Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No signature found #439

Closed
baskerville opened this issue Dec 3, 2016 · 15 comments
Closed

No signature found #439

baskerville opened this issue Dec 3, 2016 · 15 comments

Comments

@baskerville
Copy link

I've tried to upgrade today and I ended up with 17 errors (one error for each package installation failure). The error message that appear in pkg_install-err.log repeated 17 times is:

pkg_add: unable to verify signature: No signature found

Setting VERIFIED_INSTALLATION=never doesn't help.

@baskerville
Copy link
Author

In addition, there seem to be a major design flaw in pkgin: if pkg_add fails the removal of the previous version should be undone.

And since this isn't the case, 17 packages have been removed from my system, because of the pkgin upgrade failure.

@jperkin
Copy link
Collaborator

jperkin commented Dec 4, 2016

Could you give me an example package to test? Also is there anything else in the log? One of the known issues is if the system time is incorrect and thinks that the signature date is in the future it will fail.

@baskerville
Copy link
Author

Here's the full log:

---Dec 03 21:34:04: removing youtube-dl-20161021.1...
---Dec 03 21:34:07: removing w3m-0.5.3nb18...
---Dec 03 21:34:08: removing vim-8.0.0021...
---Dec 03 21:34:11: removing py35-pip-8.1.2...
---Dec 03 21:34:13: removing poppler-utils-0.46.0...
---Dec 03 21:34:14: removing pkglint-5.4.10...
---Dec 03 21:34:14: removing nodejs-7.0.0...
---Dec 03 21:34:20: removing msmtp-1.6.5nb1...
---Dec 03 21:34:22: removing mpv-0.21.0...
---Dec 03 21:34:23: removing mercurial-3.9.2...
---Dec 03 21:34:23: removing mediainfo-0.7.81...
---Dec 03 21:34:24: removing ImageMagick-7.0.3.4...
---Dec 03 21:34:27: removing cmake-3.6.2nb1...
---Dec 03 21:34:33: removing vim-share-8.0.0021...
---Dec 03 21:34:36: removing poppler-0.46.0...
---Dec 03 21:34:36: removing py27-mercurial-3.9.2...
---Dec 03 21:34:39: installing vim-share-8.0.0086...
pkg_add: unable to verify signature: No signature found
---Dec 03 21:34:39: installing poppler-0.48.0...
pkg_add: unable to verify signature: No signature found
---Dec 03 21:34:39: installing py27-mercurial-4.0...
pkg_add: unable to verify signature: No signature found
---Dec 03 21:34:39: installing youtube-dl-20161118...
pkg_add: unable to verify signature: No signature found
---Dec 03 21:34:39: installing w3m-0.5.3.0.20161120...
pkg_add: unable to verify signature: No signature found
---Dec 03 21:34:39: installing vim-8.0.0086...
pkg_add: unable to verify signature: No signature found
---Dec 03 21:34:39: installing py35-pip-9.0.0...
pkg_add: unable to verify signature: No signature found
---Dec 03 21:34:39: installing poppler-utils-0.48.0...
pkg_add: unable to verify signature: No signature found
---Dec 03 21:34:39: installing pkglint-5.4.11...
pkg_add: unable to verify signature: No signature found
---Dec 03 21:34:39: installing nodejs-7.2.0...
pkg_add: unable to verify signature: No signature found
---Dec 03 21:34:39: installing msmtp-1.6.6...
pkg_add: unable to verify signature: No signature found
---Dec 03 21:34:39: installing mpv-0.22.0...
pkg_add: unable to verify signature: No signature found
---Dec 03 21:34:39: installing mercurial-4.0...
pkg_add: unable to verify signature: No signature found
---Dec 03 21:34:39: installing mediainfo-0.7.90...
pkg_add: unable to verify signature: No signature found
---Dec 03 21:34:39: installing ImageMagick-7.0.3.6...
pkg_add: unable to verify signature: No signature found
---Dec 03 21:34:39: installing libuv-1.10.0...
pkg_add: unable to verify signature: No signature found
---Dec 03 21:34:40: installing cmake-3.7.0...
pkg_add: unable to verify signature: No signature found

I can, for example, installyacas successfully but installing poppler will fail and produce the aforementioned error.

