pkg: No signature found // Unable to update repository

Dear FreeBSD-community!

While upgrading the packages in my jails as usual, I ran over this problem:
Code:
$ for i in `jls jid` ; do sudo pkg -j $i update ; done
Updating FreeBSD repository catalogue...
[jailA] Fetching meta.conf: 100%    163 B   0.2kB/s    00:01    
[jailA] Fetching packagesite.txz: 100%    6 MiB   6.4MB/s    00:01    
pkg: No signature found
Unable to update repository FreeBSD
Updating poudriere repository catalogue...
[jailA] Fetching meta.conf: 100%    163 B   0.2kB/s    00:01    
[jailA] Fetching packagesite.txz: 100%  152 KiB  17.3kB/s    00:09    
pkg: No signature found in the repository.  Can not validate against /usr/local/etc/ssl/certs/poudriere.cert key.
Unable to update repository poudriere
Error updating repositories!
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating poudriere repository catalogue...
poudriere repository is up to date.
All repositories are up to date.

Code:
root@jailA:~ # ls -l /usr/local/etc/ssl/certs/
total 7
-rw-r--r--  1 root  wheel  800  3 Jän. 14:48 poudriere.cert

Can't tell what happened. And can't find a way to fix it. Already tried pkg update -f. I just can't install or upgrade anything. pkg info lists all installed packages correctly - I suppose. Also:
Code:
root@jailA:~ # pkg clean
pkg: Repository FreeBSD missing. 'pkg update' required
pkg: No package database installed.  Nothing to do!

Maybe / hopefully something simple I don't recognize?
 
Code:
# pkg -vv
Version                 : 1.16.3

    comment = "query -i \"%c\"";
    csearch = "search -Cx";
    desc = "query -i \"%e\"";
    download = "fetch";
    iinfo = "info -ix";
    isearch = "search -ix";
    prime-list = "query -e '%a = 0' '%n'";
    prime-origins = "query -e '%a = 0' '%o'";
    leaf = "query -e '%#r == 0' '%n-%v'";
    list = "info -ql";
    noauto = "query -e '%a == 0' '%n-%v'";
    options = "query -i \"%n - %Ok: %Ov\"";
    origin = "info -qo";
    provided-depends = "info -qb";
    rall-depends = "rquery %dn-%dv";
    raw = "info -R";
    rcomment = "rquery -i \"%c\"";
    rdesc = "rquery -i \"%e\"";
    required-depends = "info -qr";
    roptions = "rquery -i \"%n - %Ok: %Ov\"";
    shared-depends = "info -qB";
    show = "info -f -k";
    size = "info -sq";
    unmaintained = "query -e '%m = \"ports@FreeBSD.org\"' '%o (%w)'";
    runmaintained = "rquery -e '%m = \"ports@FreeBSD.org\"' '%o (%w)'";
}
CUDF_SOLVER = "";
SAT_SOLVER = "";
RUN_SCRIPT
BACKUP_LIBRARIES = false;
BACKUP_LIBRARY_PATH = "/usr/local/lib/compat/pkg";
PKG_TRIGGERS_DIR = "/usr/local/share/pkg/triggers";
PKG_TRIGGERS_ENABLE = true;
AUDIT_IGNORE_GLOB [
]
AUDIT_IGNORE_REGEX [
    "NULL",
]


Repositories:
  FreeBSD: {  
    url             : "pkg+http://pkg.FreeBSD.org/FreeBSD:12:amd64/quarterly",
    enabled         : yes,
    priority        : 0,
    mirror_type     : "SRV",
    signature_type  : "FINGERPRINTS",
    fingerprints    : "/usr/share/keys/pkg"
  }
  poudriere: {  
    url             : "http://192.168.13.14/packages/FreeBSD:12:amd64-default/",
    enabled         : yes,
    priority        : 100,
    mirror_type     : "HTTP",
    signature_type  : "PUBKEY",
    pubkey          : "/usr/local/etc/ssl/certs/poudriere.cert"
  }
 
It looks like pkg(8) might be getting confused between the different signature_types of the repositories. Does it work if you disable one of the two?
 
It works on 2 hosts and 14 other jails.

With only one repo enabled:
Code:
jailA:~ # pkg -vv
Version                 : 1.16.3

    comment = "query -i \"%c\"";
    csearch = "search -Cx";
    desc = "query -i \"%e\"";
    download = "fetch";
    iinfo = "info -ix";
    isearch = "search -ix";
    prime-list = "query -e '%a = 0' '%n'";
    prime-origins = "query -e '%a = 0' '%o'";
    leaf = "query -e '%#r == 0' '%n-%v'";
    list = "info -ql";
    noauto = "query -e '%a == 0' '%n-%v'";
    options = "query -i \"%n - %Ok: %Ov\"";
    origin = "info -qo";
    provided-depends = "info -qb";
    rall-depends = "rquery %dn-%dv";
    raw = "info -R";
    rcomment = "rquery -i \"%c\"";
    rdesc = "rquery -i \"%e\"";
    required-depends = "info -qr";
    roptions = "rquery -i \"%n - %Ok: %Ov\"";
    shared-depends = "info -qB";
    show = "info -f -k";
    size = "info -sq";
    unmaintained = "query -e '%m = \"ports@FreeBSD.org\"' '%o (%w)'";
    runmaintained = "rquery -e '%m = \"ports@FreeBSD.org\"' '%o (%w)'";
}
CUDF_SOLVER = "";
SAT_SOLVER = "";
RUN_SCRIPT
BACKUP_LIBRARIES = false;
BACKUP_LIBRARY_PATH = "/usr/local/lib/compat/pkg";
PKG_TRIGGERS_DIR = "/usr/local/share/pkg/triggers";
PKG_TRIGGERS_ENABLE = true;
AUDIT_IGNORE_GLOB [
]
AUDIT_IGNORE_REGEX [
/export/freebsd-pkg-cache/12.0-RELEASE/amd64                4,5T    9,2M    4,5T     0%    /usr/local/export/freebsd-pkg-cache/12.0-RELEASE/amd64
    "NULL",
]


Repositories:
  FreeBSD: { 
    url             : "pkg+http://pkg.FreeBSD.org/FreeBSD:12:amd64/quarterly",
    enabled         : yes,
    priority        : 0,
    mirror_type     : "SRV",
    signature_type  : "FINGERPRINTS",
    fingerprints    : "/usr/share/keys/pkg"
  }
  poudriere: { 
    url             : "http://192.168.13.14/packages/FreeBSD:12:amd64-default/",
    enabled         : no,
    priority        : 100,
    mirror_type     : "HTTP",
    signature_type  : "PUBKEY",
    pubkey          : "/usr/local/etc/ssl/certs/poudriere.cert"
  }
jailA:~ # pkg update
Updating FreeBSD repository catalogue...
[jailA] Fetching meta.conf: 100%    163 B   0.2kB/s    00:01    
[jailA] Fetching packagesite.txz: 100%    6 MiB   6.4MB/s    00:01    
pkg: No signature found
Unable to update repository FreeBSD
Error updating repositories!
jailA:~ # pkg -vv
Version                 : 1.16.3

    comment = "query -i \"%c\"";
    csearch = "search -Cx";
    desc = "query -i \"%e\"";
    download = "fetch";
    iinfo = "info -ix";
    isearch = "search -ix";
    prime-list = "query -e '%a = 0' '%n'";
    prime-origins = "query -e '%a = 0' '%o'";
    leaf = "query -e '%#r == 0' '%n-%v'";
    list = "info -ql";
    noauto = "query -e '%a == 0' '%n-%v'";
    options = "query -i \"%n - %Ok: %Ov\"";
    origin = "info -qo";
    provided-depends = "info -qb";
    rall-depends = "rquery %dn-%dv";
    raw = "info -R";
    rcomment = "rquery -i \"%c\"";
    rdesc = "rquery -i \"%e\"";
    required-depends = "info -qr";
    roptions = "rquery -i \"%n - %Ok: %Ov\"";
    shared-depends = "info -qB";
    show = "info -f -k";
    size = "info -sq";
    unmaintained = "query -e '%m = \"ports@FreeBSD.org\"' '%o (%w)'";
    runmaintained = "rquery -e '%m = \"ports@FreeBSD.org\"' '%o (%w)'";
}
CUDF_SOLVER = "";
SAT_SOLVER = "";
RUN_SCRIPT
BACKUP_LIBRARIES = false;
BACKUP_LIBRARY_PATH = "/usr/local/lib/compat/pkg";
PKG_TRIGGERS_DIR = "/usr/local/share/pkg/triggers";
PKG_TRIGGERS_ENABLE = true;
AUDIT_IGNORE_GLOB [
]
AUDIT_IGNORE_REGEX [
    "NULL",
]


Repositories:
  FreeBSD: { 
    url             : "pkg+http://pkg.FreeBSD.org/FreeBSD:12:amd64/quarterly",
    enabled         : no,
    priority        : 0,
    mirror_type     : "SRV",
    signature_type  : "FINGERPRINTS",
    fingerprints    : "/usr/share/keys/pkg"
  }
  poudriere: { 
    url             : "http://192.168.13.14/packages/FreeBSD:12:amd64-default/",
    enabled         : yes,
    priority        : 100,
    mirror_type     : "HTTP",
    signature_type  : "PUBKEY",
    pubkey          : "/usr/local/etc/ssl/certs/poudriere.cert"
  }
jailA:~ # pkg update
Updating poudriere repository catalogue...
[jailA] Fetching meta.conf: 100%    163 B   0.2kB/s    00:01    
[jailA] Fetching packagesite.txz: 100%  152 KiB  77.7kB/s    00:02    
pkg: No signature found in the repository.  Can not validate against /usr/local/etc/ssl/certs/poudriere.cert key.
Unable to update repository poudriere
Error updating repositories!
 
Is that key valid? Does it correspond with the key you used to sign your packages with poudriere? Maybe the key was updated recently?
 
As mentioned, the repository works on other hosts and jails. And it's not only my poudriere repo, but also the official FreeBSD repo.


Running on host and jail:
Code:
$ pkg -vv
Version                 : 1.16.3

    comment = "query -i \"%c\"";
    csearch = "search -Cx";
    desc = "query -i \"%e\"";
    download = "fetch";
    iinfo = "info -ix";
    isearch = "search -ix";
    prime-list = "query -e '%a = 0' '%n'";
    prime-origins = "query -e '%a = 0' '%o'";
    leaf = "query -e '%#r == 0' '%n-%v'";
    list = "info -ql";
    noauto = "query -e '%a == 0' '%n-%v'";
    options = "query -i \"%n - %Ok: %Ov\"";
    origin = "info -qo";
    provided-depends = "info -qb";
    rall-depends = "rquery %dn-%dv";
    raw = "info -R";
    rcomment = "rquery -i \"%c\"";
    rdesc = "rquery -i \"%e\"";
    required-depends = "info -qr";
    roptions = "rquery -i \"%n - %Ok: %Ov\"";
    shared-depends = "info -qB";
    show = "info -f -k";
    size = "info -sq";
    unmaintained = "query -e '%m = \"ports@FreeBSD.org\"' '%o (%w)'";
    runmaintained = "rquery -e '%m = \"ports@FreeBSD.org\"' '%o (%w)'";
}
CUDF_SOLVER = "";
SAT_SOLVER = "";
RUN_SCRIPT
BACKUP_LIBRARIES = false;
BACKUP_LIBRARY_PATH = "/usr/local/lib/compat/pkg";
PKG_TRIGGERS_DIR = "/usr/local/share/pkg/triggers";
PKG_TRIGGERS_ENABLE = true;
AUDIT_IGNORE_GLOB [
]
AUDIT_IGNORE_REGEX [
    "NULL",
]

Repositories:
  FreeBSD: { 
    url             : "pkg+http://pkg.FreeBSD.org/FreeBSD:12:amd64/quarterly",
    enabled         : yes,
    priority        : 0,
    mirror_type     : "SRV",
    signature_type  : "FINGERPRINTS",
    fingerprints    : "/usr/share/keys/pkg"
  }
  poudriere: { 
    url             : "http://192.168.13.14/packages/FreeBSD:12:amd64-default/",
    enabled         : yes,
    priority        : 100,
    mirror_type     : "HTTP",
    signature_type  : "PUBKEY",
    pubkey          : "/usr/local/etc/ssl/certs/poudriere.cert"
  }
$ sudo pkg update
Updating FreeBSD repository catalogue...
Fetching packagesite.txz: 100%    6 MiB   6.4MB/s    00:01    
Processing entries: 100%
FreeBSD repository update completed. 30139 packages processed.
Updating poudriere repository catalogue...
poudriere repository is up to date.
All repositories are up to date.
$ sudo pkg -j 3 update
Updating FreeBSD repository catalogue...
[jailA] Fetching meta.conf: 100%    163 B   0.2kB/s    00:01    
[jailA] Fetching packagesite.txz: 100%    6 MiB   6.4MB/s    00:01    
pkg: No signature found
Unable to update repository FreeBSD
Updating poudriere repository catalogue...
[jailA] Fetching meta.conf: 100%    163 B   0.2kB/s    00:01    
[jailA] Fetching packagesite.txz: 100%  152 KiB  77.7kB/s    00:02    
pkg: No signature found in the repository.  Can not validate against /usr/local/etc/ssl/certs/poudriere.cert key.
Unable to update repository poudriere
Error updating repositories!
$ sudo diff /usr/local/etc/ssl/certs/poudriere.cert /usr/jails/jails/jailA/usr/local/etc/ssl/certs/poudriere.cert 
$ ls -l /usr/local/etc/ssl/certs/poudriere.cert /usr/jails/jails/jailA/usr/local/etc/ssl/certs/poudriere.cert
-rw-r--r--  1 root  root  800  5 Apr. 18:57 /usr/jails/jails/jailA/usr/local/etc/ssl/certs/poudriere.cert
-rw-r--r--  1 root  root  800  3 Jän. 23:54 /usr/local/etc/ssl/certs/poudriere.cert
$
 
Finally found the cause. File permissions on /tmp where messed up, most likely by samba-tool ntacl sysvolreset.

samba-tool ntacl sysvolreset and samba-tool ntacl sysvolcheck never ran succesfully and only threw exceptions. Since /tmp was owned by the domain-admin and had perms 075 I suspect that as culprit. God knows where else perms are messed up.
 
Back
Top