Re: poudriere/pkg signing issue
- In reply to: FiLiS : "poudriere/pkg signing issue"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 27 Jun 2023 08:59:32 UTC
On 27.06.23 10:50, FiLiS wrote: > Hej there, > > I hope someone has an idea regarding this: > I've just encountered something pretty odd. We've been using poudriere > since quite some time, so we automated the cert deployment of our pkg > repository on all consuming machines. As of today, pkg refuses to play > ball: > > # pkg update > Updating pkg.myrepo repository catalogue... > Fetching meta.conf: 100% 163 B 0.2kB/s 00:01 > Fetching packagesite.pkg: 100% 365 KiB 374.2kB/s 00:01 > pkg: -----BEGIN PUBLIC KEY----- > MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5NRaOU1YuSKe9GXIu0IU > xrGWnDPS/r68v9u6GPw+7FbwNo8J9Xl06zZW6u4zuSOgyVbxo1w7bnvNQNwPoPYs > UIqR8KLHdUm1qpj1FGC3db8Bmhjk/dc8hIS72f15B+G9zsdRzTMNsvQzTvPgWAWX > buFF39bxnnElhxOGAiw1dgGRKNuHTNNWga7yyMcMsB8f+6Uc8tqIRUX+gOSzZy2B > FpocZ1vnQg1V2JctvSRzriS9spxcEko7mxDYjo3jRuVHU6omwOuwH2DEkO8fPkLg > yhzBM6HDYE8O/Z+Ma7gD2++keSDJgTynzEVgv5mTGys2OkcWgshjjyqlE4TkRqXu > Sjeyk/V+vGPAmWJYQcG0fSXUjIgaOMRPKpOKrR2nAjNDsQW6Ljjh6/IgDiF33vz6 > 9ORC6r8V8uLGkvYDWS1tja657qKHWP6pitBm/vQNmoTF2FotES36+dH0YD2i4vZ+ > VQNjqvLzjt88Oyq7v5QjeAoeicyLMNzp5CodWgXeiRvN8wkAgU+5C0esMaUmk9CA > P83kY/sXjxis0ISYe6Nic9z6AsfJPA9BSS2wP0TNxQ4sdvXwZmF/rZ9xX7SQVoL3 > opjLiCNQwX2UjwlJe27A6M46Hp4DDtWYFZ6w+K/hdn7MTI26MWzhlGIyD/Hx0IRu > Ii5RX8o2S8TctAxUJb1qxxkCAwEAAQ== > -----END PUBLIC KEY-----: rsa signature verification failure > pkg: Invalid signature, removing repository. > Unable to update repository pkg.myrepo > Error updating repositories! > > When I switch back to the .real_xxx directory of the day before, > everything works fine. > I can't quite figure out what caused this thing to break. > It seems, as of today, we're shipping a different pkg.pkg.pubkeysig in > the Latest folder, but the key configured in PKG_REPO_SIGNING_KEY > hasn't moved since forever and I also compared it to backups, so > nothing changed. I just encountered the same problem on my poudriere server: # pkg upgrade Updating server repository catalogue... Fetching meta.conf: 100% 163 B 0.2kB/s 00:01 Fetching packagesite.pkg: 100% 302 KiB 309.2kB/s 00:01 pkg: -----BEGIN PUBLIC KEY----- *** REDACTED ... *** -----END PUBLIC KEY----- : rsa signature verification failure pkg: Invalid signature, removing repository. Unable to update repository server Error updating repositories! Could the latest OpenSSL 3.x related changes have broken plain RSA signature validation?