update workflow is broken

[PascalinDe]

. .venv/bin/activate && ./gen_fresh_dirinfo.py generate-dirinfo \
	--authority-signing-key authority-private/authority_signing_key \
	--authority-certificate directory-cache/certificate.txt \
	--consensus directory-cache/consensus.txt \
	--microdescriptors directory-cache/microdescriptors.txt
Traceback (most recent call last):
  File "/home/runner/work/lightarti-directory/lightarti-directory/tools/./gen_fresh_dirinfo.py", line 912, in generate_customized_consensus
    vote_mtbf.validate_signatures(key_cert_mtbf)
  File "/home/runner/work/lightarti-directory/lightarti-directory/tools/.venv/lib/python3.9/site-packages/stem/descriptor/networkstatus.py", line 1307, in validate_signatures
    raise ValueError('Network Status Document has %i valid signatures out of %i total, needed %i' % (valid_digests, total_digests, required_digests))
ValueError: Network Status Document has 0 valid signatures out of 0 total, needed 0

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/runner/work/lightarti-directory/lightarti-directory/tools/./gen_fresh_dirinfo.py", line 1217, in <module>
    main(sys.argv[0], sys.argv[1:])
  File "/home/runner/work/lightarti-directory/lightarti-directory/tools/./gen_fresh_dirinfo.py", line 1206, in main
    namespace.callback(namespace)
  File "/home/runner/work/lightarti-directory/lightarti-directory/tools/./gen_fresh_dirinfo.py", line 1012, in generate_customized_consensus_cb
    generate_customized_consensus(
  File "/home/runner/work/lightarti-directory/lightarti-directory/tools/./gen_fresh_dirinfo.py", line 914, in generate_customized_consensus
    raise InvalidVote(str(err))
__main__.InvalidVote: Network Status Document has 0 valid signatures out of 0 total, needed 0
make[1]: *** [Makefile:43: directory-cache/certificate.txt] Error 1
make: *** [Makefile:78: update_cache_churn] Error 2
make[1]: Leaving directory '/home/runner/work/lightarti-directory/lightarti-directory/tools'

blocking c4dt/lightarti-rest#116

[PascalinDe]

@ineiti the problem might be that the environment variables AUTHORITY/DIR_AUTH_PASSWORD contain a certificate that has expired

there is a process described in the README.md on how to renew the certificate, but only when one knows DIR_AUTH_PASSWORD (else it will create a new certificate) - since the secrets are encrypted I cannot access either of them so I tend to "just create a new certificate" but I'm not clear on the consequences it might have if our certificate changes

what do you think?

[PascalinDe]

unfortunately creating a new certificate did not resolve the issue - but at least we now have a certificate/password in our hands...

[PascalinDe]

OK, the issue seems to be that moria1's (the authority server we use) key has been changed: https://gitlab.torproject.org/tpo/core/tor/-/issues/40722

what we have:

(Pdb) authorities['moria1'].v3ident
'D586D18309DED4CD6D57C18FDB97EFA96D330566'

which corresponds to the old key as seen here:

torproject/tor@72b04a5

so I'm currently looking into how to retrieve the authorities' new key

[PascalinDe]

so the information in question is retrieved by stem, I opened a ticket here: torproject/stem#134

this ticked and c4dt/lightarti-rest#116 are blocked for the moment