Repository FreeBSD has a wrong packagesite, need to re-create database

R

Relictrix

Hi,

I upgraded from version 14.0 p6 to 14.1 release. Currently I can still browse the internet, work with the machine, do pings to Freebsd.org. No problem with network connections or my data.

But I cannot upgrade any packages anymore:
Code: 
root@vm1:~ # pkg upgrade
Updating FreeBSD repository catalogue...
pkg: Repository FreeBSD has a wrong packagesite, need to re-create database
pkg: An error occured while fetching package
pkg: An error occured while fetching package
repository FreeBSD has no meta file, using default settings
pkg: An error occured while fetching package
pkg: An error occured while fetching package
pkg: An error occured while fetching package
pkg: An error occured while fetching package
Unable to update repository FreeBSD
Error updating repositories!
root@vm1:~ #

In the end of the man portmaster manual, the following is mentioned:
Using portmaster to do a complete reinstallation of all ports:
1. portmaster --list-origins > ~/installed-port-list
2. Update the ports tree
3. portmaster -ty --clean-distfiles
4. portmaster -Faf
5. pkg delete -afy
6. rm -rf /usr/local/lib/compat/pkg
7. Back up any files in /usr/local you wish to save,
such as configuration files in /usr/local/etc
8. Manually check /usr/local and /var/db/pkg
to make sure that they are really empty
9. Install ports-mgmt/pkg and then ports-mgmt/portmaster.
Remove both from ~/installed-port-list.
10. portmaster --no-confirm `cat ~/installed-port-list`

Would it be wise to do the following steps:
1. pkg delete -afy
2. rm -rf /usr/local/lib/compat/pkg
3. empty /usr/local
4. Empty /var/db/pkg

Now install all ports you want again manually.

Here and there I can find other threads with people having the same issue in the past. I wonder:
1. Is there a way to tackle this directly?
2. If not, would you advise to clean the packages and re-initiate the package management and how?

Thanks in advance.
 
Don’t do the portmaster steps unless you used it before and built from ports.

Also that is for a major upgrade e.g. 13.x to 14.x not a minor upgrade.

So hold fire and someone will be along shortly to help you fix pkg.
 
Hi,

I tried the command you are suggesting, but same behavior:
root@vm1:~ # pkg update -f
Updating FreeBSD repository catalogue...
pkg: Repository FreeBSD has a wrong packagesite, need to re-create database
pkg: An error occured while fetching package
pkg: An error occured while fetching package
repository FreeBSD has no meta file, using default settings
pkg: An error occured while fetching package
pkg: An error occured while fetching package
pkg: An error occured while fetching package
pkg: An error occured while fetching package
Unable to update repository FreeBSD
Error updating repositories!
Click to expand...

Best Regards
 
How is this machine connected to the internet? Any firewalls or proxies in between? And which repository is it trying to access? Look at pkg -vv to see what's enabled.
 
  • Thanks
Reactions: mro
SirDice said:
How is this machine connected to the internet? Any firewalls or proxies in between? And which repository is it trying to access? Look at pkg -vv to see what's enabled.
Click to expand...
The machine is connected via wifi to a modem and then connects to internet. FreeBSD runs on a VM (virtualbox) and has a firewall on the vm and also a windows firewall on the host machine. It worked for years, I tried the command also on different modems on different places. I stopped the internal firewall as well to be sure the firewall was not blocking it. And on the same host with other VMs i can simply do
Code: 
pkg update
or
Code: 
pkg upgrade

Here the information from
Code: 
pkg -vv


Code: 
Version                 : 1.21.3
PKG_DBDIR = "/var/db/pkg";
PKG_CACHEDIR = "/var/cache/pkg";
PORTSDIR = "/usr/ports";
INDEXDIR = "";
INDEXFILE = "INDEX-14";
HANDLE_RC_SCRIPTS = false;
DEFAULT_ALWAYS_YES = false;
ASSUME_ALWAYS_YES = false;
REPOS_DIR [
    "/etc/pkg/",
    "/usr/local/etc/pkg/repos/",
]
PLIST_KEYWORDS_DIR = "";
SYSLOG = true;
ABI = "FreeBSD:14:amd64";
ALTABI = "freebsd:14:x86:64";
DEVELOPER_MODE = false;
VULNXML_SITE = "http://vuxml.freebsd.org/freebsd/vuln.xml.xz";
FETCH_RETRY = 3;
PKG_PLUGINS_DIR = "/usr/local/lib/pkg/";
PKG_ENABLE_PLUGINS = true;
PLUGINS [
]
DEBUG_SCRIPTS = false;
PLUGINS_CONF_DIR = "/usr/local/etc/pkg/";
PERMISSIVE = false;
REPO_AUTOUPDATE = true;
NAMESERVER = "";
HTTP_USER_AGENT = "pkg/1.21.3";
EVENT_PIPE = "";
FETCH_TIMEOUT = 30;
UNSET_TIMESTAMP = false;
SSH_RESTRICT_DIR = "";
PKG_ENV {
}
PKG_SSH_ARGS = "";
DEBUG_LEVEL = 0;
ALIAS {
    all-depends = "query %dn-%dv";
    annotations = "info -A";
    build-depends = "info -qd";
    cinfo = "info -Cx";
    comment = "query -i \"%c\"";
    csearch = "search -Cx";
    desc = "query -i \"%e\"";
    download = "fetch";
    iinfo = "info -ix";
    isearch = "search -ix";
    prime-list = "query -e '%a = 0' '%n'";
    prime-origins = "query -e '%a = 0' '%o'";
    leaf = "query -e '%#r == 0' '%n-%v'";
    list = "info -ql";
    noauto = "query -e '%a == 0' '%n-%v'";
    options = "query -i \"%n - %Ok: %Ov\"";
    origin = "info -qo";
    orphans = "version -vRl?";
    provided-depends = "info -qb";
    rall-depends = "rquery %dn-%dv";
    raw = "info -R";
    rcomment = "rquery -i \"%c\"";
    rdesc = "rquery -i \"%e\"";
    required-depends = "info -qr";
    roptions = "rquery -i \"%n - %Ok: %Ov\"";
    shared-depends = "info -qB";
    show = "info -f -k";
    size = "info -sq";
    unmaintained = "query -e '%m = \"ports@FreeBSD.org\"' '%o (%w)'";
    runmaintained = "rquery -e '%m = \"ports@FreeBSD.org\"' '%o (%w)'";
}
CUDF_SOLVER = "";
SAT_SOLVER = "";
RUN_SCRIPTS = true;
CASE_SENSITIVE_MATCH = false;
LOCK_WAIT = 1;
LOCK_RETRIES = 5;
SQLITE_PROFILE = false;
WORKERS_COUNT = 0;
READ_LOCK = false;
IP_VERSION = 0;
AUTOMERGE = true;
VERSION_SOURCE = "";
CONSERVATIVE_UPGRADE = true;
PKG_CREATE_VERBOSE = false;
AUTOCLEAN = false;
DOT_FILE = "";
REPOSITORIES {
}
VALID_URL_SCHEME [
    "pkg+http",
    "pkg+https",
    "https",
    "http",
    "file",
    "ssh",
    "tcp",
]
ALLOW_BASE_SHLIBS = false;
WARN_SIZE_LIMIT = 1048576;
METALOG = "";
OSVERSION = 1401000;
IGNORE_OSVERSION = false;
BACKUP_LIBRARIES = false;
BACKUP_LIBRARY_PATH = "/usr/local/lib/compat/pkg";
PKG_TRIGGERS_DIR = "/usr/local/share/pkg/triggers";
PKG_TRIGGERS_ENABLE = true;
AUDIT_IGNORE_GLOB [
]
AUDIT_IGNORE_REGEX [
]
COMPRESSION_FORMAT = "";
COMPRESSION_LEVEL = -1;
ARCHIVE_SYMLINK = false;
REPO_ACCEPT_LEGACY_PKG = false;
FILES_IGNORE_GLOB [
]
FILES_IGNORE_REGEX [
]


Repositories:
  FreeBSD: {
    url             : "pkg+https://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly",
    enabled         : yes,
    priority        : 0,
    mirror_type     : "SRV",
    signature_type  : "FINGERPRINTS",
    fingerprints    : "/usr/share/keys/pkg"
  }

Thanks for looking into this issue.
 
