20.7 Invalid Signature - kinda MITM?

[W0nderW0lf]

Hello, while trying to upgrade via WEBGUI I receive the following error:

Code: [Select]

***GOT REQUEST TO UPGRADE: maj***
Fetching packages-20.7-LibreSSL-amd64.tar: ... failed, signature invalid
***DONE***
Does it mean that the Package my Machine is trying to download has been manipulated, or is this just a bug from 20.1.9?

Trying to Upgrade via shell isn't working at all. It asks me, if I agree the Upgrade to 20.7, then it checks all repo's and after integrity check I see "nothing to do".

Whats happening?

[chemlud]

Try a different HTTPS mirror, maybe? ;-)

[Fasio]

This is the problem of updating the pocket itself, I had a similar situation only on versions earlier, try to do a rollback.

[franco]

First health audit, second check disk space, third: name mirror.

If the mirror is fine you are looking at download errors for some other reason.


Cheers,
Franco

[chris42]

I have similar issues. I already experienced this on the 20.7 upgrade, but then switching the mirror from (default) to something else worked.
Now I get the following status on mirrors
(default): Timeout while connecting to the selected mirror.
deciso.nl: Timeout while connecting to the selected mirror.
LeaseWeb, Frankfurt: Die Firmwarestatusprüfung wurde intern abgebrochen. Bitte versuchen Sie es erneut.

Current version in dashboard: 20.7.1

Checking the health check, something seems to be off:

Code: [Select]

***GOT REQUEST TO AUDIT HEALTH***
>>> Check installed kernel version
Version 20.7 is incorrect, expected: 20.7.1
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 20.7 is incorrect, expected: 20.7.1
>>> Check for missing or altered base files
No problems detected.
>>> Check for and install missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Checking core packages: ........................
core packages checkt es nun schon einige Zeit.

Log file shows just the following:

Code: [Select]

2020-08-17T07:21:16 pkg-static[75242] opnsense upgraded: 20.7 -> 20.7.1
Using Production, LibreSSL. Disk space is plenty 5% used.

[chris42]

Not sure what to do next? Don't want to break anything. Anyone knows how to solve this properly?

[chemlud]

Try Decisio and/or HTTPS servers closely to you location...

[chris42]

That is what I did above...

[chris42]

Ok, so I finally was able to upgrade. I did a few restarts, however that didn't help. Then powering off the router completely and booting somewhat worked. I have no clue why.

It then was able to connect and update. Interesting enough, the health check went through within 30seconds (only finding some missing files for acme.sh). When doing the health check for the post above, it took above 30min.