@jperkin
Copy link
Collaborator

jperkin commented Dec 4, 2016

That's really odd, and I can't reproduce (I'm assuming this is Darwin from your previous bug reports but it's helpful to explicitly state for each bug report as we support lots of different OS/branches), e.g.:

$ pkgin in vim-share
calculating dependencies... done.

nothing to upgrade.
1 packages to be installed (6684K to download, 20M to install):

vim-share-8.0.0086

proceed ? [Y/n]
downloading packages...
vim-share-8.0.0086.tgz                                                        100% 6684KB   2.2MB/s   1.7MB/s   00:03
installing packages...
installing vim-share-8.0.0086...
pkg_install warnings: 0, errors: 0
reading local summary...
processing local summary...
marking vim-share-8.0.0086 as non auto-removable

or if I install manually via pkg_add:

$ pkg_add -U https://pkgsrc.joyent.com/packages/Darwin/trunk/x86_64/All/vim-share-8.0.0086.tgz
$ echo $?
0

Is it possible there is something corrupting the downloads? Are you able to check /var/db/pkgin/cache/vim-share-8.0.0086.tgz on your host and see what file it is? On the host I just tested on:

$ ls -l /var/db/pkgin/cache/vim-share-8.0.0086.tgz
-rw-r--r-- 1 root wheel 6844554 Dec  4 16:58 /var/db/pkgin/cache/vim-share-8.0.0086.tgz
$ shasum /var/db/pkgin/cache/vim-share-8.0.0086.tgz
8687ceafdded1acc72c8d5dde9cf18ef37840404  /var/db/pkgin/cache/vim-share-8.0.0086.tgz

A valid package should be an ar(1) archive of a tarball and the signature files, e.g.:

$ ar tv /var/db/pkgin/cache/vim-share-8.0.0086.tgz
rw-r--r--       0/0         13679 Nov 26 09:12 2016 +PKG_HASH
rw-r--r--       0/0           801 Nov 26 09:12 2016 +PKG_GPG_SIGNATURE
rw-r--r--       0/0       6829839 Nov 26 09:12 2016 vim-share-8.0.0086.tmp.tgz

Thanks.

@baskerville
Copy link
Author

Yes, I'm on Darwin.

The shasum and ar outputs match.

But this fails:

$ pkg_add -U https://pkgsrc.joyent.com/packages/Darwin/trunk/x86_64/All/vim-share-8.0.0086.tgz
SSL support disabled
SSL support disabled
pkg_add: Can't process https://pkgsrc.joyent.com:443/packages/Darwin/trunk/x86_64/All/vim-share-8*: Authentication error
pkg_add: no pkg found for 'https://pkgsrc.joyent.com/packages/Darwin/trunk/x86_64/All/vim-share-8.0.0086.tgz', sorry.
pkg_add: 1 package addition failed

@jperkin
Copy link
Collaborator

jperkin commented Dec 4, 2016

Ah, you're still using the non-HTTPS package tools, in which case you'd need to use http:// (but should otherwise work ok). As the shasum matches then you can just do pkg_add -U /var/db/pkgin/cache/vim-share-8.0.0086.tgz for the purpose of this test.

Note that if you want to upgrade to the HTTPS-aware package tools then follow the "64-bit (upgrade)" link on https://pkgsrc.joyent.com/install-on-osx/ though this shouldn't be a factor in what we're currently debugging.

Thanks!

@baskerville
Copy link
Author

$ pkg_add -v /var/db/pkgin/cache/vim-share-8.0.0086.tgz
pkg_add: unable to verify signature: No signature found

@jperkin
Copy link
Collaborator

jperkin commented Dec 4, 2016

Ok, thanks, that's just really odd. I'm going to have to have a think about what might be going wrong here and get back to you with some additional things to try.

@baskerville
Copy link
Author

Thanks, I noticed that the +PKG_GPG_SIGNATURES files of the packages that don't work don't have a Version: GnuPG v1 line while the ones that work do.

@jperkin
Copy link
Collaborator

jperkin commented Dec 5, 2016

Oh, great catch! Yes it appears as though they changed the output between gnupg 1.4.20 and 1.4.21 and the latter has been used to sign the most recent packages.

There was a change in netpgpverify's handling of signatures a while back, so could I ask you to follow the "64-bit (upgrade)" instructions on https://pkgsrc.joyent.com/install-on-osx/ to see if that fixes the problem? That would then explain why it works for me and not you.

@baskerville
Copy link
Author

Unfortunately, the script failed quickly because there's no bootstrap-trunk-x86_64-20161011-upgrade.tar.gz in https://pkgsrc.joyent.com/packages/Darwin/bootstrap-upgrade/

@jperkin
Copy link
Collaborator

jperkin commented Dec 5, 2016

Ugh, sorry, I uploaded it to the wrong directory. For now you can grab it directly from https://pkgsrc-us-east-1.joyent.com/packages/Darwin/bootstrap-upgrade/bootstrap-trunk-x86_64-20161011-upgrade.tar.gz or wait 30 mins for the other mirrors to catch up.

@baskerville
Copy link
Author

It worked!

@jperkin
Copy link
Collaborator

jperkin commented Dec 5, 2016

Great, thanks for being so patient! We'll try to ensure upgrades are a bit more robust in future.

@baskerville
Copy link
Author

Two comments regarding the upgrade script:

  • gpg --recv-keys 0x1F32A9AD doesn't work, I have to specify a --keyserver to make it work.
  • gpg --verify ${UPGRADE_TAR}{.asc,} works within most shells, but will not work within a shell script.

jperkin pushed a commit that referenced this issue Feb 1, 2017
Add patch that makes tests on NetBSD progress further.
But then there's a segfault. See
pyca/pyopenssl#596

16.2.0 (2016-10-15)
-------------------

Changes:
^^^^^^^^

- Fixed compatibility errors with OpenSSL 1.1.0.
- Fixed an issue that caused failures with subinterpreters and embedded Pythons.
  `#552 <https://github.com/pyca/pyopenssl/pull/552>`_


16.1.0 (2016-08-26)
-------------------

Deprecations:
^^^^^^^^^^^^^

- Dropped support for OpenSSL 0.9.8.


Changes:
^^^^^^^^

- Fix memory leak in ``OpenSSL.crypto.dump_privatekey()`` with ``FILETYPE_TEXT``.
  `#496 <https://github.com/pyca/pyopenssl/pull/496>`_
- Enable use of CRL (and more) in verify context.
  `#483 <https://github.com/pyca/pyopenssl/pull/483>`_
- ``OpenSSL.crypto.PKey`` can now be constructed from ``cryptography`` objects and also exported as such.
  `#439 <https://github.com/pyca/pyopenssl/pull/439>`_
- Support newer versions of ``cryptography`` which use opaque structs for OpenSSL 1.1.0 compatibility.
jperkin pushed a commit that referenced this issue Feb 1, 2017
Release 0.3.0 of Streamlink!

A lot of updates to each plugin (thank you @beardypig !), automated Windows releases, PEP8 formatting throughout Streamlink are some of the few updates to this release as we near a stable 1.0.0 release.

Main features are:

    Lot's of maintaining / updates to plugins
    General bug and doc fixes
    Major improvements to development (github issue templates, automatically created releases)

Agustín Carrasco <[email protected]> (1):
      Links on crunchy's rss no longer contain the show name in the url (#379)

Brainzyy <[email protected]> (1):
      Add basic tests for stream.me plugin (#391)

Javier Cantero <[email protected]> (2):
      plugins/twitch: use version v3 of the API
      plugins/twitch: use kraken URL

John Smith <[email protected]> (3):
      Added support for bongacams.com streams (#329)
      streamlink_cli.main: close stream_fd on exit (#427)
      streamlink_cli.utils.progress: write new line at finish (#442)

Max Riegler <[email protected]> (1):
      plugins.chaturbate: new regex (#457)

Michiel Sikma <[email protected]> (1):
      Update PLAYER_VERSION, as old one does not return data. Add ability to use streams with /embed/video in the URL, from embedded players. (#311)

Mohamed El Morabity <[email protected]> (6):
      Add support for pluzz.francetv.fr (#343)
      Fix ArteTV plugin (#385)
      Add support for Canal+ TV group channels (#416)
      Update installation instructions for Fedora (#443)
      Add support for Play TV (#439)
      Use token generator for HLS streams, as for HDS ones (#466)

RosadinTV <[email protected]> (1):
      --can-handle-url-no-redirect parameter added (#333)

