Description
Trying to use recursive sss fails silently:
clevis luks bind -d /dev/sda3 sss '{"t":2,"pins":{"sss":[{"t":1,"pins":{"tang":[{"url":"http://tang-server1"},{"url":"http://tang-server2"}]}},{"t":1,"pins":{"tang":[{"url":"http://tang-server0"}]}}]}}'
command shows advertisments of all three servers.
But it results in
user@server:~# clevis luks list -d /dev/sda3
1: sss '{"t":2,"pins":{"sss":{"t":1,"pins":{"tang":[{"url":"http://tang-server0"}]}}}}'
This leads me to believe that somehow the first pin-block gets lost between checking adv from the tang-servers and writing data in the LUKS-header.
Formatting the JSON differently like this
{ "t": 2, "pins": [ { "sss": { "t": 1, "pins": { "tang": [ { "url": "http://tang-server0" } ] } } }, { "sss": { "t": 1, "pins": { "tang": [ { "url": "http://tang-server1" }, { "url": "http://tang-server2" } ] } } } ] }
fails with Invalid threshold (required: 1 <= 2 <= 0)!