Relictrix said:
The machine is connected via wifi to a modem and then connects to internet. FreeBSD runs on a VM (virtualbox) and has a firewall on the vm and also a windows firewall on the host machine.
Click to expand...
Well, something along that path is interfering and causing the downloads to fail.
 
Ok so what you mean is that something is still blocking it. Am I right to conclude that the pkg during a update or upgrade is a straigth forward process?

I could fetch the http://vuxml.freebsd.org/freebsd/vuln.xml.xz with:
Code: 
fetch http://vuxml.freebsd.org/freebsd/vuln.xml.xz

Next, I just do something, don't know how it really works:
fetch https://pkg.freebsd.org/FreeBSD:14:amd64/quarterly

Got it:
Code: 
root@vm1:~ # fetch https://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly
Certificate verification failed for /C=US/ST=California/O=Zscaler Inc./OU=Zscaler Inc./CN=Zscaler Intermediate Root CA (zscalerthree.net)/emailAddress=support@zscaler.com
0020018DA3380000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
fetch: https://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly: Authentication error

Thanks SirDice, and good you did not change your mind and kept hammering that something should be wrong with the call to outside.

I had to add the zscaler certificate to the browser in order to be able to browse the internet, but this time i have to place it somewhere so the command line can use it. It's the first time I do this. How can I best do that?
 
  • Like
Reactions: mro
Internet CA root certificates are in security/ca_root_nss. But I do seem to recall the CA certificates for the FreeBSD servers come with the base OS. Or else you end up with a chicken and egg kind of problem.
 
Hey I have the same problem!

Code: 
[root@thinkcentre-freebsd ~]# pkg bootstrap -f

The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+https://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly, please wait...
Certificate verification failed for /C=US/O=Internet Security Research Group/CN=ISRG Root X1
0020A10CEC1B0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /C=US/O=Internet Security Research Group/CN=ISRG Root X1
0020A10CEC1B0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /C=US/O=Internet Security Research Group/CN=ISRG Root X1
0020A10CEC1B0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /C=US/O=Internet Security Research Group/CN=ISRG Root X1
0020A10CEC1B0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /C=US/O=Internet Security Research Group/CN=ISRG Root X1
0020A10CEC1B0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
Certificate verification failed for /C=US/O=Internet Security Research Group/CN=ISRG Root X1
0020A10CEC1B0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:1890:
pkg: Error fetching https://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly/Latest/pkg.txz: Authentication error
A pre-built version of pkg could not be found for your system.
Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'.

What happened? Did something break?

Edit: Never mind I found it. The clock of my machine was set to Jan 1 2015. I need to change it and the CMOS battery.
 
SirDice said:
Internet CA root certificates are in security/ca_root_nss. But I do seem to recall the CA certificates for the FreeBSD servers come with the base OS. Or else you end up with a chicken and egg kind of problem.
Click to expand...
Ok solved.

I did following steps:

1. Go to MCC in the Windows host
2. Export zscaler root to cer
3. Upload to VM
4. Change cer to pem: openssl x509 -inform der -in certificate.cer -out certificate.pem
5. Do following steps:


Code: 
mkdir -p /usr/local/etc/ssl/certs/
cp certificatefile.pem /usr/local/etc/ssl/certs/       
certctl rehash

Thanks again for your help
 
You must log in or register to reply here.
Back
Top