-
Notifications
You must be signed in to change notification settings - Fork 164
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
504 Gateway timeout on large file #481
504 Gateway timeout on large file #481
Comments
Related to an existing issue #264 |
I’m not convinced this is due to #264 since the request hit the server and timed out during processing. I think we should try to fix sigstore/cosign#990 and see if that fixes this. |
I have the fix for the To confirm your doubts I used the rekor-cli to check if it works and it is also running into a similar issue.
And here is tail end of the log with
|
I was able to run the Here is the server log after it is uploaded
Client log
I was able to confirm that it was successful on the server but it didn't respond to the client when it was successful. Based on what I saw from the log I decide to search for the binary in
With the ☝️ successful match. I decided to search the https://rekor.sigstore.dev and it was able to locate it which confirmed the upload was successful but the message to the client is the issue.
|
The 409 error code returned here after 104 seconds feels like the upload must have completed in order for us to have confirmed that there was an entry already in the log for this. I will try to recreate this locally and see if I can run it down. |
Another alternative is to replace the rekorEntry used to upload in cosign with the hash of the artifact rather than the whole payload. |
Cosign doesn't provide an option to upload artifact hash https://github.com/sigstore/cosign/blob/d44259202830948517db361efd85fca6e87776ff/cmd/cosign/cli/sign/sign_blob.go#L55 |
Oops, I think you're misunderstanding my comment. I'm not suggesting changing cosign to sign an artifact hash, I'm suggesting changing the code in cosign linked in my comment so that it uploads to rekor with the hash of the entry, rather than the whole payload. @bobcallaway is this possible? I'm testing that change but I think sending the rekor entry with just a hash causes problems with SHA mismatch because maybe that SHA is just for consistency I guess the reason is probably because it needs to check signature validation and so it needs the whole payload to keep in line with all the different signer/verifier impls. rekor/pkg/types/rekord/v0.0.1/entry.go Line 199 in 775f38b
|
Cool, makes sense! Thanks |
I don't think that avenue is possible :/ |
Ran some
It is not surprising it is `encoding JSON which is causing most of the delay. |
I did The test was uploading a binary(cosign Linux binary) Line 145 in 070f83e
Here is the |
I was thinking if we could replace the json encoding with https://github.com/json-iterator/go as it is well maintained and keeps the standard API. I also saw this recommendation go-swagger/go-swagger#1868 (comment) I tried the code change but it didn't make any difference |
https://github.com/naveensrinivasan/grpc_upload_test The 81 MB uploads take with the gRPC tests.
The uploads with REST take about 180seconds. |
@naveensrinivasan just FYI this is how you can upload this hashed type, e.g. on a signature of a file
|
Thank you @asraa! AFAIK it is still not supported in cosign. Or if I am wrong how can I use with cosign for keyless signing? |
Hah thank you for reminding me that this was for use through cosign CLI. I'll open a PR there to fix that! |
Thanks |
Description
We are trying to use
rekor
to store our GH releases for Scorecard ossf/scorecard#1201.I ran into an issue with
cosign
that didn't support timeout onsign-blob
sigstore/cosign#990 and am in the process of fixing that issue I ran into another issue withrekor
.The size of the binary that I am trying to upload is
81M
.The text was updated successfully, but these errors were encountered: