From owner-freebsd-i386@FreeBSD.ORG  Thu Jan  5 20:20:12 2012
Return-Path: <owner-freebsd-i386@FreeBSD.ORG>
Delivered-To: freebsd-i386@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4A4271065676
	for <freebsd-i386@hub.freebsd.org>;
	Thu,  5 Jan 2012 20:20:12 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 268478FC23
	for <freebsd-i386@hub.freebsd.org>;
	Thu,  5 Jan 2012 20:20:12 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q05KKCeG097129
	for <freebsd-i386@freefall.freebsd.org>; Thu, 5 Jan 2012 20:20:12 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q05KKBGI097128;
	Thu, 5 Jan 2012 20:20:11 GMT (envelope-from gnats)
Resent-Date: Thu, 5 Jan 2012 20:20:11 GMT
Resent-Message-Id: <201201052020.q05KKBGI097128@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-i386@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Derek Schrock <dereks@lifeofadishwasher.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 97A63106567B
	for <freebsd-gnats-submit@FreeBSD.org>;
	Thu,  5 Jan 2012 20:13:28 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 85F3C8FC1A
	for <freebsd-gnats-submit@FreeBSD.org>;
	Thu,  5 Jan 2012 20:13:28 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id q05KDSpj066564
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 5 Jan 2012 20:13:28 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id q05KDSK6066551;
	Thu, 5 Jan 2012 20:13:28 GMT (envelope-from nobody)
Message-Id: <201201052013.q05KDSK6066551@red.freebsd.org>
Date: Thu, 5 Jan 2012 20:13:28 GMT
From: Derek Schrock <dereks@lifeofadishwasher.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: i386/163837: i386 lastest.ssl freebsd-update file is invalid
X-BeenThere: freebsd-i386@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: I386-specific issues for FreeBSD <freebsd-i386.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-i386>,
	<mailto:freebsd-i386-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-i386>
List-Post: <mailto:freebsd-i386@freebsd.org>
List-Help: <mailto:freebsd-i386-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-i386>,
	<mailto:freebsd-i386-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2012 20:20:12 -0000


>Number:         163837
>Category:       i386
>Synopsis:       i386 lastest.ssl freebsd-update file is invalid
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-i386
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 05 20:20:11 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Derek Schrock
>Release:        8.2-p6
>Organization:
>Environment:
FreeBSD ircbsd.lifeofadishwasher.com 8.2-RELEASE-p3 FreeBSD 8.2-RELEASE-p3 #0: Tue Sep 27 18:07:27 UTC 2011     root@i386-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
When trying to use freebsd-update to perform a binary update to 9.0-RELEASE I get the following message:



Fetching metadata signature for 9.0-RELEASE from update4.FreeBSD.org... invalid signature.
Fetching metadata signature for 9.0-RELEASE from update2.FreeBSD.org... invalid signature.
Fetching metadata signature for 9.0-RELEASE from update5.FreeBSD.org... invalid signature.
Fetching metadata signature for 9.0-RELEASE from update3.FreeBSD.org... invalid signature.
No mirrors remaining, giving up.


It appears the latest.ssl file on the update servers is bad:

#fetch http://update5.freebsd.org/9.0-RELEASE/i386/latest.ssl
latest.ssl                                    100% of  512  B 4064 kBps
# openssl rsautl -pubin -inkey pub.ssl -verify < latest.ssl 
freebsd-update|i386|9.0-RELEASE|0|e2e72ff9a28072e9c3f1b5deb00fa3761ef259246bc7f5b38326bdddad4cd04c|EOL=1359676800

Last field:
EOL=1359676800

regex used to validate tag.new file:
"^freebsd-update\|${ARCH}\|${RELNUM}\|[0-9]+\|[0-9a-f]{64}\|[0-9]{10}"


example of the amd64 version with a valid last field:
]# fetch http://update5.freebsd.org/9.0-RELEASE/amd64/latest.ssl
latest.ssl                                    100% of  512  B 4032 kBps
# openssl rsautl -pubin -inkey pub.ssl -verify < latest.ssl 
freebsd-update|amd64|9.0-RELEASE|0|603c211a27349064fad20ee6dfc6ea75e8e04504bbe48107f9e328d9b6ff9a77|1359676800
>How-To-Repeat:
# freebsd-update -r 9.0-RELEASE upgrade
>Fix:
# openssl rsautl -pubin -inkey pub.ssl -verify < latest.ssl 

Remove the EOL= from the last field in the tag.new file

>Release-Note:
>Audit-Trail:
>Unformatted: