes mumble-voip#3429
Fixes mumble-voip#3265
Krzmbrzl added a commit that referenced this issue Mar 16, 2022
The gRPC implementation never left the experimental state and never
reached a properly stable state to the point where we would feel good
about enabling it by default. In addition to that, there has been no
further attempts at finding and fixing the encountered issues in the
implementation (except #3947 but that was discontinued).

As such we had an essentially unmaintained piece of code in our server
implementation that was known to be buggy and that nobody wanted to fix.
In addition to that the implementation itself could not be considered
very clean or elegant and therefore only represented a few smelly
corners in our code base.

For this reason, we decided to remove the gRPC support entirely from
Mumble (for now).

What we hope to gain by that is:

    Prevent people from building unstable server versions and then coming
    to us complaining that it crashed/misbehaved
    Removing (essentially) dead code
    Reduce the RPC implementation complexity

That last piece is crucial: By removing gRPC support we reduce the
amount of supported RPC frameworks to only one (ignoring DBus for now).
Our future plans include a refactoring of how RPC is being handled and
implemented and only having to worry about maintaining compatibility
with one RPC system is much easier than having to worry about two (with
(slightly) different APIs).
Once the RPC implementation has been rewritten, more RPC backends may be
reintroduced and in that process we might investigate adding a proper
gRPC implementation to the code (that then hopefully is more stable than
the current one).

Fixes #4567
Fixes #4197
Fixes #3496
Fixes #3429
Fixes #3265
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
gRPC help wanted Good community contribution opportunities linux server
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants