From nobody Tue Jun 27 08:50:53 2023 X-Original-To: freebsd-pkg@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Qqz2t2311z4k3c8 for ; Tue, 27 Jun 2023 08:51:18 +0000 (UTC) (envelope-from freebsd+pkg@filis.org) Received: from smtp1.nkhosting.net (smtp1.nkhosting.net [84.200.40.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Qqz2s3GC5z3s4X for ; Tue, 27 Jun 2023 08:51:17 +0000 (UTC) (envelope-from freebsd+pkg@filis.org) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of freebsd+pkg@filis.org designates 84.200.40.83 as permitted sender) smtp.mailfrom=freebsd+pkg@filis.org; dmarc=none Received: from [192.168.54.108] (unknown [213.240.178.192]) by smtp1.nkhosting.net (Postfix) with ESMTPSA id 804BA1DA4F for ; Tue, 27 Jun 2023 10:51:15 +0200 (CEST) Message-ID: <5f1affe5-e776-6eb3-2663-afafb4e2cd2a@arch.jocks.cc> Date: Tue, 27 Jun 2023 10:50:53 +0200 List-Id: Binary package management and package tools discussion List-Archive: https://lists.freebsd.org/archives/freebsd-pkg List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-pkg@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Content-Language: en-US To: freebsd-pkg@FreeBSD.org From: FiLiS Subject: poudriere/pkg signing issue Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spamd-Result: default: False [-3.18 / 15.00]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_LONG(-0.98)[-0.976]; NEURAL_HAM_MEDIUM(-0.90)[-0.902]; R_SPF_ALLOW(-0.20)[+a:smtp1.nkhosting.net:c]; MIME_GOOD(-0.10)[text/plain]; FROM_EQ_ENVFROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-pkg@FreeBSD.org]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; TAGGED_FROM(0.00)[pkg]; ASN(0.00)[asn:44066, ipnet:84.200.0.0/16, country:DE]; DMARC_NA(0.00)[filis.org]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; FROM_HAS_DN(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_TLS_ALL(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-pkg@freebsd.org]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Queue-Id: 4Qqz2s3GC5z3s4X X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N Hej there, I hope someone has an idea regarding this: I've just encountered something pretty odd. We've been using poudriere since quite some time, so we automated the cert deployment of our pkg repository on all consuming machines. As of today, pkg refuses to play ball: # pkg update Updating pkg.myrepo repository catalogue... Fetching meta.conf: 100% 163 B 0.2kB/s 00:01 Fetching packagesite.pkg: 100% 365 KiB 374.2kB/s 00:01 pkg: -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5NRaOU1YuSKe9GXIu0IU xrGWnDPS/r68v9u6GPw+7FbwNo8J9Xl06zZW6u4zuSOgyVbxo1w7bnvNQNwPoPYs UIqR8KLHdUm1qpj1FGC3db8Bmhjk/dc8hIS72f15B+G9zsdRzTMNsvQzTvPgWAWX buFF39bxnnElhxOGAiw1dgGRKNuHTNNWga7yyMcMsB8f+6Uc8tqIRUX+gOSzZy2B FpocZ1vnQg1V2JctvSRzriS9spxcEko7mxDYjo3jRuVHU6omwOuwH2DEkO8fPkLg yhzBM6HDYE8O/Z+Ma7gD2++keSDJgTynzEVgv5mTGys2OkcWgshjjyqlE4TkRqXu Sjeyk/V+vGPAmWJYQcG0fSXUjIgaOMRPKpOKrR2nAjNDsQW6Ljjh6/IgDiF33vz6 9ORC6r8V8uLGkvYDWS1tja657qKHWP6pitBm/vQNmoTF2FotES36+dH0YD2i4vZ+ VQNjqvLzjt88Oyq7v5QjeAoeicyLMNzp5CodWgXeiRvN8wkAgU+5C0esMaUmk9CA P83kY/sXjxis0ISYe6Nic9z6AsfJPA9BSS2wP0TNxQ4sdvXwZmF/rZ9xX7SQVoL3 opjLiCNQwX2UjwlJe27A6M46Hp4DDtWYFZ6w+K/hdn7MTI26MWzhlGIyD/Hx0IRu Ii5RX8o2S8TctAxUJb1qxxkCAwEAAQ== -----END PUBLIC KEY-----: rsa signature verification failure pkg: Invalid signature, removing repository. Unable to update repository pkg.myrepo Error updating repositories! When I switch back to the .real_xxx directory of the day before, everything works fine. I can't quite figure out what caused this thing to break. It seems, as of today, we're shipping a different pkg.pkg.pubkeysig in the Latest folder, but the key configured in PKG_REPO_SIGNING_KEY hasn't moved since forever and I also compared it to backups, so nothing changed. Cheers, Philip