Date: Tue, 27 Jun 2023 10:59:32 +0200 From: Jan Bramkamp <crest@rlwinm.de> To: freebsd-pkg@freebsd.org Subject: Re: poudriere/pkg signing issue Message-ID: <f7226ba6-23e4-7f50-f833-20bb3d3262f6@rlwinm.de> In-Reply-To: <5f1affe5-e776-6eb3-2663-afafb4e2cd2a@arch.jocks.cc> References: <5f1affe5-e776-6eb3-2663-afafb4e2cd2a@arch.jocks.cc>
index | next in thread | previous in thread | raw e-mail
On 27.06.23 10:50, FiLiS wrote: > Hej there, > > I hope someone has an idea regarding this: > I've just encountered something pretty odd. We've been using poudriere > since quite some time, so we automated the cert deployment of our pkg > repository on all consuming machines. As of today, pkg refuses to play > ball: > > # pkg update > Updating pkg.myrepo repository catalogue... > Fetching meta.conf: 100% 163 B 0.2kB/s 00:01 > Fetching packagesite.pkg: 100% 365 KiB 374.2kB/s 00:01 > pkg: -----BEGIN PUBLIC KEY----- > MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5NRaOU1YuSKe9GXIu0IU > xrGWnDPS/r68v9u6GPw+7FbwNo8J9Xl06zZW6u4zuSOgyVbxo1w7bnvNQNwPoPYs > UIqR8KLHdUm1qpj1FGC3db8Bmhjk/dc8hIS72f15B+G9zsdRzTMNsvQzTvPgWAWX > buFF39bxnnElhxOGAiw1dgGRKNuHTNNWga7yyMcMsB8f+6Uc8tqIRUX+gOSzZy2B > FpocZ1vnQg1V2JctvSRzriS9spxcEko7mxDYjo3jRuVHU6omwOuwH2DEkO8fPkLg > yhzBM6HDYE8O/Z+Ma7gD2++keSDJgTynzEVgv5mTGys2OkcWgshjjyqlE4TkRqXu > Sjeyk/V+vGPAmWJYQcG0fSXUjIgaOMRPKpOKrR2nAjNDsQW6Ljjh6/IgDiF33vz6 > 9ORC6r8V8uLGkvYDWS1tja657qKHWP6pitBm/vQNmoTF2FotES36+dH0YD2i4vZ+ > VQNjqvLzjt88Oyq7v5QjeAoeicyLMNzp5CodWgXeiRvN8wkAgU+5C0esMaUmk9CA > P83kY/sXjxis0ISYe6Nic9z6AsfJPA9BSS2wP0TNxQ4sdvXwZmF/rZ9xX7SQVoL3 > opjLiCNQwX2UjwlJe27A6M46Hp4DDtWYFZ6w+K/hdn7MTI26MWzhlGIyD/Hx0IRu > Ii5RX8o2S8TctAxUJb1qxxkCAwEAAQ== > -----END PUBLIC KEY-----: rsa signature verification failure > pkg: Invalid signature, removing repository. > Unable to update repository pkg.myrepo > Error updating repositories! > > When I switch back to the .real_xxx directory of the day before, > everything works fine. > I can't quite figure out what caused this thing to break. > It seems, as of today, we're shipping a different pkg.pkg.pubkeysig in > the Latest folder, but the key configured in PKG_REPO_SIGNING_KEY > hasn't moved since forever and I also compared it to backups, so > nothing changed. I just encountered the same problem on my poudriere server: # pkg upgrade Updating server repository catalogue... Fetching meta.conf: 100% 163 B 0.2kB/s 00:01 Fetching packagesite.pkg: 100% 302 KiB 309.2kB/s 00:01 pkg: -----BEGIN PUBLIC KEY----- *** REDACTED ... *** -----END PUBLIC KEY----- : rsa signature verification failure pkg: Invalid signature, removing repository. Unable to update repository server Error updating repositories! Could the latest OpenSSL 3.x related changes have broken plain RSA signature validation?help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f7226ba6-23e4-7f50-f833-20bb3d3262f6>