Solved freebsd-update fetch gives error "invalid signature"

G

gus

freebsd-update fetch is not working for me anymore. It worked good before. I'm getting the error invalid signature on all mirrors. DNS en internet seems to be working good. I have tried different DNS servers. I'm using FreeBSD 10.1-RELEASE-p10 i386.

Also OpenSSL seems not to be working anymore. I tried the solution
Code: 
openssl rsautl -pubin -inkey pub.ssl -verify < latest.ssl
from http://lists.freebsd.org/pipermail/freebsd-i386/2012-January/009673.html but openssl gives no output. And when I try to enter the openssl prompt only, there is no output also. I think those two problems are related. Openssl is installed from pkg and is version 1.0.2_3.

I also tried pkg upgrade -f but that does not solve the problems.

So I am out of ideas. I hope the people here can help me.
 
Those two are probably unrelated. Tools from the base OS do not use ports. Please post the exact error you're getting with freebsd-update fetch.
 
Hallo SirDice,

Thanks for the quick response. I am back from work now so I can post the exact error now. I am getting the following error when executing freebsd-update fetch :
Code: 
root@freebsdbox:/home/user # freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 5 mirrors found.
Fetching metadata signature for 10.1-RELEASE from update2.freebsd.org... invalid signature.
Fetching metadata signature for 10.1-RELEASE from update6.freebsd.org... invalid signature.
Fetching metadata signature for 10.1-RELEASE from update4.freebsd.org... invalid signature.
Fetching metadata signature for 10.1-RELEASE from update5.freebsd.org... invalid signature.
Fetching metadata signature for 10.1-RELEASE from update3.freebsd.org... invalid signature.
No mirrors remaining, giving up.
root@freebsdbox:/home/user #
 
Try this:
Code: 
fetch http://update2.freebsd.org/10.1-RELEASE/i386/latest.ssl
openssl rsautl -pubin -inkey /var/db/freebsd-update/pub.ssl -verify < latest.ssl
If that doesn't work your /var/db/freebsd-update/pub.ssl might be corrupt. You can remove it, it'll be fetched on the next freebsd-update(8) run.

You can also fetch it: fetch http://update2.freebsd.org/10.1-RELEASE/i386/pub.ssl and compare it with the one stored in /var/db/freebsd-update/pub.ssl. It should be the same.
 
I tried your solution but I am getting the same error. I deleted all files and directories in /var/db/freebsd-update but I get the same error. And with portsnap fetch I am getting the following error :
Code: 
root@freebsdbox:/home/user # portsnap fetch
Looking up portsnap.FreeBSD.org mirrors... 7 mirrors found.
Fetching snapshot tag from ec2-eu-west-1.portsnap.freebsd.org... invalid snapshot tag.
Fetching snapshot tag from sourcefire.portsnap.freebsd.org... invalid snapshot tag.
Fetching snapshot tag from your-org.portsnap.freebsd.org... invalid snapshot tag.
Fetching snapshot tag from isc.portsnap.freebsd.org... invalid snapshot tag.
Fetching snapshot tag from ec2-sa-east-1.portsnap.freebsd.org... invalid snapshot tag.
Fetching snapshot tag from ec2-ap-northeast-1.portsnap.freebsd.org... invalid snapshot tag.
Fetching snapshot tag from ec2-ap-southeast-2.portsnap.freebsd.org... invalid snapshot tag.
No mirrors remaining, giving up.
I also deleted all files and directories in /var/db/portsnap but I get the same error
 
Code: 
root@freebsdbox:/home/user #  fetch http://update2.freebsd.org/10.1-RELEASE/i386/pub.ssl
pub.ssl  100% of  800  B  917 kBps 00m00s
root@freebsdbox:/home/user # cat pub.ssl
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2kXIMh58KXUCk1siiXwG
tKk55IG2khASQbx7nL7Z9Mh0Ie4VnPV1REvchfYFz6gZV9cX7Yz9R7uyEac8NRXN
gKXGxnzF887CsjcTxWvsEoFqTLG57O4LSSm+MO3Sg4HuxnanifeWec9PNz150vU/
+q6s6XTtNHSysuo7XcBjczJigSBAMjdTEMCexiHKGZm0c9tyR4grA1TqSk2Agr9+
7F7SA4Ck8wjM7srFSlYoyxHZtTE+9vz0tx0/5v2VW11NN0RBNoY1F90CCL41Ln73
yqABPWTfAaJ6Z6oQMwNBc+Q2SoCzK76XgZosCWylj3rmzSPhdTcrvFVa0IsUc2Gr
wZImlJ7UtJYpVrKXDvOb1UG/2yQx8Eci+XyPhcgUahSN4Vidz9YyiD7qpf11VYhL
BFeHnkm9LsrBJil4wGuOpXUUzMiKxpR6g3gfMA7PcBK6erxzFzcJHI3KMN0m3PIW
szig8XxdLTc/e9XihPWqDbpGqNMjl9Tfz/nN2LXJA+acf41LenFIY7x4IkHrPM6D
UNU+PsR6F+FMg3VgiJ3lrJmssVqLZRD9MMu51JtrN2NK1uhmFJDK7ZkLefHjdfTh
1HOcIyd8rRt/m8LsbQcdFlg/BTeqoG+wHburoDn9z7HknB4DBxcyRGxHdJuBzytj
YKZHuFglSqt+29fNS/WXWTcCAwEAAQ==
-----END PUBLIC KEY-----
 
Code: 
root@freebsdbox:/home/user # /usr/bin/openssl version
root@freebsdbox:/home/user #
This is what I get as output by executing openssl.
 
