20.7 Invalid Signature - kinda MITM?

Started by W0nderW0lf, August 22, 2020, 02:44:43 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 22, 2020, 02:44:43 PM Last Edit: August 22, 2020, 02:51:43 PM by W0nderW0lf
Hello, while trying to upgrade via WEBGUI I receive the following error:

Code Select
***GOT REQUEST TO UPGRADE: maj***
Fetching packages-20.7-LibreSSL-amd64.tar: ... failed, signature invalid
***DONE***

Does it mean that the Package my Machine is trying to download has been manipulated, or is this just a bug from 20.1.9?

Trying to Upgrade via shell isn't working at all. It asks me, if I agree the Upgrade to 20.7, then it checks all repo's and after integrity check I see "nothing to do".

Whats happening?
August 22, 2020, 02:56:21 PM #1
Try a different HTTPS mirror, maybe? ;-)
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
August 22, 2020, 04:16:41 PM #2
This is the problem of updating the pocket itself, I had a similar situation only on versions earlier, try to do a rollback.
August 23, 2020, 05:19:20 PM #3
First health audit, second check disk space, third: name mirror.

If the mirror is fine you are looking at download errors for some other reason.


Cheers,
Franco
August 23, 2020, 11:21:23 PM #4
I have similar issues. I already experienced this on the 20.7 upgrade, but then switching the mirror from (default) to something else worked.
Now I get the following status on mirrors
(default): Timeout while connecting to the selected mirror.
deciso.nl: Timeout while connecting to the selected mirror.
LeaseWeb, Frankfurt: Die Firmwarestatusprüfung wurde intern abgebrochen. Bitte versuchen Sie es erneut.

Current version in dashboard: 20.7.1

Checking the health check, something seems to be off:
Code Select
***GOT REQUEST TO AUDIT HEALTH***
>>> Check installed kernel version
Version 20.7 is incorrect, expected: 20.7.1
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 20.7 is incorrect, expected: 20.7.1
>>> Check for missing or altered base files
No problems detected.
>>> Check for and install missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Checking core packages: ........................

core packages checkt es nun schon einige Zeit.

Log file shows just the following:
Code Select
2020-08-17T07:21:16 pkg-static[75242] opnsense upgraded: 20.7 -> 20.7.1

Using Production, LibreSSL. Disk space is plenty 5% used.

August 25, 2020, 09:37:32 AM #5
Not sure what to do next? Don't want to break anything. Anyone knows how to solve this properly?
August 25, 2020, 10:00:49 AM #6
Try Decisio and/or HTTPS servers closely to you location...
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
August 25, 2020, 10:24:16 AM #7
That is what I did above...
August 25, 2020, 10:44:12 AM #8
Ok, so I finally was able to upgrade. I did a few restarts, however that didn't help. Then powering off the router completely and booting somewhat worked. I have no clue why.

It then was able to connect and update. Interesting enough, the health check went through within 30seconds (only finding some missing files for acme.sh). When doing the health check for the post above, it took above 30min.
Print
Go Up Pages1
User actions