Stefan Hanreich <[email protected]> (1):
      added chocolatey to the documentation (#380)

bastimeyer <[email protected]> (3):
      Automatically create Github releases
      Set changelog in automated github releases
      Add a github issue template

beardypig <[email protected]> (55):
      plugins.tvcatchup: site layout changed, updated the stream regex to accommodate the change (#338)
      plugins.streamlive: streamlive.to have added some extra protection to their streams which currently prevents us from capturing them (#339)
      cli: add command line option to specific logging path for subprocess errorlog
      plugins.trtspor: added support for trtspor.com (#349)
      plugins.kanal7: fixed page change in kanal7 live stream (#348)
      plugins.picarto: Remove the unreliable rtmp stream (#353)
      packaging: removed the built in backports infavour of including them as dependencies when required (#355)
      Boost the test coverage a bit (#362)
      plugins: all regex string should be raw (#361)
      ci: build and test on Python 3.6 (+3.7 on travis, with allowed failure) (#360)
      packages.flashmedia: fix bug in AMFMessage (#359)
      tests: use mock from unittest when available otherwise fallback to mock (#358)
      stream.hls: try to retry stream segments (#357)
      tests: add codecov config file (#363)
      plugins.picarto: updated plugin to use tech_switch divs to find the stream parameters
      plugins.mitele: support for live streams on mitele.es
      docs: add a note about python-devel needing to be installed in some cases
      docs/release: generate the changelog as rst instead of md
      plugins.adultswim: support https urls
      use iso 8601 date format for the changelog
      plugins.tf1: added plugin to support tf1.fr and lci.fr
      plugins.raiplay: added plugin to support raiplay.it
      plugins.vaughnlive: updated player version and info URL (#383)
      plugins.tv8cat: added support for tv8.cat live stream (#390)
      Fix TF1.fr plugin (#389)
      plugins.stream: fix a default scheme handling for urls
      Add support for some Bulgarian live streams (#392)
      rtmp: fix bug in redirect for rtmp streams
      plugins.sportal: added support for the live stream on sportal.bg
      plugins.bnt: update the user agent string for the http requests
      plugins.ssh101: update to support new site layout
      Optionally use FFMPEG to mux separate video and audio streams (#224)
      Support for 4K videos in YouTube (#225)
      windows-installer: add the version info to the installer file
      include CHANGELOG.rst instead of .md in the egg
      stream.hls: output duplicate streams for HLS when multiple streams of the same quality are available
      stream.ffmpegmux: fix support for avconv, avconv will be used if ffmpeg is not found
      Adultswin VOD support (#406)
      Move streamlink_cli.utils.named_pipe in to streamlink.utils
      plugins.rtve: update plugin to support new streaming method
      stream.hds: omit HDS streams that are protected by DRM
      Adultswin VOD fix for live show replays (#418)
      plugins.rtve: add support for legacy stream URLs
      installer: remove the streamlink bin dir from %PATH% before installing
      plugins.twitch: only check hosted channels when playing a live stream
      docs: tweaks to docs and docs build process
      Fix iframe detection for BTN/cdn.bg streams (#437)
      fix some regex that give deprecation warnings in python 3.6
      plugins.adultswim: correct behaviour for archived streams
      plugins.nineanime: add scheme to grabber api url if not present
      session: add an option to disable Diffie Hellman key exchange
      plugins.srgssr: added support for srg ssr sites: srf, rts and rsi
      plugins.srgssr: fixed bug in api URL and fixed akamai urls with authparams
      cli: try to terminate the player process before killing it (if terminate takes too long)
      plugins.swisstxt: add support for the SRG SSR sites sports sections

fozzy <[email protected]> (1):
      Add plugin for huajiao.com and zhanqi.tv (#334)

sqrt2 <[email protected]> (1):
      Fix swf_url in livestream.com plugin (#428)

stepshal <[email protected]> (1):
      Remove trailing.

stepshal <[email protected]> (2):
      Add blank line after class or function definition (#408)
      PEP8 (#414)
jperkin pushed a commit that referenced this issue Mar 8, 2017
2017-03-06  Richard Russon  <[email protected]>
* Bug Fixes
  - Get the correct buffer size under fmemopen/torify (#441)
  - Use static inlines to make gcc 4.2.1 happy
  - getdnsdomainname: cancel getaddrinfo_a if needed
  - imap: remove useless code (#434) (origin/master)
  - Fixes missing semi-colon compilation issue (#433)
* Docs
  - github: added template for Pull Requests, issues and a CONTRIBUTION.md (#339)
  - editorconfig: support for new files, fix whitespace (#439)
  - add blocking fmemopen bug on debian to manual (#422)
* Upstream
  - Increase ACCOUNT.pass field size. (closes #3921)
  - SSL: Fix memory leak in subject alternative name code. (closes #3920)
  - Prevent segv if open-appending to an mbox fails. (closes #3918)
  - Clear out extraneous errors before SSL_connect() (see #3916)