Code: 
root@freebsdbox:/home/user #  file /usr/bin/openssl
/usr/bin/openssl: empty
root@freebsdbox:/home/user # ldd /usr/bin/openssl
ldd: /usr/bin/openssl: not a dynamic executable
root@freebsdbox:/home/user #
 
Well that's bad. Somehow your /usr/bin/openssl is hosed. You can download the base distribution tarball from http://ftp.freebsd.org/pub/FreeBSD/releases/i386/10.1-RELEASE/base.txz and extract the /usr/bin/openssl file with this:

tar -C / -xvf base.txz usr/bin/openssl

This won't give the newest version of the binary but it should allow freebsd-update(8) to work and you might be able to fix the rest of the problems with freebsd-update fetch install.
 
Code: 
root@freebsdbox:/home/user # fetch  http://ftp.freebsd.org/pub/FreeBSD/releases/i386/10.1-RELEASE/base.txz
base.txz  100% of  58 MB 1161 kBps 00m51s
root@freebsdbox:/home/user #  tar -C / -xvf base.txz usr/bin/openssl
x ./usr/bin/openssl
root@freebsdbox:/home/user # freebsd-update fetch install
Looking up update.FreeBSD.org mirrors... 5 mirrors found.
Fetching metadata signature for 10.1-RELEASE from update3.freebsd.org... done.
Fetching metadata index... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 6 patches.... done.
Applying patches... done.
Fetching 47 files... done.
The following files will be updated as part of updating to 10.1-RELEASE-p12:
(list of files to be updated)
/usr/bin/openssl
(list of files to be updated)
installing updates... done
root@freebsdbox:/home/user #

I thank you people very much. It seems to work now.
 
Code: 
root@freebsdbox:/home/user # freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 5 mirrors found.
Fetching metadata signature for 10.1-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 10.1-RELEASE-p12.
root@freebsdbox:/home/user #

And portsnap fetch seems to work again too.

Code: 
root@freebsdbox:/home/user # portsnap fetch
Looking up portsnap.FreeBSD.org mirrors... 7 mirrors found.
Fetching snapshot tag from ec2-eu-west-1.portsnap.freebsd.org... done.
Fetching snapshot metadata... done.
Fetching snapshot generated at Wed Jun 17 02:13:41 CEST 2015:
1abddfa87780b8609cb4ffc461b4b995ee72c92bc7f09e100% of  75 MB 1050 kBps 01m14s
Extracting snapshot... done.
Verifying snapshot integrity... done.
Fetching snapshot tag from ec2-eu-west-1.portsnap.freebsd.org... done.
Fetching snapshot metadata... done.
Updating from Wed Jun 17 02:13:41 CEST 2015 to Wed Jun 17 20:37:32 CEST 2015.
Fetching 4 metadata patches... done.
Applying metadata patches... done.
Fetching 0 metadata files... done.
Fetching 86 patches.
(86/86) 100.00%  done.  
done.
Applying patches...
done.
Fetching 2 new ports or files... done.
root@freebsdbox:/home/user #

kpa : Thanks for the advice.
 
I have a similar problem after doing an upgrade from 10.2 to 10.3. I don't know if proper form is to add to this thread or start a new one, so I will try adding to this thread first.
Code: 
# uname -a
FreeBSD theranch 10.3-RELEASE-p7 FreeBSD 10.3-RELEASE-p7 #0: Thu Aug 11 18:38:15 UTC 2016     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

Code: 
# portsnap fetch
Looking up portsnap.FreeBSD.org mirrors... 7 mirrors found.
Fetching snapshot tag from your-org.portsnap.freebsd.org... invalid snapshot tag.
Fetching snapshot tag from sourcefire.portsnap.freebsd.org... invalid snapshot tag.
Fetching snapshot tag from ec2-eu-west-1.portsnap.freebsd.org... invalid snapshot tag.
Fetching snapshot tag from ec2-ap-northeast-1.portsnap.freebsd.org... invalid snapshot tag.
Fetching snapshot tag from ec2-ap-southeast-2.portsnap.freebsd.org... invalid snapshot tag.
Fetching snapshot tag from ec2-sa-east-1.portsnap.freebsd.org... invalid snapshot tag.
Fetching snapshot tag from isc.portsnap.freebsd.org... failed.
No mirrors remaining, giving up.

Code: 
# /usr/bin/openssl version
34379283160:error:0E079065:configuration file routines:DEF_LOAD_BIO:missing equal sign:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/conf/conf_def.c:345:line 1

Code: 
# file /usr/bin/openssl
/usr/bin/openssl: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 10.3, stripped

Code: 
# ldd /usr/bin/openssl
/usr/bin/openssl:
        libssl.so.7 => /usr/lib/libssl.so.7 (0x800897000)
        libcrypto.so.7 => /lib/libcrypto.so.7 (0x800b03000)
        libc.so.7 => /lib/libc.so.7 (0x800ef9000)

I also have openssl installed for my email:
Code: 
# ls -l openssl 
-rwxr-xr-x  1 root  wheel  627462 Sep 12 07:39 openssl
# pwd
/usr/local/bin

# file /usr/local/bin/openssl
/usr/local/bin/openssl: ELF 64-bit LSB executable, x86-64, version 1 (FreeBSD), dynamically linked, interpreter /libexec/ld-elf.so.1, for FreeBSD 10.2, not stripped

# ldd /usr/local/bin/openssl
/usr/local/bin/openssl:
        libssl.so.8 => /usr/local/lib/libssl.so.8 (0x8008a1000)
        libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x800b0b000)
        libthr.so.3 => /lib/libthr.so.3 (0x800f18000)
        libc.so.7 => /lib/libc.so.7 (0x80113d000)

Whatever solution is proposed, I really don't want my email broken. When I did the upgrade from 10.2 to 10.3, libressl somehow got installed and it broke everything.
 
You must log in or register to reply here.
Back
Top