On 15.01.2014 13:38, Sébastien Marie wrote: > Hi, > > Short story: the latest package snapshost (i386) is signed with > 55pkg.pub, but the @signer in +CONTENTS is 54pkg. > > Long story: > > I upgraded to (near) latest base system (OpenBSD bert.local 5.5 > GENERIC.MP#217 i386). > And I tried to update my ports too, via packages.
Same problem here too : OpenBSD alex.test 5.5 GENERIC.MP#8 amd64 > > My mirror is ftp://mirror.esc7.net/pub/OpenBSD/snapshots/packages/i386/ > It should be same state as ftp.openbsd.org (having same SHA256 in directory). > > # pkg_add -aui > > pub fp: UQW0HmnVm5k= > sig fp: qMGXBLsGJhI= > signify: verification failed: checked against wrong key > system(/usr/bin/signify, -p, /etc/signify/54pkg.pub, -V, -m, > /tmp/pkgcontent.8ERtOK64G) failed: exit(1) > --- +quirks-1.106 ------------------- > Bad signature > Fatal error: quirks-1.106 is corrupted > at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 659. > > To be sure about the error, I test the following: > > # /usr/bin/signify -p /etc/signify/54pkg.pub -V -m /tmp/pkgcontent.8ERtOK64G > pub fp: UQW0HmnVm5k= > sig fp: qMGXBLsGJhI= > signify: verification failed: checked against wrong key > > OK, the key 54pkg is not the signer. > > # /usr/bin/signify -p /etc/signify/55pkg.pub -V -m /tmp/pkgcontent.8ERtOK64G > # > > So no error with 55pkg.pub, so the 55pkg is the signer. > > But in the package, the registered signer is 54pkg. > > # head /tmp/pkgcontent.8ERtOK64G > @comment $OpenBSD: PLIST,v 1.2 2011/07/14 09:53:58 espie Exp $ > @name quirks-1.106 > @signer 54pkg > @digital-signature signify:2014-01-14T21:43:38Z > @option always-update > @comment pkgpath=devel/quirks cdrom=yes ftp=yes > @arch * > +DESC > @sha ZcShuBxD9cPsWmJce9rnoKKlC4qYQve7PwElfX/uk8Q= > @size 348 > > Thanks. -- Alexis de BRUYN