2017-02-25  Richard Russon  <[email protected]>
* Features
  - Add option $show_multipart_alternative
  - notmuch: Allow to use untransformed tag for color
  - Use getaddrinfo_a if possible (#420)
* Bug Fixes
  - handle sigint within socket operations (#411)
  - Avoid browsing the remote spoolfile by setting MUTT_SELECT_MULTI attach
  - notmuch: fix crash when completing tags (#395)
  - Fixes missing failure return of notmuch msg open (#401)
  - Fix latest Coverity issues (#387)
  - Advance by the correct number of position even for unknown characters (#368)
  - Release KyotoCabinet data with kcfree() (#384)
  - 22 resource leaks
* Translations
  - Update translations
  - Update the german translation (#397)
* Docs
  - fix typo in notmuch example
  - remove duplicate "default" in the sidebar intro
  - fix confusing description of notmuch operators (#371)
  - correct spelling mistakes (#412)
* Website
  - link to clang-format config in main repo (#28)
  - updated list of useful programs
  - update/improve list of useful programs
  - sidebar_format has a single default value
  - fix name of GNU Guix
  - added guix distro
  - added link to new afew maintainers
  - add code of conduct
  - add mutt-addressbook to useful
  - remove unnecessary unicode non-breaking spaces
  - github merging
* Build
  - Enable and run unit-tests on the feature/unit-test branch
  - add notmuch to default, feature
  - new dbs for mutt
  - master is now the main branch
  - streamline builds
  - fix doc generator
  - add a few includes (prelude to clang-format)
  - slcurses.h defines its own bool type
  - travis: use container build
  - add clang-format file
  - Remove ugly macros and casts from crypt-gpgme.c
  - fix minor reflow issues in some comments
  - editorconfig: use spaces to indent in *.[ch] files
  - added comment-blocks for clang-format to ignore
  - fix 80 column limit, align statements
  - Remove snprintf.c from EXTRA_DIST (#406)
  - Kill homebrew (v)snprintf implementations, as they are C99 (#402)
  - Display charset + small refactoring
  - Do not cast or check returns from safe_calloc (#396)
  - refactor: create a generic base64 encode/decode
  - debug: remove dprint in favor of mutt_debug (#375)
  - Fix dubious use macro for _() / gettext() (#376)
  - Use mutt_buffer_init instead of memset
  - Make the heap method and datatype a plain list
  - Reverts making AliasFile into a list_t (#379)
  - Turn mutt_new_* macros into inline functions
  - Do not cast return values from malloc (et similia)
* Upstream
  - Simplify mutt_label_complete().
  - Permit tab completion of pattern expressions with ~y (labels).
  - Fix the mutt_label_complete() pos parameter.
  - Fix the x-label update code check location.
  - Improve the label completion hash table usage.
  - Adds label completion.
  - Add hash_find_elem to get the hash element.
  - Minor fixes to the x-label patch from David.
  - Adds capability to edit x-labels inside mutt, and to sort by label.
  - Allow "unsubjectrc *" to remove all patterns.
  - Add subjectrx command to replace matching subjects with something else.
  - Abstract the SPAM_LIST as a generic REPLACE_LIST
  - Improve Reply-to vs From comparison when replying. (closes #3909)
  - Fix sidebar references to the "new count" to be "unread". (closes #3908)
  - Fix several alias hashtable issues.
  - Add casecmp and strdup_key flags to hash_create()
  - Improve error handling in mbox magic detection.
  - Allow initial blank lines in local mailboxes.
  - Fix minor documentation issues.
  - Convert cmd_parse_search to use the uid hash. (closes #3905)
  - Create a uid hash for imap. (see #3905)
  - Convert HASH to be indexable by unsigned int. (see #3905)
  - Fix imap server-side search to call uid2msgno() only once. (see #3905)
  - Add a pattern_cache_t to speed up a few repeated matches.
  - Canonicalize line endings for GPGME S/MIME encryption. (closes #3904)
  - Fix build for bdb.
  - Create function to free header cache data.
  - Add Kyoto Cabinet support to the header cache.
  - Prevent null pointer exception for h->ai_canonname
  - Show SHA1 fp in interactive cert check menu.
  - Fix potential cert memory leak in check_certificate_by_digest().
  - Plug memory leak in weed-expired-certs code.
  - Filter expired local certs for OpenSSL verification.
  - Change "allow_dups" into a flag at hash creation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants