Change the name for the keypinning file; delete the old one if found

This is a brute-force fix for #16580, wherein #16530 caused some
routers to do bad things with the old keypinning journal.

1 files changed, 12 insertions, 1 deletions

diff --git a/src/or/main.c b/src/or/main.c
index af77f28dfd..fe93cdc12d 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2034,7 +2034,7 @@ do_main_loop(void)
 
   /* Initialize the keypinning log. */
   if (authdir_mode_v3(get_options())) {
-    char *fname = get_datadir_fname("key-pinning-entries");
+    char *fname = get_datadir_fname("key-pinning-journal");
     int r = 0;
     if (keypin_load_journal(fname)<0) {
       log_err(LD_DIR, "Error loading key-pinning journal: %s",strerror(errno));
@@ -2048,6 +2048,17 @@ do_main_loop(void)
     if (r)
       return r;
   }
+  {
+    /* This is the old name for key-pinning-journal.  These got corrupted
+     * in a couple of cases by #16530, so we started over. See #16580 for
+     * the rationale and for other options we didn't take.  We can remove
+     * this code once all the authorities that ran 0.2.7.1-alpha-dev are
+     * upgraded.
+     */
+    char *fname = get_datadir_fname("key-pinning-entries");
+    unlink(fname);
+    tor_free(fname);
+  }
 
   if (trusted_dirs_reload_certs()) {
     log_warn(LD_DIR,