Validate whether mongocryptd starts on Windows

XMLWordPrintableJSON

    • Type: Task
    • Resolution: Done
    • Priority: Critical - P2
    • None
    • Affects Version/s: None
    • Component/s: Client Side Encryption
    • None
    • Hide

      Summary

      As outlined in SERVER-106469, it was identified that mongocryptd fails to start on Windows with the latest server build. We need to validate if any other drivers are affected by this. This includes validating how the driver launches mongocryptd.exe on Windows. 

      Motivation

      Who is the affected end user?

      Anyone intending to use the latest 8.2-compatible mongocryptd.exe on Windows.

      How does this affect the end user?

      This may come as a potential hindrance to the developer experience but should not block the users completely. 

      How likely is it that this problem or use case will occur?

      This bug only affects Windows users and only some drivers may be affected. 

      If the problem does occur, what are the consequences and how severe are they?

      1. The users will have to use an older version of mongocryptd.exe as long as they don't need new features like prefix/suffix for QE. Server security team will confirm this as a workaround.
      2. Affected users can use crypt_shared instead which has generally been our guidance

      Is this issue urgent?

      Yes. This is needed so we can document this in the respective driver's docs as a known bug with potential workarounds. The server team will add a fix in v8.2.1.

      Is this ticket required by a downstream team?

      No

      Is this ticket only for tests?

      N/A

      Acceptance Criteria

      Validate how the driver launches mongocryptd.exe on Windows and whether it is affected by the usage of --logpath NUL. The PMs should file a respective DOCSP ticket to help notify users.

      For example, the .NET/C# Driver launches mongocryptd on Windows via mongocryptd.exe --logpath NUL asking mongocryptd to redirect output to NUL and is affected by this bug. Full impl is here.

      The Java Driver launches mongocryptd on Windows using ProcessBuilder.redirectOutput(new File("NUL")) (simplified) relying on Java's process output redirection and is NOT affected by this bug. Full impl is here.

      Show
      Summary As outlined in SERVER-106469 , it was identified that mongocryptd fails to start on Windows with the latest server build. We need to validate if any other drivers are affected by this. This includes validating how the driver launches mongocryptd.exe on Windows.   Motivation Who is the affected end user? Anyone intending to use the latest 8.2-compatible mongocryptd.exe on Windows. How does this affect the end user? This may come as a potential hindrance to the developer experience but should not block the users completely.   How likely is it that this problem or use case will occur? This bug only affects Windows users and only some drivers may be affected.   If the problem does occur, what are the consequences and how severe are they? The users will have to use an older version of mongocryptd.exe as long as they don't need new features like prefix/suffix for QE. Server security team will confirm this as a workaround. Affected users can use crypt_shared instead which has generally been our guidance Is this issue urgent? Yes. This is needed so we can document this in the respective driver's docs as a known bug with potential workarounds. The server team will add a fix in v8.2.1. Is this ticket required by a downstream team? No Is this ticket only for tests? N/A Acceptance Criteria Validate how the driver launches mongocryptd.exe on Windows and whether it is affected by the usage of --logpath NUL. The PMs should file a respective DOCSP ticket to help notify users. For example, the .NET/C# Driver launches mongocryptd on Windows via mongocryptd.exe --logpath NUL asking mongocryptd to redirect output to NUL and is affected by this bug. Full impl is here . The Java Driver launches mongocryptd on Windows using ProcessBuilder.redirectOutput(new File("NUL")) (simplified) relying on Java's process output redirection and is NOT affected by this bug. Full impl is here .
    • 🔵 Done
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?
    • None
    • None
    • None
    • None
    • None
    • None

      This ticket was split from DRIVERS-3287, please see that ticket for a detailed description.

            Assignee:
            James Kovacs
            Reporter:
            TPM Jira Automations Bot
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: