Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#1766 - opkg fails signature check on already downloaded and verified package lists #6874

Closed
openwrt-bot opened this issue Aug 12, 2018 · 20 comments
Labels

Comments

@openwrt-bot
Copy link

wenzhuoz:

Supply the following if possible:

  • Device problem occurs on: x86_64
  • Software versions of OpenWrt/LEDE release, packages, etc.: 18.06.0
  • Steps to reproduce

opkg fails signature check on already downloaded and verified package lists, which makes opkg upgrade impossible.

root@OpenWrt:~# ls /tmp/opkg-lists/
root@OpenWrt:~# opkg update
Downloading http://downloads.openwrt.org/releases/18.06.0/targets/x86/64/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading http://downloads.openwrt.org/releases/18.06.0/targets/x86/64/packages/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/base/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/luci/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/packages/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/routing/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/telephony/Packages.sig
Signature check passed.
root@OpenWrt:~# ls /tmp/opkg-lists/
openwrt_base           openwrt_core.sig       openwrt_packages       openwrt_routing.sig
openwrt_base.sig       openwrt_luci           openwrt_packages.sig   openwrt_telephony
openwrt_core           openwrt_luci.sig       openwrt_routing        openwrt_telephony.sig
root@OpenWrt:~# opkg update
Downloading http://downloads.openwrt.org/releases/18.06.0/targets/x86/64/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading http://downloads.openwrt.org/releases/18.06.0/targets/x86/64/packages/Packages.sig
Signature check failed.
Remove wrong Signature file.
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/base/Packages.sig
Signature check failed.
Remove wrong Signature file.
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/luci/Packages.sig
Signature check failed.
Remove wrong Signature file.
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/packages/Packages.sig
Signature check failed.
Remove wrong Signature file.
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/routing/Packages.sig
Signature check failed.
Remove wrong Signature file.
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/telephony/Packages.sig
Signature check failed.
Remove wrong Signature file.
root@OpenWrt:~# ls /tmp/opkg-lists/
root@OpenWrt:~# 
root@OpenWrt:~# ls /tmp/opkg-lists/
root@OpenWrt:~# opkg update
Downloading http://downloads.openwrt.org/releases/18.06.0/targets/x86/64/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading http://downloads.openwrt.org/releases/18.06.0/targets/x86/64/packages/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/base/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/luci/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/packages/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/routing/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/telephony/Packages.sig
Signature check passed.
root@OpenWrt:~# opkg list-upgradable
luci-lib-ip - git-18.210.69179-6df9a57-1 - git-18.219.52706-a49e4e4-1
luci-theme-bootstrap - git-18.210.69179-6df9a57-1 - git-18.219.52706-a49e4e4-1
netifd - 2018-05-30-a580028d-1 - 2018-07-30-a0a1e52e-1
luci-app-firewall - git-18.210.69179-6df9a57-1 - git-18.219.52706-a49e4e4-1
libuci - 2018-03-24-5d2bf09e-1 - 2018-08-11-4c8b4d6e-1
uclient-fetch - 2017-11-02-4b87d831-1 - 2018-08-03-ae1c656f-1
libuclient - 2017-11-02-4b87d831-1 - 2018-08-03-ae1c656f-1
uci - 2018-03-24-5d2bf09e-1 - 2018-08-11-4c8b4d6e-1
luci-proto-ppp - git-18.210.69179-6df9a57-1 - git-18.219.52706-a49e4e4-1
luci-mod-admin-full - git-18.210.69179-6df9a57-1 - git-18.219.52706-a49e4e4-1
luci-base - git-18.210.69179-6df9a57-1 - git-18.219.52706-a49e4e4-1
luci-proto-ipv6 - git-18.210.69179-6df9a57-1 - git-18.219.52706-a49e4e4-1
luci-lib-nixio - git-18.210.69179-6df9a57-1 - git-18.219.52706-a49e4e4-1
luci-lib-jsonc - git-18.210.69179-6df9a57-1 - git-18.219.52706-a49e4e4-1
luci - git-18.210.69179-6df9a57-1 - git-18.219.52706-a49e4e4-1
root@OpenWrt:~# opkg list-upgradable | cut -d ' ' -f 1 | xargs opkg upgrade
Upgrading luci-lib-ip on root from git-18.210.69179-6df9a57-1 to git-18.219.52706-a49e4e4-1...
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/luci/luci-lib-ip_git-18.219.52706-a49e4e4-1_x86_64.ipk
Upgrading luci-theme-bootstrap on root from git-18.210.69179-6df9a57-1 to git-18.219.52706-a49e4e4-1...
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/luci/luci-theme-bootstrap_git-18.219.52706-a49e4e4-1_all.ipk
Upgrading netifd on root from 2018-05-30-a580028d-1 to 2018-07-30-a0a1e52e-1...
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/base/netifd_2018-07-30-a0a1e52e-1_x86_64.ipk
Upgrading luci-app-firewall on root from git-18.210.69179-6df9a57-1 to git-18.219.52706-a49e4e4-1...
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/luci/luci-app-firewall_git-18.219.52706-a49e4e4-1_all.ipk
Upgrading libuci on root from 2018-03-24-5d2bf09e-1 to 2018-08-11-4c8b4d6e-1...
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/base/libuci_2018-08-11-4c8b4d6e-1_x86_64.ipk
Upgrading uclient-fetch on root from 2017-11-02-4b87d831-1 to 2018-08-03-ae1c656f-1...
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/base/uclient-fetch_2018-08-03-ae1c656f-1_x86_64.ipk
Upgrading libuclient on root from 2017-11-02-4b87d831-1 to 2018-08-03-ae1c656f-1...
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/base/libuclient_2018-08-03-ae1c656f-1_x86_64.ipk
Upgrading uci on root from 2018-03-24-5d2bf09e-1 to 2018-08-11-4c8b4d6e-1...
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/base/uci_2018-08-11-4c8b4d6e-1_x86_64.ipk
Upgrading luci-proto-ppp on root from git-18.210.69179-6df9a57-1 to git-18.219.52706-a49e4e4-1...
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/luci/luci-proto-ppp_git-18.219.52706-a49e4e4-1_all.ipk
Upgrading luci-mod-admin-full on root from git-18.210.69179-6df9a57-1 to git-18.219.52706-a49e4e4-1...
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/luci/luci-mod-admin-full_git-18.219.52706-a49e4e4-1_x86_64.ipk
Upgrading luci-base on root from git-18.210.69179-6df9a57-1 to git-18.219.52706-a49e4e4-1...
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/luci/luci-base_git-18.219.52706-a49e4e4-1_x86_64.ipk
Upgrading luci-proto-ipv6 on root from git-18.210.69179-6df9a57-1 to git-18.219.52706-a49e4e4-1...
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/luci/luci-proto-ipv6_git-18.219.52706-a49e4e4-1_all.ipk
Upgrading luci-lib-nixio on root from git-18.210.69179-6df9a57-1 to git-18.219.52706-a49e4e4-1...
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/luci/luci-lib-nixio_git-18.219.52706-a49e4e4-1_x86_64.ipk
Upgrading luci-lib-jsonc on root from git-18.210.69179-6df9a57-1 to git-18.219.52706-a49e4e4-1...
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/luci/luci-lib-jsonc_git-18.219.52706-a49e4e4-1_x86_64.ipk
Upgrading luci on root from git-18.210.69179-6df9a57-1 to git-18.219.52706-a49e4e4-1...
Downloading http://downloads.openwrt.org/releases/18.06.0/packages/x86_64/luci/luci_git-18.219.52706-a49e4e4-1_all.ipk
Collected errors:
 * opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/openwrt_luci.
 * opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/openwrt_luci.
 * opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/openwrt_base.
 * opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/openwrt_luci.
 * opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/openwrt_base.
 * opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/openwrt_base.
 * opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/openwrt_base.
 * opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/openwrt_base.
 * opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/openwrt_luci.
 * opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/openwrt_luci.
 * opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/openwrt_luci.
 * opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/openwrt_luci.
 * opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/openwrt_luci.
 * opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/openwrt_luci.
 * opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/openwrt_luci.
xargs: opkg: exited with status 255; aborting
root@OpenWrt:~# 
@openwrt-bot
Copy link
Author

wenzhuoz:

Still reproducible in 18.06.1. Other users are experiencing the problem too. [[https://forum.openwrt.org/t/help-with-opkg-install-pkg-failed-to-verify-the-signature-of-18-06-0-x86-64/19080|External Link]]

Steps to create OpenWrt VM:

wenzhuo@beebox:$ mkdir OpenWrt-VMs
wenzhuo@beebox:
$ gzip -cd openwrt-18.06.1-x86-64-combined-ext4.img.gz > OpenWrt-VMs/Test_openwrt-18.06.1-x86-64-combined-ext4.img
wenzhuo@beebox:~$ virt-install --name=Test2_OpenWrt --ram=64 --vcpus=1 --os-type=linux --disk path=OpenWrt-VMs/Test_openwrt-18.06.1-x86-64-combined-ext4.img,bus=ide --network bridge=br1,model=e1000 --rng /dev/random --import

Adding a working http_proxy option to /etc/opkg.conf is able to work around the problem, e.g.
# echo "option http_proxy http://10.8.0.1:3128/" >> /etc/opkg.conf

@openwrt-bot
Copy link
Author

jow-:

Something is intercepting HTTP and altering contents in your case, this is nothing we can solve on the OpenWrt end. The fact that using an HTTP proxy solves the problem is a strong indicator that your ISP or uplink provider is modifying the HTTP responses in-flight.

Either switch to another upstream provider or use a proxy, a VPN or consider installing ustream-ssl + certificates and reconfigure your opkg repositories to use https instead of http.

@openwrt-bot
Copy link
Author

wenzhuoz:

But the package lists downloaded by opkg are actually OK. I verified them both manually and by the opkg-key utility.

@openwrt-bot
Copy link
Author

wenzhuoz:

opkg upgrade behaves differently if http_proxy is set via the environment variable or in opkg.conf.

root@OpenWrt:# http_proxy="http://10.8.0.1:3128/" opkg update
Downloading http://downloads.openwrt.org/releases/18.06.1/targets/x86/64/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading http://downloads.openwrt.org/releases/18.06.1/targets/x86/64/packages/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/base/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/luci/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/packages/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/routing/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/telephony/Packages.sig
Signature check passed.
root@OpenWrt:
# http_proxy="http://10.8.0.1:3128/" opkg upgrade uhttpd
Upgrading uhttpd on root from 2018-06-26-796d42bc-1 to 2018-11-28-cdfc902a-1...
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/base/uhttpd_2018-11-28-cdfc902a-1_x86_64.ipk
Collected errors:

@openwrt-bot
Copy link
Author

jow-:

Likely a transparent proxy is decompressing and re-compressing the lists, causing them to have a different message digest.

@openwrt-bot
Copy link
Author

wenzhuoz:

It’s really not the case. Opkg successful verified the lists on the first run, and I manually verified that they haven’t been tempered with.

@openwrt-bot
Copy link
Author

wenzhuoz:

Reason 3: opkg install <Packages> works. What breaks is opkg update for a second time and opkg upgrade <Packages>.

@openwrt-bot
Copy link
Author

wenzhuoz:

Attaching transcript captured from a fresh new VM as evidence.

@openwrt-bot
Copy link
Author

jow-:

Still unable to reproduce this. Maybe check the sha256sum of the list files before / after the incident. Also you transcript shows no second update, the lists are broken after the opkg upgrade call already. If the opkg upgrade reliably breaks it, then consider running the upgrade command under strace to see what is happening.

@openwrt-bot
Copy link
Author

wenzhuoz:

Opkg can successfully verify the package lists on the first run, and I have verified the package lists both by comparing them with manually downloaded versions (downloaded through VPN/https) and by verifying the gpg signatures of the gunzip'ed list files.

@openwrt-bot
Copy link
Author

jow-:

Opkg does not use gpg to verify the lists, it uses ''usign'' through ''opkg-key''.
You can manually test this using ''# sh -x /usr/sbin/opkg-key verify /tmp/opkg-lists/openwrt_base.sig /tmp/opkg-lists/openwrt_base; echo $?''

@openwrt-bot
Copy link
Author

wenzhuoz:

I know. I have used opkg-key to verify the lists as well. Uploading strace log shortly.

@openwrt-bot
Copy link
Author

wenzhuoz:

root@OpenWrt:# ls -l /var/opkg-lists/
root@OpenWrt:
# opkg update
Downloading http://downloads.openwrt.org/releases/18.06.1/targets/x86/64/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading http://downloads.openwrt.org/releases/18.06.1/targets/x86/64/packages/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/base/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/luci/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/packages/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/routing/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/telephony/Packages.sig
Signature check passed.
root@OpenWrt:# ls -l /var/opkg-lists/
-rw-r--r-- 1 root root 48882 Dec 14 06:52 openwrt_base
-rw-r--r-- 1 root root 151 Dec 14 06:52 openwrt_base.sig
-rw-r--r-- 1 root root 74133 Dec 14 06:52 openwrt_core
-rw-r--r-- 1 root root 151 Dec 14 06:52 openwrt_core.sig
-rw-r--r-- 1 root root 59661 Dec 14 06:52 openwrt_luci
-rw-r--r-- 1 root root 151 Dec 14 06:52 openwrt_luci.sig
-rw-r--r-- 1 root root 283075 Dec 14 06:52 openwrt_packages
-rw-r--r-- 1 root root 151 Dec 14 06:52 openwrt_packages.sig
-rw-r--r-- 1 root root 11028 Dec 14 06:52 openwrt_routing
-rw-r--r-- 1 root root 151 Dec 14 06:52 openwrt_routing.sig
-rw-r--r-- 1 root root 90629 Dec 14 06:52 openwrt_telephony
-rw-r--r-- 1 root root 151 Dec 14 06:52 openwrt_telephony.sig
root@OpenWrt:
# strace -o opkg_update_strace.log opkg update
Downloading http://downloads.openwrt.org/releases/18.06.1/targets/x86/64/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading http://downloads.openwrt.org/releases/18.06.1/targets/x86/64/packages/Packages.sig
Signature check failed.
Remove wrong Signature file.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/base/Packages.sig
Signature check failed.
Remove wrong Signature file.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/luci/Packages.sig
Signature check failed.
Remove wrong Signature file.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/packages/Packages.sig
Signature check failed.
Remove wrong Signature file.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/routing/Packages.sig
Signature check failed.
Remove wrong Signature file.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/telephony/Packages.sig
Signature check failed.
Remove wrong Signature file.
root@OpenWrt:# ls -l /var/opkg-lists/
root@OpenWrt:
#

@openwrt-bot
Copy link
Author

jow-:

Please repeat with ''strace -f -o output.log opkg update'' to capture child processes as well.

@openwrt-bot
Copy link
Author

wenzhuoz:

Attaching strace output of opkg upgrade.

root@OpenWrt:# ls -l /var/opkg-lists/
root@OpenWrt:
# opkg update
Downloading http://downloads.openwrt.org/releases/18.06.1/targets/x86/64/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading http://downloads.openwrt.org/releases/18.06.1/targets/x86/64/packages/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/base/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/luci/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/packages/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/routing/Packages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/telephony/Packages.sig
Signature check passed.
root@OpenWrt:# ls -l /var/opkg-lists/
-rw-r--r-- 1 root root 48882 Dec 14 07:00 openwrt_base
-rw-r--r-- 1 root root 151 Dec 14 07:00 openwrt_base.sig
-rw-r--r-- 1 root root 74133 Dec 14 07:00 openwrt_core
-rw-r--r-- 1 root root 151 Dec 14 07:00 openwrt_core.sig
-rw-r--r-- 1 root root 59661 Dec 14 07:00 openwrt_luci
-rw-r--r-- 1 root root 151 Dec 14 07:00 openwrt_luci.sig
-rw-r--r-- 1 root root 283075 Dec 14 07:00 openwrt_packages
-rw-r--r-- 1 root root 151 Dec 14 07:00 openwrt_packages.sig
-rw-r--r-- 1 root root 11028 Dec 14 07:00 openwrt_routing
-rw-r--r-- 1 root root 151 Dec 14 07:00 openwrt_routing.sig
-rw-r--r-- 1 root root 90629 Dec 14 07:00 openwrt_telephony
-rw-r--r-- 1 root root 151 Dec 14 07:00 openwrt_telephony.sig
root@OpenWrt:
# opkg list-upgradable
rpcd - 2018-08-16-41333abe-1 - 2018-11-28-3aa81d0d-1
luci-lib-ip - git-18.228.31946-f64b152-1 - git-18.340.83383-3dea6b5-1
luci-theme-bootstrap - git-18.228.31946-f64b152-1 - git-18.340.83383-3dea6b5-1
netifd - 2018-07-30-a0a1e52e-1 - 2018-10-07-d0fa124e-1
luci-app-firewall - git-18.228.31946-f64b152-1 - git-18.340.83383-3dea6b5-1
odhcp6c - 2018-07-14-67ae6a71-14 - 2018-07-14-67ae6a71-14.1
uclient-fetch - 2018-08-03-ae1c656f-1 - 2018-11-24-3ba74ebc-1
libuclient - 2018-08-03-ae1c656f-1 - 2018-11-24-3ba74ebc-1
dropbear - 2017.75-5 - 2017.75-5.1
libjson-c - 0.12.1-1 - 0.12.1-2
luci-proto-ppp - git-18.228.31946-f64b152-1 - git-18.340.83383-3dea6b5-1
luci-mod-admin-full - git-18.228.31946-f64b152-1 - git-18.340.83383-3dea6b5-1
libubox - 2018-07-25-c83a84af-1 - 2018-07-25-c83a84af-2
luci-base - git-18.228.31946-f64b152-1 - git-18.340.83383-3dea6b5-1
libjson-script - 2018-07-25-c83a84af-1 - 2018-07-25-c83a84af-2
luci-proto-ipv6 - git-18.228.31946-f64b152-1 - git-18.340.83383-3dea6b5-1
libblobmsg-json - 2018-07-25-c83a84af-1 - 2018-07-25-c83a84af-2
jshn - 2018-07-25-c83a84af-1 - 2018-07-25-c83a84af-2
uhttpd - 2018-06-26-796d42bc-1 - 2018-11-28-cdfc902a-1
luci-lib-nixio - git-18.228.31946-f64b152-1 - git-18.340.83383-3dea6b5-1
luci-lib-jsonc - git-18.228.31946-f64b152-1 - git-18.340.83383-3dea6b5-1
luci - git-18.228.31946-f64b152-1 - git-18.340.83383-3dea6b5-1
root@OpenWrt:~# strace -o opkg_upgrade_strace.log opkg upgrade uhttpd
Upgrading uhttpd on root from 2018-06-26-796d42bc-1 to 2018-11-28-cdfc902a-1...
Downloading http://downloads.openwrt.org/releases/18.06.1/packages/x86_64/base/uhttpd_2018-11-28-cdfc902a-1_x86_64.ipk
Collected errors:

  • opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/openwrt_base.

@openwrt-bot
Copy link
Author

jow-:

However, it seems here lies your problem:

fork() = -1 ENOMEM (Out of memory) rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 writev(1, [{iov_base="", iov_len=0}, {iov_base="Signature check failed.\n", iov_len=24}], 2) = 24

The opkg process runs out of memory when attempting to fork/exec the ''opkg-key'' command. Note that the lists stored in ''/tmp/opkg-lists/'' reside on tmpfs, so they'll consume RAM. Means a subsequent ''opkg update'' run will have fewer memory available.

Consider increasing the memory of your VM.

@openwrt-bot
Copy link
Author

wenzhuoz:

root@OpenWrt:~# strace -f -o opkg_update_strace-f.log opkg update

ENOMEM (Out of memory)? Will try again with 128M.

@openwrt-bot
Copy link
Author

wenzhuoz:

root@OpenWrt:~# strace -f -o opkg_upgrade_strace-f.log opkg upgrade uhttp

@openwrt-bot
Copy link
Author

wenzhuoz:

Well, adding 2M to the VM virsh setmem Test2_OpenWrt 66M can solve the problem. I'd suggest invoking usign directly from opkg. Thank you, jow. I'll allocate at least 128M of memory to OpenWrt VMs later.

@openwrt-bot
Copy link
Author

wenzhuoz:

It's weird that configuring a http_proxy in opkg.conf can work around the problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant