OPNsense Forum

Archive => 22.1 Legacy Series => Topic started by: phoenix on January 29, 2022, 01:34:38 PM

Title: Upgrade fails with "signature invalid"
Post by: phoenix on January 29, 2022, 01:34:38 PM
I've been trying to update to the latest release without success, it keeps failing with a "signature invalid". I've used the default settings and several different mirrors and all of them are failing with the same error.

This is the truncated output:

***GOT REQUEST TO UPGRADE***
Currently running OPNsense 21.7.8 (amd64/OpenSSL) at Sat Jan 29 10:04:36 UTC 2022
Fetching packages-22.1-OpenSSL-amd64.tar: ... failed, signature invalid
***DONE***


This instance of OPNsense is a VM (on VMware) and I've never had any problems upgrading in the past. What can I do to debug or fix this problem?

Regards


Bill
Title: Re: Upgrade fails with "signature invalid"
Post by: franco on January 29, 2022, 02:31:50 PM
Hi Bill,

Can you do a health audit? Maybe the signature was missing from the install of 21.7.8. A reinstall of that package might help.

Just as a first stab...


Cheers,
Franco
Title: Re: Upgrade fails with "signature invalid"
Post by: franco on January 29, 2022, 02:32:29 PM
Maybe also try to see if your disk is full so that it may cause this.
Title: Re: Upgrade fails with "signature invalid"
Post by: phoenix on January 29, 2022, 03:42:24 PM
Hi Franco

Thanks for your comments. I've run the audit etc  and the output is as follows:

Audit:

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 21.7.8 (amd64/OpenSSL) at Sat Jan 29 13:44:22 UTC 2022
vulnxml file up-to-date
0 problem(s) in 0 installed package(s) found.
***DONE***

***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 21.7.8 (amd64/OpenSSL) at Sat Jan 29 13:45:25 UTC 2022
>>> Check installed kernel version
Version 21.7.8 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 21.7.8 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 66 dependencies to check.
Checking packages: .................................................................... done
***DONE***

***GOT REQUEST TO AUDIT SECURITY***
Currently running OPNsense 21.7.8 (amd64/OpenSSL) at Sat Jan 29 13:47:19 UTC 2022
vulnxml file up-to-date
0 problem(s) in 0 installed package(s) found.
***DONE***

root@opnsense01:~ # df -h
Filesystem            Size    Used   Avail Capacity  Mounted on
zroot/ROOT/default     22G    2.0G     20G     9%    /
devfs                 1.0K    1.0K      0B   100%    /dev
zroot/var/mail         20G    149K     20G     0%    /var/mail
zroot                  20G    117K     20G     0%    /zroot
zroot/tmp              20G    741K     20G     0%    /tmp
zroot/usr/home         20G    117K     20G     0%    /usr/home
zroot/var/log          21G    290M     20G     1%    /var/log
zroot/var/audit        20G    117K     20G     0%    /var/audit
zroot/usr/ports        20G    117K     20G     0%    /usr/ports
zroot/var/crash        20G    117K     20G     0%    /var/crash
zroot/usr/src          20G    117K     20G     0%    /usr/src
zroot/var/tmp          20G    117K     20G     0%    /var/tmp
devfs                 1.0K    1.0K      0B   100%    /var/dhcpd/dev
root@opnsense01:~ #


I've also tried to reinstall the 22.1.7.8 and that also failed:

***GOT REQUEST TO UPGRADE***
Currently running OPNsense 21.7.8 (amd64/OpenSSL) at Sat Jan 29 10:04:36 UTC 2022
Fetching packages-22.1-OpenSSL-amd64.tar: ...
failed, signature invalid
***DONE***


This all seems a bit strange to me.  :( Unfortunately my internet connection here in the UK is a measly ADSL dead slow connection and it takes about three hours to download the update to 22.1

Regards


Bill
Title: Re: Upgrade fails with "signature invalid"
Post by: syserr0r on February 03, 2022, 10:17:14 PM
I encountered this just now (default mirror). I retried the upgrade an hour later and it worked *shrugs*