Upgrade old 6.2 but 6.3 SHA256.sig on mirror different

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Upgrade old 6.2 but 6.3 SHA256.sig on mirror different

Johan Mellberg
Hi,

before my question, note that I have already decided to make a clean
install, not actually upgrade. Will be more efficient, but wanted to pose
the question anyway.

So, I was initially planning on upgrading a VM step by step from 6.2 up to
6.7. Downloaded https://ftp.eu.openbsd.org/pub/OpenBSD/6.3/amd64/bsd.rd
(Norway mirror) and https://ftp.openbsd.org/pub/OpenBSD/6.3/amd64/SHA256.sig
(Canada, as I like to take them from different sources). I then ran:

signify -C -p /etc/signify/openbsd-63-base.pub -x SHA256.sig bsd.rd

which failed with "signify: invalid comment in SHA256.sig; must start with
'untrusted comment: '".

If I download https://ftp.eu.openbsd.org/pub/OpenBSD/6.3/amd64/SHA256.sig,
signify is happy (also tried the version over at the heanet.ie mirror).

Is anyone aware of this? Is it perhaps a case of bit rot on the canadian
server?

Thanks,
Johan
Reply | Threaded
Open this post in threaded view
|

Re: Upgrade old 6.2 but 6.3 SHA256.sig on mirror different

Theo de Raadt-2
Johan Mellberg <[hidden email]> wrote:

> Hi,
>
> before my question, note that I have already decided to make a clean
> install, not actually upgrade. Will be more efficient, but wanted to pose
> the question anyway.
>
> So, I was initially planning on upgrading a VM step by step from 6.2 up to
> 6.7. Downloaded https://ftp.eu.openbsd.org/pub/OpenBSD/6.3/amd64/bsd.rd
> (Norway mirror) and https://ftp.openbsd.org/pub/OpenBSD/6.3/amd64/SHA256.sig
> (Canada, as I like to take them from different sources). I then ran:
>
> signify -C -p /etc/signify/openbsd-63-base.pub -x SHA256.sig bsd.rd
>
> which failed with "signify: invalid comment in SHA256.sig; must start with
> 'untrusted comment: '".

The format of the .sig files was changed in a very small way, intentionally,
way back then.  You are hitting that issue.

Reply | Threaded
Open this post in threaded view
|

Re: Upgrade old 6.2 but 6.3 SHA256.sig on mirror different

Christian Weisgerber
"Theo de Raadt":

> Johan Mellberg <[hidden email]> wrote:

> > and https://ftp.openbsd.org/pub/OpenBSD/6.3/amd64/SHA256.sig
> > (Canada, as I like to take them from different sources). I then ran:
>
> The format of the .sig files was changed in a very small way, intentionally,
> way back then.  You are hitting that issue.

Sorry, no, the file is corrupted.  I just downloaded
https://ftp.openbsd.org/pub/OpenBSD/6.3/amd64/SHA256.sig
and it contains only nul bytes.

--
Christian "naddy" Weisgerber                          [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Upgrade old 6.2 but 6.3 SHA256.sig on mirror different

Johan Mellberg


> 22 juli 2020 kl. 17:29 skrev Christian Weisgerber <[hidden email]>:
>
> "Theo de Raadt":
>
>> Johan Mellberg <[hidden email]> wrote:
>
>>> and https://ftp.openbsd.org/pub/OpenBSD/6.3/amd64/SHA256.sig
>>> (Canada, as I like to take them from different sources). I then ran:
>>
>> The format of the .sig files was changed in a very small way, intentionally,
>> way back then.  You are hitting that issue.
>
> Sorry, no, the file is corrupted.  I just downloaded
> https://ftp.openbsd.org/pub/OpenBSD/6.3/amd64/SHA256.sig
> and it contains only nul bytes.
>
>

Aha. I thought it looked suspicious! Thanks for confirming. I assume other files on https://ftp.openbsd.org/ could also be corrupted then.

/Johan



>