Project

General

Profile

Bug #26984

Resign Manifest so updates work

Added by Peter Clifton almost 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Critical
Assignee:
Vaibhav Chauhan
Category:
OS
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

Hi,

Having trouble installing update from 11.1-RC1 to 11.1-RC3, due to a bad manifest signature.

root@nas:/mnt/sassy # freenas-update -v check
[freenasOS.Configuration:692] TryGetNetworkFile(['http://update-master.ixsystems.com/FreeNAS/FreeNAS-11.1-PRERELEASE/LATEST'])
[freenasOS.Configuration:822] TryGetNetworkFile(['http://update-master.ixsystems.com/FreeNAS/FreeNAS-11.1-PRERELEASE/LATEST']): Read 2358 bytes total
[freenasOS.Configuration:692] TryGetNetworkFile(['http://update-master.ixsystems.com/updates/ix_crl.pem'])
[freenasOS.Configuration:84] CheckFreeSpace(path=/tmp/tmp86_cjiw8.pem, pool=None, required=1028)
[freenasOS.Configuration:822] TryGetNetworkFile(['http://update-master.ixsystems.com/updates/ix_crl.pem']): Read 1028 bytes total
[freenasOS.Update:926] Latest manifest has invalid signature: Signature verification failed
[freenas-update:199] Manifest has invalid signature
Manifest has invalid signature

manifest_util verify
TryGetNetworkFile(['http://update-master.ixsystems.com/updates/ix_crl.pem'])
CheckFreeSpace(path=/tmp/tmpxa8ktqs0.pem, pool=None, required=1028)
TryGetNetworkFile(['http://update-master.ixsystems.com/updates/ix_crl.pem']): Read 1028 bytes total
Verified

I extracted the MANIFEST file from the manual update tar file (and also, one for the RC1 manual update, and get this:

root@nas:/mnt/sassy # manifest_util -M MANIFEST verify
TryGetNetworkFile(['http://update-master.ixsystems.com/updates/ix_crl.pem'])
CheckFreeSpace(path=/tmp/tmp7wmfk59f.pem, pool=None, required=1028)
TryGetNetworkFile(['http://update-master.ixsystems.com/updates/ix_crl.pem']): Read 1028 bytes total
Bad Signature

Thoughts as to whether I've managed to mess up my system, or whether this is a wider problem?

I verified (via md5 sum check), that the contents of /usr/local/share/certs match those in the image inside the RC3 install ISO.

Any further steps I can take to debug this?


Related issues

Has duplicate FreeNAS - Bug #26983: 11-stable mistaken for 11-nightlies by updaterClosed: Duplicate2017-12-01

History

#1 Updated by survive - almost 3 years ago

Hi guys,

I haven't checked nearly as thoroughly as the op, but I'm getting an error running 11.1-RC1 when I check through the GUI update button:

Update server could not be reached

Traceback
Traceback (most recent call last):
File "./freenasUI/system/views.py", line 1495, in update_check
train=updateobj.get_train(),
File "/usr/local/lib/freenasOS/Update.py", line 877, in CheckForUpdates
raise UpdateManifestNotFound("Manifest could not be found!")
freenasOS.Exceptions.UpdateManifestNotFound: Manifest could not be found!

-Will

#2 Updated by survive - almost 3 years ago

Hi guys,

So I grabbed the manual update .tar file from the ftp site and I get this:

Dec 1 22:08:47 filer-01 /freenas-update: [freenasOS.Update:1599] Could not load cached manifest file: Signature verification failed
Dec 1 22:08:47 filer-01 /freenas-update: [freenasOS.Update:926] Latest manifest has invalid signature: Signature verification failed
Dec 1 22:08:47 filer-01 /freenas-update: [freenas-update:199] Manifest has invalid signature
Dec 1 22:08:47 filer-01 uwsgi: [middleware.exceptions:36] [MiddlewareError: Failed to apply update Command '['/usr/local/bin/freenas-update', '-C', '/var/tmp/firmware', 'update']' returned non-zero exit status 1.: b'']

When I try & install.

-Will

#3 Updated by Sean Fagan almost 3 years ago

  • Assignee changed from Release Council to Vaibhav Chauhan

Signed with the wrong key. VB?

#4 Updated by Dru Lavigne almost 3 years ago

  • Priority changed from No priority to Important
  • Target version set to 11.1

#5 Avatar?id=14398&size=24x24 Updated by Kris Moore almost 3 years ago

  • Has duplicate Bug #26983: 11-stable mistaken for 11-nightlies by updater added

#6 Avatar?id=14398&size=24x24 Updated by Kris Moore almost 3 years ago

  • Priority changed from Important to Critical

VB: Looks like it was improperly signed. Can you re-push the update and re-sign it?

#7 Updated by Dru Lavigne almost 3 years ago

  • Subject changed from Can't update 11.1-RC1 to 11.1-RC3 (Manifest signature?) to Resign Manifest so updates work

#8 Updated by Vaibhav Chauhan almost 3 years ago

  • Status changed from Unscreened to Screened

I have signed the updates with correct keys, QA is working on to verify this fixes the issue.

#9 Updated by Dru Lavigne almost 3 years ago

  • Status changed from Screened to 47
  • Target version changed from 11.1 to Master - FreeNAS Nightlies

#10 Updated by Michael Dexter almost 3 years ago

This I learned (thank you VB). The update can be done at the command line:

freenas-update -T FreeNAS-11.1-PRERELEASE check
freenas-update -T FreeNAS-11.1-PRERELEASE update

Perhaps the error message should suggest this if a seatbelt is in place? Currently, the error message is not helpful.

#11 Updated by survive - almost 3 years ago

Hi guys,

I went ahead and updated my filer using the RC3 .iso over the weekend. That said, the behavior of the update check button in the GUI is now acting normally & returning no updates instead of a traceback error.

-Will

#12 Updated by Peter Clifton almost 3 years ago

I can confirm that my 2x boxes now update properly since the update has been resigned.

#13 Updated by Bonnie Follweiler almost 3 years ago

  • Needs QA changed from Yes to No
  • QA Status Test Passes FreeNAS added
  • QA Status deleted (Not Tested)

This works in FreeNAS-11.1-INTERNAL2

#14 Updated by Dru Lavigne almost 3 years ago

  • Status changed from 47 to Resolved

Also available in: Atom PDF