OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: W0nderW0lf on August 22, 2020, 02:44:43 pm

Title: 20.7 Invalid Signature - kinda MITM?
Post by: W0nderW0lf on August 22, 2020, 02:44:43 pm

Hello, while trying to upgrade via WEBGUI I receive the following error:

Code: [Select]

***GOT REQUEST TO UPGRADE: maj***
Fetching packages-20.7-LibreSSL-amd64.tar: ... failed, signature invalid
***DONE***
Does it mean that the Package my Machine is trying to download has been manipulated, or is this just a bug from 20.1.9?

Trying to Upgrade via shell isn't working at all. It asks me, if I agree the Upgrade to 20.7, then it checks all repo's and after integrity check I see "nothing to do".

Whats happening?

Title: Re: 20.7 Invalid Signature - kinda MITM?
Post by: chemlud on August 22, 2020, 02:56:21 pm

Try a different HTTPS mirror, maybe? ;-)

Title: Re: 20.7 Invalid Signature - kinda MITM?
Post by: Fasio on August 22, 2020, 04:16:41 pm

This is the problem of updating the pocket itself, I had a similar situation only on versions earlier, try to do a rollback.

Title: Re: 20.7 Invalid Signature - kinda MITM?
Post by: franco on August 23, 2020, 05:19:20 pm

First health audit, second check disk space, third: name mirror.

If the mirror is fine you are looking at download errors for some other reason.


Cheers,
Franco

Title: Re: 20.7 Invalid Signature - kinda MITM?
Post by: chris42 on August 23, 2020, 11:21:23 pm

I have similar issues. I already experienced this on the 20.7 upgrade, but then switching the mirror from (default) to something else worked.
Now I get the following status on mirrors
(default): Timeout while connecting to the selected mirror.
deciso.nl: Timeout while connecting to the selected mirror.
LeaseWeb, Frankfurt: Die Firmwarestatusprüfung wurde intern abgebrochen. Bitte versuchen Sie es erneut.

Current version in dashboard: 20.7.1

Checking the health check, something seems to be off:

Code: [Select]

***GOT REQUEST TO AUDIT HEALTH***
>>> Check installed kernel version
Version 20.7 is incorrect, expected: 20.7.1
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 20.7 is incorrect, expected: 20.7.1
>>> Check for missing or altered base files
No problems detected.
>>> Check for and install missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Checking core packages: ........................
core packages checkt es nun schon einige Zeit.

Log file shows just the following:

Code: [Select]

2020-08-17T07:21:16 pkg-static[75242] opnsense upgraded: 20.7 -> 20.7.1
Using Production, LibreSSL. Disk space is plenty 5% used.

Title: Re: 20.7 Invalid Signature - kinda MITM?
Post by: chris42 on August 25, 2020, 09:37:32 am

Not sure what to do next? Don't want to break anything. Anyone knows how to solve this properly?

Title: Re: 20.7 Invalid Signature - kinda MITM?
Post by: chemlud on August 25, 2020, 10:00:49 am

Try Decisio and/or HTTPS servers closely to you location...

Title: Re: 20.7 Invalid Signature - kinda MITM?
Post by: chris42 on August 25, 2020, 10:24:16 am

That is what I did above...

Title: Re: 20.7 Invalid Signature - kinda MITM?
Post by: chris42 on August 25, 2020, 10:44:12 am

Ok, so I finally was able to upgrade. I did a few restarts, however that didn't help. Then powering off the router completely and booting somewhat worked. I have no clue why.

It then was able to connect and update. Interesting enough, the health check went through within 30seconds (only finding some missing files for acme.sh). When doing the health check for the post above, it took above 30min.