2.3.2 - "pkg: No trusted public keys found" - any way to recover from this?



  • I had a seemingly fine 2.3.2 system running for a few days (upgraded from 2.3.2-DEVELOPMENT)

    Today I decided to check for a package and I got a red error box saying "Unable to retrieve package information"

    I went to the console and tried 'pkg update -f' and got this:

    [2.3.2-RELEASE][root@r1.home.lan]/root: pkg update -f
    Updating pfSense-core repository catalogue...
    Fetching meta.txz: 100%    944 B   0.9kB/s    00:01
    pkg: No trusted public keys found
    repository pfSense-core has no meta file, using default settings
    Fetching packagesite.txz: 100%    2 KiB   2.4kB/s    00:01
    pkg: No trusted public keys found
    Unable to update repository pfSense-core
    Updating pfSense repository catalogue...
    Fetching meta.txz: 100%    940 B   0.9kB/s    00:01
    pkg: No trusted public keys found
    repository pfSense has no meta file, using default settings
    Fetching packagesite.txz: 100%  110 KiB 112.6kB/s    00:01
    pkg: No trusted public keys found
    Unable to update repository pfSense
    

    I tried all of the various fixes from https://forum.pfsense.org/index.php?topic=109690.0

    Any ideas?  I am trying to avoid paving and reinstalling again.



  • My update to version 2.3.2 from 2.3 is also crashed, after that "Unable to check for updates".

    A pgk update or option 13 in the shell had the following results:

    Enter an option: 13

    Updating repositories metadata…
    Updating pfSense-core repository catalogue...
    Fetching meta.txz: . done
    pkg: No trusted public keys found
    repository pfSense-core has no meta file, using default settings
    ..................

    I changed "/usr/local/share/pfSense/pkg/repos/pfSense-repo.conf" from:

    ###################
    FreeBSD: { enabled: no }

    pfSense-core: {
      url: "pkg+http://firmware.netgate.com/pkg/pfSense_factory-v2_3_0_amd64-core",
      mirror_type: "srv",
      signature_type: "fingerprints",
      fingerprints: "/usr/local/share/pfSense/keys/pkg"
      enabled: yes
    }

    pfSense: {
      url: "pkg+http://firmware.netgate.com/pkg/pfSense_factory-v2_3_0_amd64-pfSense_factory-v2_3_0",
      mirror_type: "srv",
      signature_type: "fingerprints",
      fingerprints: "/usr/local/share/pfSense/keys/pkg"
      enabled: yes
    }
    #################

    to:

    #################
    FreeBSD: { enabled: no }

    pfSense-core: {
      url: "pkg+http://pkg.pfsense.org/pfSense_v2_3_0_amd64-core",
      mirror_type: "srv",
      signature_type: "fingerprints",
      fingerprints: "/usr/local/share/pfSense/keys/pkg"
      enabled: yes
    }

    pfSense: {
      url: "pkg+http://pkg.pfsense.org/pfSense_v2_3_0_amd64-pfSense_v2_3_0",
      mirror_type: "srv",
      signature_type: "fingerprints",
      fingerprints: "/usr/local/share/pfSense/keys/pkg"
      enabled: yes
    }
    #################

    and pkg update and pkg upgrade now works!



  • Hmm but won't that switch you to the Community Edition (CE) ?  It seems you were on "factory" before which has the added features like the IOS and AWS VPN wizards. That edit suggested above does "fix" the problem but I would like to know what the correct repo to set for the factory image is, or if it is generally just having problems right now.  If this information can't be publicly posted then can someone please let me know so I can open a support ticket to get the info? thanks



  • I don't know exactly how or why but I've wound up back on the CE Community Edition.  I do have a working pkg system again but I don't see how it is so seemingly simple to get derailed and off to the wrong channel with no way back.  Is there any way to get back on factory without a pave and reinstall?



  • Here's what I did that seemed to have gotten me back to the working original repos for my SG-4860:

    1. Changed my pfSense-repo.conf per tl1964's post above from the firmware.netgate.com url to the pkg.pfsense.org url.
    2. Ran the updater again from SSH with success in getting to 2.3.2
    3. Changed the pfSense-repo.conf back to the original url of firmware.netgate.com (using http, not https) and removed the following lines from the conf file:

    signature_type: "fingerprints",
      fingerprints: "/usr/local/share/pfSense/keys/pkg"

    1. Ran the updater from SSH again
    2. Modified the conf file, putting it back to the firmware.netgate.com url (using https, instead of http)
    3. Ran the updater from SSH again
    4. Modified the conf file one last time, adding back the signature and fingerprints lines

    Seems to be good now.  No more "No trusted public keys found" messages and no "Unable to retrieve package information" messages.
    The AWS and IOS VPN packages show up in package manager.

    Not sure if this is what you are looking for, but hopefully it may help.


Log in to reply