Date: Thu, 24 May 2012 17:03:56 -0700 From: Jason Helfman <jgh@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org Cc: secteam@FreeBSD.org Subject: ports/168322: ports-mgmt/portaudit: Error reading signature file Message-ID: <1337904236.800643.13470.nullmailer@experts-exchange.com> Resent-Message-ID: <201205250010.q4P0A24S066716@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 168322 >Category: ports >Synopsis: ports-mgmt/portaudit: Error reading signature file >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri May 25 00:10:01 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Jason Helfman >Release: FreeBSD 8.3-RELEASE amd64 >Organization: >Environment: System: FreeBSD dormouse.experts-exchange.com 8.3-RELEASE FreeBSD 8.3-RELEASE #0: Mon Apr 9 21:23:18 UTC >Description: After creating valid vuxml entries, I am unable to validate them, and I have also confirmed this with another committer. I was able to have another committer validate, and I committed the vuxml that is here: http://www.vuxml.org/freebsd/617959ce-a5f6-11e1-a284-0023ae8e59f0.html [jhelfman@dormouse.experts-exchange ~/workspace/ports/security/vuxml]$ sudo packaudit [jhelfman@dormouse.experts-exchange ~/workspace/ports/security/vuxml]$ portaudit haproxy-1.4.16 Error reading signature file /tmp/portaudit.FQuiU3Ej portaudit: Database contains invalid signature. [jhelfman@dormouse.experts-exchange ~/workspace/ports/security/vuxml]$ pkg_info -xo portaudit Information for portaudit-0.6.0: Origin: ports-mgmt/portaudit Information for portaudit-db-0.2.3_1: Origin: ports-mgmt/portaudit-db I added debugging output to portaudit, as well, for diagnosis: [jhelfman@dormouse.experts-exchange ~/workspace/ports/security/vuxml]$ sudo portaudit haproxy-1.4.16 + export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/home/jhelfman/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/local/ee/bin:/usr/local/ee/perl/bin + portaudit_confs + [ -r /usr/local/etc/portaudit.conf ] + [ -r /usr/local/sbin/portaudit.conf ] + : /var/db/portaudit + : auditfile.tbz + : + : fetch -1mp + : http://portaudit.FreeBSD.org/ + : /usr/local/etc/portaudit.pubkey + : + opt_audit=false + opt_auditcwd=false + opt_dbversion=false + opt_fetch=false + opt_file='' + opt_quiet=false + opt_restrict='' + opt_verbose=false + opt_version=false + opt_expiry='' + [ 1 -eq 0 ] + getopts aCdf:Fqr:vVX: opt + shift 0 + ret=0 + false + false + [ -n '' ] + false + prerequisites_checked=false + SANITIZETYPE_AWK=' function sanitize_type(type) { retval = type; gsub(/[^ a-zA-Z0-9%()#&.+\/\[\]:<>=@_-]/, " ", retval); return retval; } ' + false + false + PRINTAFFECTED_AWK=' function sanitize_type(type) { retval = type; gsub(/[^ a-zA-Z0-9%()#&.+\/\[\]:<>=@_-]/, " ", retval); return retval; } function print_affected(apkg, note) { split(apkg, thepkg) print "Affected package: " thepkg[1] print "Type of problem: " sanitize_type($3) "." split($2, ref, / /) for (r in ref) print "Reference: " ref[r] if (note) print "Note: " note print "" } ' + false + false + [ -n '' ] + [ 1 -gt 0 ] + portaudit_prerequisites + false + [ -z '' ] + [ -x /usr/local/sbin/pkg_info ] + pkg_info=/usr/sbin/pkg_info + [ -z ] + pkg_version=/usr/sbin/pkg_version + /usr/sbin/pkg_info -qP + PKG_INSTALL_VER=20101002 + [ -z 20101002 -o 20101002 -lt 20040623 ] + [ ! -r /var/db/portaudit/auditfile.tbz ] + checksum_auditfile + extract_auditfile_raw + sed -nE -e '$s/^#CHECKSUM: *MD5 *([0-9a-f]{32})$/\1/p' + /usr/bin/bzip2 -dc -- /var/db/portaudit/auditfile.tbz + tar -xOf - auditfile + chksum1=d579063106946c63a8ba16ef9ffeddcf + extract_auditfile_raw + /usr/bin/bzip2 -dc -- /var/db/portaudit/auditfile.tbz+ sed -e '$d' + md5 + tar -xOf - auditfile + chksum2=d579063106946c63a8ba16ef9ffeddcf + [ d579063106946c63a8ba16ef9ffeddcf = d579063106946c63a8ba16ef9ffeddcf ] + [ ! -r /usr/local/etc/portaudit.pubkey ] + checksignature_auditfile + mktemp -t portaudit + local TMPFILE=/tmp/portaudit.Uh2cq8JD + extract_auditfile_raw + egrep '^#SIGNATURE: ' + /usr/bin/bzip2 -dc -- /var/db/portaudit/auditfile.tbz + sed 's/^#SIGNATURE: //g' + tar -xOf - auditfile + openssl enc -d -a + extract_auditfile_raw + egrep -v '^#SIGNATURE: ' + egrep -v '^#CHECKSUM: ' + + /usr/bin/bzip2 -dc -- /var/db/portaudit/auditfile.tbz openssl dgst -sha256 -verify /usr/local/etc/portaudit.pubkey -signature /tmp/portaudit.Uh2cq8JD + tar -xOf - auditfile Error reading signature file /tmp/portaudit.Uh2cq8JD + signatureresult='' + [ -n /tmp/portaudit.Uh2cq8JD ] + rm /tmp/portaudit.Uh2cq8JD + [ '' = 'Verified OK' ] + echo 'portaudit: Database contains invalid signature.' portaudit: Database contains invalid signature. + return 2 Port maintainer (secteam@FreeBSD.org) is cc'd. Generated with FreeBSD Port Tools 0.99_6 (mode: change, diff: CVS) >How-To-Repeat: >Fix: ` end >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1337904236.800643.13470.nullmailer>