OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: jds on April 11, 2020, 11:11:38 pm

Title: Install files verification fails
Post by: jds on April 11, 2020, 11:11:38 pm

Am I the only one with this problem.  It seems straightforward enough.  Using the instructions from here:
https://docs.opnsense.org/manual/install.html#download-and-verification (https://docs.opnsense.org/manual/install.html#download-and-verification).  Have tried two different mirrors, two times each.
The latest one that I used is https://mirror.wdc1.us.leaseweb.net/opnsense/releases/20.1/ (https://mirror.wdc1.us.leaseweb.net/opnsense/releases/20.1/).  I downloaded the four files to my harddrive:

OPNsense-20.1-OpenSSL-checksums-amd64.sha256 
OPNsense-20.1-OpenSSL-vga-amd64.img.bz2 
OPNsense-20.1-OpenSSL-vga-amd64.img.bz2.sig 
OPNsense-20.1.pub

Then ran
openssl base64 -d -in OPNsense-20.1-OpenSSL-vga-amd64.img.bz2.sig  -out image.sig
openssl dgst -sha256 -verify OPNsense-20.1.pub -signature image.sig OPNsense-20.1-OpenSSL-vga-amd64.img.bz2.sig

But receive:
Verification Failure

The public key file is the same on both mirrors.

I assume that I am just missing something stupid, and that the files have not been hacked.   ;D

Title: Re: Install files verification fails
Post by: jds on April 14, 2020, 05:33:57 pm

I just tried it on another computer, but get the same result.  Has no one else actually tried to verify the files before installing?

Title: Re: Install files verification fails
Post by: jds on April 14, 2020, 06:04:22 pm

I did two more checks.  I also get failed verification for the i386 images.  Secondly, I checked my notes, and was able to get successful verification a couple of months ago. 

Title: Re: Install files verification fails
Post by: opnfwb on April 14, 2020, 09:19:58 pm

I downloaded just now from the same mirror in your first post and the filehash appears to match for me. This is on a windows box without openssl so I can't run the other verification steps that you list.

Code: [Select]

Get-FileHash .\OPNsense-20.1-OpenSSL-vga-amd64.img.bz2 -algorithm sha256

Algorithm       Hash                                                                   Path
---------       ----                                                                   ----
SHA256          019A877C4B4CB96CFDA62D041774A91C030C5A8ECD58F8C3FD0067C7AC392982       D:\downloads\OPNsense-20.1-Op...

PS D:\downloads> cat .\OPNsense-20.1-OpenSSL-checksums-amd64.sha256
SHA256 (OPNsense-20.1-OpenSSL-dvd-amd64.iso.bz2) = 4b15e9b3d72732d325c5eaf46ba34575d4de8cdc3e3ac1b10666c7372563be6d
SHA256 (OPNsense-20.1-OpenSSL-nano-amd64.img.bz2) = 27544a78ae03d480a483cfd2e7cfa703b60e50938a1ed188ec3ccde6c426fefe
SHA256 (OPNsense-20.1-OpenSSL-serial-amd64.img.bz2) = f93bbcbe92059c5de49f22d485da292952b48658a28d1cdaf83191e8c95c03c2
SHA256 (OPNsense-20.1-OpenSSL-vga-amd64.img.bz2) = 019a877c4b4cb96cfda62d041774a91c030c5a8ecd58f8c3fd0067c7ac392982

Title: Re: Install files verification fails
Post by: jds on April 15, 2020, 05:28:08 pm

Thanks for checking that.  I just tried, too, and the hash code does check out.

Title: Re: Install files verification fails
Post by: franco on April 17, 2020, 02:07:07 pm

# openssl dgst -sha256 -verify OPNsense-20.1.pub -signature image.sig OPNsense-20.1-OpenSSL-vga-amd64.img.bz2.sig
Verification Failure

# openssl dgst -sha256 -verify OPNsense-20.1.pub -signature image.sig OPNsense-20.1-OpenSSL-vga-amd64.img.bz2
Verified OK

 ¯\_(ツ)_/¯

Title: Re: Install files verification fails
Post by: jds on April 19, 2020, 08:34:33 pm

It was indeed something stupid!  Thanks for spotting that.

Title: Re: Install files verification fails
Post by: franco on April 20, 2020, 10:55:23 am

No worries, happens to all of us. :)


Cheers,
Franco