No trusted public keys found

mloiterman

I've recently upgraded from 2.5.2 to pfSense Plus 22.01 and my updates and packages are broken due to what appears to be a missing or incorrect key.

When I try to install new packages the available packages list is empty and when I try to update (I know there aren't any, but just trying to figure out the problem) it says:

Unable to check for updates

22.01-RELEASE][root@pfsense.ascendencyhome.net]/usr/local/share/pfSense/keys/pkg/trusted: pkg-static update -f
Updating pfSense-core repository catalogue...
Fetching meta.conf: 100%    163 B   0.2kB/s    00:01
Fetching packagesite.pkg: 100%    2 KiB   1.7kB/s    00:01
pkg-static: No trusted public keys found
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
Fetching meta.conf: 100%    163 B   0.2kB/s    00:01
Fetching packagesite.pkg: 100%  149 KiB 152.9kB/s    00:01
pkg-static: No trusted public keys found
Unable to update repository pfSense
Error updating repositories!

Keys appear to be present:

[22.01-RELEASE][root@pfsense.ascendencyhome.net]/usr/local/share/pfSense/keys/pkg/trusted: ls -alh
total 19
drwxr-xr-x  2 root  wheel     5B Feb 14 19:26 .
drwxr-xr-x  4 root  wheel     4B Feb  7 10:32 ..
-rw-r--r--  1 root  wheel    95B Feb  7 10:32 beta.pfsense.org.20151223
-rw-r--r--  1 root  wheel    95B Feb  7 10:32 pkg.pfsense.org.20160406
-rw-r--r--  1 root  wheel    94B Feb 14 19:24 plus.pfsense.org.20220214

What am I missing here?

stephenw10

Try running pkg-static -d update to get more debug info.

Steve

mloiterman

@stephenw10 said in No trusted public keys found:

The signatures in the key files don't match what is on GitHub for 2.6. I don't know if that's correct because I'm on Plus or not. I can post them here (presumably they're public), but I don't know if that's acceptable or not...

# pkg-static -d update
DBG(1)[60044]> pkg initialized
Updating pfSense-core repository catalogue...
DBG(1)[60044]> PkgRepo: verifying update for pfSense-core
DBG(1)[60044]> PkgRepo: need forced update of pfSense-core
DBG(1)[60044]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
DBG(1)[60044]> Request to fetch pkg+https://packages.netgate.com/pfSense_v2_6_0_amd64-core/meta.conf
DBG(1)[60044]> opening libfetch fetcher
DBG(1)[60044]> Fetch > libfetch: connecting
DBG(1)[60044]> Fetch: fetching from: https://files00.netgate.com/pfSense_v2_6_0_amd64-core/meta.conf with opts "i"
DBG(1)[60044]> Fetch: fetcher chosen: https
Fetching meta.conf: 100%    163 B   0.2kB/s    00:01
DBG(1)[60044]> Request to fetch pkg+https://packages.netgate.com/pfSense_v2_6_0_amd64-core/packagesite.pkg
DBG(1)[60044]> opening libfetch fetcher
DBG(1)[60044]> Fetch > libfetch: connecting
DBG(1)[60044]> Fetch: fetching from: https://files00.netgate.com/pfSense_v2_6_0_amd64-core/packagesite.pkg with opts "i"
DBG(1)[60044]> Fetch: fetcher chosen: https
Fetching packagesite.pkg: 100%    2 KiB   1.7kB/s    00:01
DBG(1)[60044]> PkgRepo: extracting packagesite.yaml of repo pfSense-core
DBG(1)[60254]> PkgRepo: extracting signature of repo in a sandbox
pkg-static: No trusted public keys found
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
DBG(1)[60044]> PkgRepo: verifying update for pfSense
DBG(1)[60044]> PkgRepo: need forced update of pfSense
DBG(1)[60044]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
DBG(1)[60044]> Request to fetch pkg+https://packages.netgate.com/pfSense_v2_6_0_amd64-pfSense_v2_6_0/meta.conf
DBG(1)[60044]> opening libfetch fetcher
DBG(1)[60044]> Fetch > libfetch: connecting
DBG(1)[60044]> Fetch: fetching from: https://files01.netgate.com/pfSense_v2_6_0_amd64-pfSense_v2_6_0/meta.conf with opts "i"
DBG(1)[60044]> Fetch: fetcher chosen: https
Fetching meta.conf: 100%    163 B   0.2kB/s    00:01
DBG(1)[60044]> Request to fetch pkg+https://packages.netgate.com/pfSense_v2_6_0_amd64-pfSense_v2_6_0/packagesite.pkg
DBG(1)[60044]> opening libfetch fetcher
DBG(1)[60044]> Fetch > libfetch: connecting
DBG(1)[60044]> Fetch: fetching from: https://files01.netgate.com/pfSense_v2_6_0_amd64-pfSense_v2_6_0/packagesite.pkg with opts "i"
DBG(1)[60044]> Fetch: fetcher chosen: https
Fetching packagesite.pkg: 100%  149 KiB 152.9kB/s    00:01
DBG(1)[60044]> PkgRepo: extracting packagesite.yaml of repo pfSense
DBG(1)[60259]> PkgRepo: extracting signature of repo in a sandbox
pkg-static: No trusted public keys found
Unable to update repository pfSense
Error updating repositories!

stephenw10

Your pkg repo is still pointing at the 2.6 branch. If you do to the System > Update do you see 22.01 as the current version?

Steve

mloiterman

@stephenw10

No, it still says 2.6 even though I have changed it and saved it multiple times.

What's the best way to manually change it?

stephenw10

Does it still show as registered in System > Register?

What update branches is it offering you?

Steve

mloiterman

@stephenw10

It's only showing 2.6

I had a system Register, but now it's gone.

I guess I'm going to have to reinstall?

Sigh...

mloiterman

I reinstalled, restored my configuration and then upgraded to plus. Everything appears to be working correctly now.

ns

I'm hitting the same issue after switching to pfsense+, hoping I can try some other troubleshooting techniques before doing a wipe/reload.

[22.01-RELEASE][admin@localdomain]/root: pkg-static -d update
DBG(1)[34629]> pkg initialized
Updating pfSense-core repository catalogue...
DBG(1)[34629]> PkgRepo: verifying update for pfSense-core
DBG(1)[34629]> PkgRepo: need forced update of pfSense-core
DBG(1)[34629]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
DBG(1)[34629]> Request to fetch pkg+https://beta.pfsense.org/packages/pfSense_master_amd64-core/meta.conf
DBG(1)[34629]> opening libfetch fetcher
DBG(1)[34629]> Fetch > libfetch: connecting
DBG(1)[34629]> Fetch: fetching from: https://files01.netgate.com/packages/pfSense_master_amd64-core/meta.conf with opts "i"
DBG(1)[34629]> Fetch: fetcher chosen: https
Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
DBG(1)[34629]> Request to fetch pkg+https://beta.pfsense.org/packages/pfSense_master_amd64-core/packagesite.pkg
DBG(1)[34629]> opening libfetch fetcher
DBG(1)[34629]> Fetch > libfetch: connecting
DBG(1)[34629]> Fetch: fetching from: https://files01.netgate.com/packages/pfSense_master_amd64-core/packagesite.pkg with opts "i"
DBG(1)[34629]> Fetch: fetcher chosen: https
Fetching packagesite.pkg: 100% 2 KiB 1.8kB/s 00:01
DBG(1)[34629]> PkgRepo: extracting packagesite.yaml of repo pfSense-core
DBG(1)[34843]> PkgRepo: extracting signature of repo in a sandbox
pkg-static: No trusted public keys found
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
DBG(1)[34629]> PkgRepo: verifying update for pfSense
DBG(1)[34629]> PkgRepo: need forced update of pfSense
DBG(1)[34629]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
DBG(1)[34629]> Request to fetch pkg+https://beta.pfsense.org/packages/pfSense_master_amd64-pfSense_devel/meta.conf
DBG(1)[34629]> opening libfetch fetcher
DBG(1)[34629]> Fetch > libfetch: connecting
DBG(1)[34629]> Fetch: fetching from: https://files00.netgate.com/packages/pfSense_master_amd64-pfSense_devel/meta.conf with opts "i"
DBG(1)[34629]> Fetch: fetcher chosen: https
Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
DBG(1)[34629]> Request to fetch pkg+https://beta.pfsense.org/packages/pfSense_master_amd64-pfSense_devel/packagesite.pkg
DBG(1)[34629]> opening libfetch fetcher
DBG(1)[34629]> Fetch > libfetch: connecting
DBG(1)[34629]> Fetch: fetching from: https://files00.netgate.com/packages/pfSense_master_amd64-pfSense_devel/packagesite.pkg with opts "i"
DBG(1)[34629]> Fetch: fetcher chosen: https
Fetching packagesite.pkg: 100% 152 KiB 155.7kB/s 00:01
DBG(1)[34629]> PkgRepo: extracting packagesite.yaml of repo pfSense
DBG(1)[35151]> PkgRepo: extracting signature of repo in a sandbox
pkg-static: No trusted public keys found
Unable to update repository pfSense
Error updating repositories!

Gertjan

@ns

The system time is ok ?

ns

@gertjan Indeed: Current date/time
Fri Sep 16 10:36:35 EDT 2022

I have tried switching different update branches from the UI, same results.

stephenw10

What branch do you have selected?

Looks like you might be trying to hit the dev branch which would be 22.09/22.11 at this point. Make sure you're set to latest stable to see 22.05.

Steve

ns

@stephenw10 I get the same results from all branches; here's the output from 2.6.0
pkg-static -d update
DBG(1)[9368]> pkg initialized
Updating pfSense-core repository catalogue...
DBG(1)[9368]> PkgRepo: verifying update for pfSense-core
DBG(1)[9368]> PkgRepo: need forced update of pfSense-core
DBG(1)[9368]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
DBG(1)[9368]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_6_0_amd64-core/meta.conf
DBG(1)[9368]> opening libfetch fetcher
DBG(1)[9368]> Fetch > libfetch: connecting
DBG(1)[9368]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_6_0_amd64-core/meta.conf with opts "i"
DBG(1)[9368]> Fetch: fetcher chosen: https
Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
DBG(1)[9368]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_6_0_amd64-core/packagesite.pkg
DBG(1)[9368]> opening libfetch fetcher
DBG(1)[9368]> Fetch > libfetch: connecting
DBG(1)[9368]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_6_0_amd64-core/packagesite.pkg with opts "i"
DBG(1)[9368]> Fetch: fetcher chosen: https
Fetching packagesite.pkg: 100% 2 KiB 1.7kB/s 00:01
DBG(1)[9368]> PkgRepo: extracting packagesite.yaml of repo pfSense-core
DBG(1)[9600]> PkgRepo: extracting signature of repo in a sandbox
pkg-static: No trusted public keys found
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
DBG(1)[9368]> PkgRepo: verifying update for pfSense
DBG(1)[9368]> PkgRepo: need forced update of pfSense
DBG(1)[9368]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
DBG(1)[9368]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_6_0_amd64-pfSense_v2_6_0/meta.conf
DBG(1)[9368]> opening libfetch fetcher
DBG(1)[9368]> Fetch > libfetch: connecting
DBG(1)[9368]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_6_0_amd64-pfSense_v2_6_0/meta.conf with opts "i"
DBG(1)[9368]> Fetch: fetcher chosen: https
Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
DBG(1)[9368]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_6_0_amd64-pfSense_v2_6_0/packagesite.pkg
DBG(1)[9368]> opening libfetch fetcher
DBG(1)[9368]> Fetch > libfetch: connecting
DBG(1)[9368]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_6_0_amd64-pfSense_v2_6_0/packagesite.pkg with opts "i"
DBG(1)[9368]> Fetch: fetcher chosen: https
Fetching packagesite.pkg: 100% 149 KiB 153.0kB/s 00:01
DBG(1)[9368]> PkgRepo: extracting packagesite.yaml of repo pfSense
DBG(1)[9650]> PkgRepo: extracting signature of repo in a sandbox
pkg-static: No trusted public keys found
Unable to update repository pfSense
Error updating repositories!

stephenw10

Hmm, you were running 22.01 and trying to upgrade to 22.05 I assume?

You shouldn't be seeing 2.6 as an available branch at all.

What i the history on that install?

ns

@stephenw10 I went from the 2.7.0 (last nightly from 8/30 IIRC) to Pfsense+

stephenw10

Ah, OK. Yes, that's not (yet) a supported upgrade path. Curently you can only upgrade between 2.6 and 22.01. You can then update to 22.05.

Are you able to re-install clean? That's probably going to be the quickest way back.

Otherwise try running freebsd-version -kru and uname -a to see what you have ended up with.

ns

@stephenw10 said in No trusted public keys found:

Wipe and reload is going to be a pita, but one that I forced on myself, this sucker is remote.

Here's the output(s):

uname -a

freebsd-version -kru
12.3-STABLE
12.3-STABLE
12.3-STABLE

uname -a
FreeBSD a.localdomain 12.3-STABLE FreeBSD 12.3-STABLE plus-RELENG_22_01-n202637-97cc5c23e13 pfSense amd64

stephenw10

Ok, the latest stable repo branch is showing 22.01 or 2.6?

It needs to be 22.01. If it is then I would first try this:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#upgrade-not-offered-library-errors

ns

@stephenw10 pulling the keys from git looks like it resolved the key issue. I'm somewhere between the CE>+ migration, but at least the FW is running. I'll leave it like this for the time being. Thank you for the assistance.

stephenw10

Ah, good call!