i386/163837: i386 lastest.ssl freebsd-update file is invalid
Derek Schrock
dereks at lifeofadishwasher.com
Thu Jan 5 20:20:12 UTC 2012
>Number: 163837
>Category: i386
>Synopsis: i386 lastest.ssl freebsd-update file is invalid
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-i386
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jan 05 20:20:11 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Derek Schrock
>Release: 8.2-p6
>Organization:
>Environment:
FreeBSD ircbsd.lifeofadishwasher.com 8.2-RELEASE-p3 FreeBSD 8.2-RELEASE-p3 #0: Tue Sep 27 18:07:27 UTC 2011 root at i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC i386
>Description:
When trying to use freebsd-update to perform a binary update to 9.0-RELEASE I get the following message:
Fetching metadata signature for 9.0-RELEASE from update4.FreeBSD.org... invalid signature.
Fetching metadata signature for 9.0-RELEASE from update2.FreeBSD.org... invalid signature.
Fetching metadata signature for 9.0-RELEASE from update5.FreeBSD.org... invalid signature.
Fetching metadata signature for 9.0-RELEASE from update3.FreeBSD.org... invalid signature.
No mirrors remaining, giving up.
It appears the latest.ssl file on the update servers is bad:
#fetch http://update5.freebsd.org/9.0-RELEASE/i386/latest.ssl
latest.ssl 100% of 512 B 4064 kBps
# openssl rsautl -pubin -inkey pub.ssl -verify < latest.ssl
freebsd-update|i386|9.0-RELEASE|0|e2e72ff9a28072e9c3f1b5deb00fa3761ef259246bc7f5b38326bdddad4cd04c|EOL=1359676800
Last field:
EOL=1359676800
regex used to validate tag.new file:
"^freebsd-update\|${ARCH}\|${RELNUM}\|[0-9]+\|[0-9a-f]{64}\|[0-9]{10}"
example of the amd64 version with a valid last field:
]# fetch http://update5.freebsd.org/9.0-RELEASE/amd64/latest.ssl
latest.ssl 100% of 512 B 4032 kBps
# openssl rsautl -pubin -inkey pub.ssl -verify < latest.ssl
freebsd-update|amd64|9.0-RELEASE|0|603c211a27349064fad20ee6dfc6ea75e8e04504bbe48107f9e328d9b6ff9a77|1359676800
>How-To-Repeat:
# freebsd-update -r 9.0-RELEASE upgrade
>Fix:
# openssl rsautl -pubin -inkey pub.ssl -verify < latest.ssl
Remove the EOL= from the last field in the tag.new file
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-i386
mailing list