ports/168322: ports-mgmt/portaudit: Error reading signature file

Jason Helfman jgh at FreeBSD.org
Fri May 25 00:10:02 UTC 2012 

>Number:         168322
>Category:       ports
>Synopsis:       ports-mgmt/portaudit: Error reading signature file
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 25 00:10:01 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Jason Helfman
>Release:        FreeBSD 8.3-RELEASE amd64
>Organization:
>Environment:
System: FreeBSD dormouse.experts-exchange.com 8.3-RELEASE FreeBSD 8.3-RELEASE #0: Mon Apr  9 21:23:18 UTC
>Description:
After creating valid vuxml entries, I am unable to validate them, and I have also confirmed this
with another committer.

I was able to have another committer validate, and I committed the vuxml that is here:
http://www.vuxml.org/freebsd/617959ce-a5f6-11e1-a284-0023ae8e59f0.html

[jhelfman at dormouse.experts-exchange ~/workspace/ports/security/vuxml]$ sudo packaudit
[jhelfman at dormouse.experts-exchange ~/workspace/ports/security/vuxml]$ portaudit haproxy-1.4.16
Error reading signature file /tmp/portaudit.FQuiU3Ej
portaudit: Database contains invalid signature.
[jhelfman at dormouse.experts-exchange ~/workspace/ports/security/vuxml]$ pkg_info -xo portaudit
Information for portaudit-0.6.0:

Origin:
ports-mgmt/portaudit

Information for portaudit-db-0.2.3_1:

Origin:
ports-mgmt/portaudit-db

I added debugging output to portaudit, as well, for diagnosis:
[jhelfman at dormouse.experts-exchange ~/workspace/ports/security/vuxml]$ sudo portaudit haproxy-1.4.16
+ export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/home/jhelfman/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/local/ee/bin:/usr/local/ee/perl/bin
+ portaudit_confs
+ [ -r /usr/local/etc/portaudit.conf ]
+ [ -r /usr/local/sbin/portaudit.conf ]
+ : /var/db/portaudit
+ : auditfile.tbz
+ :
+ : fetch -1mp
+ : http://portaudit.FreeBSD.org/
+ : /usr/local/etc/portaudit.pubkey
+ :
+ opt_audit=false
+ opt_auditcwd=false
+ opt_dbversion=false
+ opt_fetch=false
+ opt_file=''
+ opt_quiet=false
+ opt_restrict=''
+ opt_verbose=false
+ opt_version=false
+ opt_expiry=''
+ [ 1 -eq 0 ]
+ getopts aCdf:Fqr:vVX: opt
+ shift 0
+ ret=0
+ false
+ false
+ [ -n '' ]
+ false
+ prerequisites_checked=false
+ SANITIZETYPE_AWK='
	function sanitize_type(type) {
		retval = type;
		gsub(/[^ a-zA-Z0-9%()#&.+\/\[\]:<>=@_-]/, " ", retval);
		return retval;
	}
	'
+ false
+ false
+ PRINTAFFECTED_AWK='
	function sanitize_type(type) {
		retval = type;
		gsub(/[^ a-zA-Z0-9%()#&.+\/\[\]:<>=@_-]/, " ", retval);
		return retval;
	}
	
		function print_affected(apkg, note) {
			split(apkg, thepkg)
			print "Affected package: " thepkg[1]
			print "Type of problem: " sanitize_type($3) "."
			split($2, ref, / /)
			for (r in ref)
				print "Reference: " ref[r]
			if (note)
				print "Note: " note
			print ""
		}
		'
+ false
+ false
+ [ -n '' ]
+ [ 1 -gt 0 ]
+ portaudit_prerequisites
+ false
+ [ -z '' ]
+ [ -x /usr/local/sbin/pkg_info ]
+ pkg_info=/usr/sbin/pkg_info
+ [ -z ]
+ pkg_version=/usr/sbin/pkg_version
+ /usr/sbin/pkg_info -qP
+ PKG_INSTALL_VER=20101002
+ [ -z 20101002 -o 20101002 -lt 20040623 ]
+ [ ! -r /var/db/portaudit/auditfile.tbz ]
+ checksum_auditfile
+ extract_auditfile_raw
+ sed -nE -e '$s/^#CHECKSUM: *MD5 *([0-9a-f]{32})$/\1/p'
+ /usr/bin/bzip2 -dc -- /var/db/portaudit/auditfile.tbz
+ tar -xOf - auditfile
+ chksum1=d579063106946c63a8ba16ef9ffeddcf
+ extract_auditfile_raw
+ /usr/bin/bzip2 -dc -- /var/db/portaudit/auditfile.tbz+ sed -e '$d'

+ md5
+ tar -xOf - auditfile
+ chksum2=d579063106946c63a8ba16ef9ffeddcf
+ [ d579063106946c63a8ba16ef9ffeddcf = d579063106946c63a8ba16ef9ffeddcf ]
+ [ ! -r /usr/local/etc/portaudit.pubkey ]
+ checksignature_auditfile
+ mktemp -t portaudit
+ local TMPFILE=/tmp/portaudit.Uh2cq8JD
+ extract_auditfile_raw
+ egrep '^#SIGNATURE: '
+ /usr/bin/bzip2 -dc -- /var/db/portaudit/auditfile.tbz
+ sed 's/^#SIGNATURE: //g'
+ tar -xOf - auditfile
+ openssl enc -d -a
+ extract_auditfile_raw
+ egrep -v '^#SIGNATURE: '
+ egrep -v '^#CHECKSUM: '
+ + /usr/bin/bzip2 -dc -- /var/db/portaudit/auditfile.tbz
openssl dgst -sha256 -verify /usr/local/etc/portaudit.pubkey -signature /tmp/portaudit.Uh2cq8JD
+ tar -xOf - auditfile
Error reading signature file /tmp/portaudit.Uh2cq8JD
+ signatureresult=''
+ [ -n /tmp/portaudit.Uh2cq8JD ]
+ rm /tmp/portaudit.Uh2cq8JD
+ [ '' = 'Verified OK' ]
+ echo 'portaudit: Database contains invalid signature.'
portaudit: Database contains invalid signature.
+ return 2


Port maintainer (secteam at FreeBSD.org) is cc'd.

Generated with FreeBSD Port Tools 0.99_6 (mode: change, diff: CVS)
>How-To-Repeat:
>Fix:

`
end

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list