Solved The update metadata is correctly signed, but failed an integrity check

formaltux

Member

Reaction score: 1
Messages: 36

Hi,

I upgraded to 10.3 from 9.3 couple of weeks ago using buildworld, buildkernel, installkernel, installword.

Now I cannot binary update:

Code:
root@somehost:~ # uname -a
FreeBSD some.host.com 10.3-RELEASE FreeBSD 10.3-RELEASE #0 r297672: Thu Apr  7 18:32:59 CEST 2016     root@some.host.com:/usr/obj/usr/src/sys/GENERIC  i386
Code:
root@somehost:~ # freebsd-update fetch
Looking up update.FreeBSD.org mirrors... none found.
Fetching metadata signature for 10.3-RELEASE from update.FreeBSD.org... done.
Fetching metadata index... done.

The update metadata is correctly signed, but failed an integrity check.
Cowardly refusing to proceed any further.
I've tried to empty /var/db/freebsd-update but this had no effect.

How to fix this?

Thanks.
 
Last edited by a moderator:

MichaelL

Member

Reaction score: 2
Messages: 30

I upgraded from 10.2 to 10.3 recently, now I think the first patch may have been released.
I'm getting the same error as yourself, re: failed an integrity check when running freebsd-update fetch

n.b. In my case freebsd-update fetch install returns the same error (i.e. everything was previously correctly installed and system rebooted).
 
Last edited by a moderator:

fernandel

Aspiring Daemon

Reaction score: 172
Messages: 740

I have the same problem (upgrade from 10.2 to 10.3 -amd64 with freebsd-update).
Code:
freebsd-version -ku
10.3-RELEASE
10.3-RELEASE
 

wolf23

New Member


Messages: 5

Same here.

First, I upgraded from my 10.2-RELEASE-p14 to 10.3-RELEASE successfully, but from there I got the error described here. I did make sure to run freebsd-update fetch install first---the message from the security team announcing 10.2-RELEASE-p15 just reached me after my upgrade to 10.3-RELEASE. I rolled back to 10.2-RELEASE-p14, updated to 10.2-RELEASE-p15, and now I get the error on every freebsd-update -r 10.3-RELEASE upgrade.

Code:
[root@myhost ~]# freebsd-version -ku
10.2-RELEASE-p14
10.2-RELEASE-p15
[root@myhost ~]# uname -a
FreeBSD myhost 10.2-RELEASE-p14 FreeBSD 10.2-RELEASE-p14 #0: Wed Mar 16 20:46:12 UTC 2016  root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64
Code:
[root@myhost ~]# freebsd-update -r 10.3-RELEASE upgrade
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 10.2-RELEASE from update6.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.

The following components of FreeBSD seem to be installed:
kernel/generic world/base world/doc world/games world/lib32

The following components of FreeBSD do not seem to be installed:

Does this look reasonable (y/n)? y

Fetching metadata signature for 10.3-RELEASE from update6.freebsd.org... done.
Fetching metadata index... done.

The update metadata is correctly signed, but
failed an integrity check.
Cowardly refusing to proceed any further.
 

cfw

Member

Reaction score: 3
Messages: 27

Attempting to freebsd-upgrade 10.3 also gives me

Code:
The update metadata is correctly signed, but
failed an integrity check.
Cowardly refusing to proceed any further.
 

gkontos

Daemon

Reaction score: 475
Messages: 2,147

Same here, bump !


Code:
root@mx001:~ # freebsd-update fetch
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 10.3-RELEASE from update4.freebsd.org... done.
Fetching metadata index... done.
Fetching 2 metadata patches.. done.
Applying metadata patches... done.
Fetching 2 metadata files... done.

The update metadata is correctly signed, but
failed an integrity check.
Cowardly refusing to proceed any further.
 

wisdown

Active Member

Reaction score: 10
Messages: 113

Same issue here on fresh FreeBSD 10.3 amd64.

Last time I see that (10.0), after maintainers remade the package the issue was gone.
 

sku1d

New Member


Messages: 3

I can confirm this issue as well and on a nearly clean base system, because iI am using jails for everything.
 
Last edited by a moderator:

willbprog127

Member

Reaction score: 19
Messages: 69

If anyone cares, I too am experiencing this.

I actually was installing FreeBSD 10.3 so I could post an ongoing journal for the triumphs and failures I encounter while installing and using it. Guess I'll have to put it off until this silliness is resolved. o_O
 

noodlefling

Member

Reaction score: 3
Messages: 97

Whew. At least it's not just me!

I've been in the process of updating systematically from 9.3 to 10.0 to 10.1 to 10.2 to 10.3...not sure if you're supposed to bother doing it that way, but it's a test system and I wanted to give it the most stress possible before upgrading a real system.

Anyway, I made it to 10.2-RELEASE, and then started getting the "cowardly" error message. I tried a few things (including catching up on the latest ntp patch), then rolled back a little at a time, and the issue didn't go away. I rolled all the way back to 10.0-RELEASE, which is now EOL, so I couldn't get to a decent patch level from there. I moved forward again, and am now safely holding at 10.1-RELEASE-p32, waiting until the issue is resolved.

I must say, I'm extremely impressed with the rollback system. I expected it to be a lot buggier, but it really does let you time travel fairly effectively. Kudos to the FreeBSD team for that.

If anything, this has been a productive learning experience, although I hope the fix is worked out soon.
 

dch

Active Member

Reaction score: 42
Messages: 111

This has been resolved now. I hope a short note will be published clarifying what broke by secteam@ at some point.
 

MichaelL

Member

Reaction score: 2
Messages: 30

I can upgrade now, just noticed one thing though, after I upgraded, I checked the version:
Code:
www:~ # freebsd-version

10.3-RELEASE-p1
Great, I was on the new release, as a check, ran the fetch again:
Code:
www:~ # freebsd-update fetch

Looking up update.FreeBSD.org mirrors... 4 mirrors found.

Fetching metadata signature for 10.3-RELEASE from update6.freebsd.org... done.

Fetching metadata index... done.

Inspecting system... done.

Preparing to download files... done.



No updates needed to update system to 10.3-RELEASE-p0.
Note, it reports 10.3-RELEASE-p0 not p1, When I check the version again:
Code:
www:~ # freebsd-version

10.3-RELEASE-p1
The version seems fine, but the update still reports no updated to p0 instead of p1. I'm not exactly going to lose sleep over it, but thought I'd mention it.
 

gkontos

Daemon

Reaction score: 475
Messages: 2,147

It looks like it is fixed. Can someone please mark it as solved?

Thanks
 

obsigna

Aspiring Daemon

Reaction score: 507
Messages: 885

Perhaps the present issue is fixed, but the fix introduced a new problem, namely as MichaelL noted, the repository thinks 10.3-RELEASE is on patch level 0, but actually we are on p1 since mid of March. And people who are running a custom kernel do see the following now:
Code:
Files on mirror (10.3-RELEASE-p0) appear older than what
we are currently running (10.3-RELEASE-p1)!
Cowardly refusing to proceed any further.
 
Top