No trusted public keys found
-
I've recently upgraded from 2.5.2 to pfSense Plus 22.01 and my updates and packages are broken due to what appears to be a missing or incorrect key.
When I try to install new packages the available packages list is empty and when I try to update (I know there aren't any, but just trying to figure out the problem) it says:
Unable to check for updates
22.01-RELEASE][root@pfsense.ascendencyhome.net]/usr/local/share/pfSense/keys/pkg/trusted: pkg-static update -f Updating pfSense-core repository catalogue... Fetching meta.conf: 100% 163 B 0.2kB/s 00:01 Fetching packagesite.pkg: 100% 2 KiB 1.7kB/s 00:01 pkg-static: No trusted public keys found Unable to update repository pfSense-core Updating pfSense repository catalogue... Fetching meta.conf: 100% 163 B 0.2kB/s 00:01 Fetching packagesite.pkg: 100% 149 KiB 152.9kB/s 00:01 pkg-static: No trusted public keys found Unable to update repository pfSense Error updating repositories!
Keys appear to be present:
[22.01-RELEASE][root@pfsense.ascendencyhome.net]/usr/local/share/pfSense/keys/pkg/trusted: ls -alh total 19 drwxr-xr-x 2 root wheel 5B Feb 14 19:26 . drwxr-xr-x 4 root wheel 4B Feb 7 10:32 .. -rw-r--r-- 1 root wheel 95B Feb 7 10:32 beta.pfsense.org.20151223 -rw-r--r-- 1 root wheel 95B Feb 7 10:32 pkg.pfsense.org.20160406 -rw-r--r-- 1 root wheel 94B Feb 14 19:24 plus.pfsense.org.20220214
What am I missing here?
-
Try running
pkg-static -d update
to get more debug info.Steve
-
@stephenw10 said in No trusted public keys found:
The signatures in the key files don't match what is on GitHub for 2.6. I don't know if that's correct because I'm on Plus or not. I can post them here (presumably they're public), but I don't know if that's acceptable or not...
# pkg-static -d update DBG(1)[60044]> pkg initialized Updating pfSense-core repository catalogue... DBG(1)[60044]> PkgRepo: verifying update for pfSense-core DBG(1)[60044]> PkgRepo: need forced update of pfSense-core DBG(1)[60044]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite' DBG(1)[60044]> Request to fetch pkg+https://packages.netgate.com/pfSense_v2_6_0_amd64-core/meta.conf DBG(1)[60044]> opening libfetch fetcher DBG(1)[60044]> Fetch > libfetch: connecting DBG(1)[60044]> Fetch: fetching from: https://files00.netgate.com/pfSense_v2_6_0_amd64-core/meta.conf with opts "i" DBG(1)[60044]> Fetch: fetcher chosen: https Fetching meta.conf: 100% 163 B 0.2kB/s 00:01 DBG(1)[60044]> Request to fetch pkg+https://packages.netgate.com/pfSense_v2_6_0_amd64-core/packagesite.pkg DBG(1)[60044]> opening libfetch fetcher DBG(1)[60044]> Fetch > libfetch: connecting DBG(1)[60044]> Fetch: fetching from: https://files00.netgate.com/pfSense_v2_6_0_amd64-core/packagesite.pkg with opts "i" DBG(1)[60044]> Fetch: fetcher chosen: https Fetching packagesite.pkg: 100% 2 KiB 1.7kB/s 00:01 DBG(1)[60044]> PkgRepo: extracting packagesite.yaml of repo pfSense-core DBG(1)[60254]> PkgRepo: extracting signature of repo in a sandbox pkg-static: No trusted public keys found Unable to update repository pfSense-core Updating pfSense repository catalogue... DBG(1)[60044]> PkgRepo: verifying update for pfSense DBG(1)[60044]> PkgRepo: need forced update of pfSense DBG(1)[60044]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite' DBG(1)[60044]> Request to fetch pkg+https://packages.netgate.com/pfSense_v2_6_0_amd64-pfSense_v2_6_0/meta.conf DBG(1)[60044]> opening libfetch fetcher DBG(1)[60044]> Fetch > libfetch: connecting DBG(1)[60044]> Fetch: fetching from: https://files01.netgate.com/pfSense_v2_6_0_amd64-pfSense_v2_6_0/meta.conf with opts "i" DBG(1)[60044]> Fetch: fetcher chosen: https Fetching meta.conf: 100% 163 B 0.2kB/s 00:01 DBG(1)[60044]> Request to fetch pkg+https://packages.netgate.com/pfSense_v2_6_0_amd64-pfSense_v2_6_0/packagesite.pkg DBG(1)[60044]> opening libfetch fetcher DBG(1)[60044]> Fetch > libfetch: connecting DBG(1)[60044]> Fetch: fetching from: https://files01.netgate.com/pfSense_v2_6_0_amd64-pfSense_v2_6_0/packagesite.pkg with opts "i" DBG(1)[60044]> Fetch: fetcher chosen: https Fetching packagesite.pkg: 100% 149 KiB 152.9kB/s 00:01 DBG(1)[60044]> PkgRepo: extracting packagesite.yaml of repo pfSense DBG(1)[60259]> PkgRepo: extracting signature of repo in a sandbox pkg-static: No trusted public keys found Unable to update repository pfSense Error updating repositories!
-
Your pkg repo is still pointing at the 2.6 branch. If you do to the System > Update do you see 22.01 as the current version?
Steve
-
No, it still says 2.6 even though I have changed it and saved it multiple times.
What's the best way to manually change it?
-
Does it still show as registered in System > Register?
What update branches is it offering you?
Steve
-
It's only showing 2.6
I had a system Register, but now it's gone.
I guess I'm going to have to reinstall?
Sigh...
-
I reinstalled, restored my configuration and then upgraded to plus. Everything appears to be working correctly now.
-
I'm hitting the same issue after switching to pfsense+, hoping I can try some other troubleshooting techniques before doing a wipe/reload.
[22.01-RELEASE][admin@localdomain]/root: pkg-static -d update
DBG(1)[34629]> pkg initialized
Updating pfSense-core repository catalogue...
DBG(1)[34629]> PkgRepo: verifying update for pfSense-core
DBG(1)[34629]> PkgRepo: need forced update of pfSense-core
DBG(1)[34629]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
DBG(1)[34629]> Request to fetch pkg+https://beta.pfsense.org/packages/pfSense_master_amd64-core/meta.conf
DBG(1)[34629]> opening libfetch fetcher
DBG(1)[34629]> Fetch > libfetch: connecting
DBG(1)[34629]> Fetch: fetching from: https://files01.netgate.com/packages/pfSense_master_amd64-core/meta.conf with opts "i"
DBG(1)[34629]> Fetch: fetcher chosen: https
Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
DBG(1)[34629]> Request to fetch pkg+https://beta.pfsense.org/packages/pfSense_master_amd64-core/packagesite.pkg
DBG(1)[34629]> opening libfetch fetcher
DBG(1)[34629]> Fetch > libfetch: connecting
DBG(1)[34629]> Fetch: fetching from: https://files01.netgate.com/packages/pfSense_master_amd64-core/packagesite.pkg with opts "i"
DBG(1)[34629]> Fetch: fetcher chosen: https
Fetching packagesite.pkg: 100% 2 KiB 1.8kB/s 00:01
DBG(1)[34629]> PkgRepo: extracting packagesite.yaml of repo pfSense-core
DBG(1)[34843]> PkgRepo: extracting signature of repo in a sandbox
pkg-static: No trusted public keys found
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
DBG(1)[34629]> PkgRepo: verifying update for pfSense
DBG(1)[34629]> PkgRepo: need forced update of pfSense
DBG(1)[34629]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
DBG(1)[34629]> Request to fetch pkg+https://beta.pfsense.org/packages/pfSense_master_amd64-pfSense_devel/meta.conf
DBG(1)[34629]> opening libfetch fetcher
DBG(1)[34629]> Fetch > libfetch: connecting
DBG(1)[34629]> Fetch: fetching from: https://files00.netgate.com/packages/pfSense_master_amd64-pfSense_devel/meta.conf with opts "i"
DBG(1)[34629]> Fetch: fetcher chosen: https
Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
DBG(1)[34629]> Request to fetch pkg+https://beta.pfsense.org/packages/pfSense_master_amd64-pfSense_devel/packagesite.pkg
DBG(1)[34629]> opening libfetch fetcher
DBG(1)[34629]> Fetch > libfetch: connecting
DBG(1)[34629]> Fetch: fetching from: https://files00.netgate.com/packages/pfSense_master_amd64-pfSense_devel/packagesite.pkg with opts "i"
DBG(1)[34629]> Fetch: fetcher chosen: https
Fetching packagesite.pkg: 100% 152 KiB 155.7kB/s 00:01
DBG(1)[34629]> PkgRepo: extracting packagesite.yaml of repo pfSense
DBG(1)[35151]> PkgRepo: extracting signature of repo in a sandbox
pkg-static: No trusted public keys found
Unable to update repository pfSense
Error updating repositories! -
The system time is ok ?
-
@gertjan Indeed: Current date/time
Fri Sep 16 10:36:35 EDT 2022I have tried switching different update branches from the UI, same results.
-
What branch do you have selected?
Looks like you might be trying to hit the dev branch which would be 22.09/22.11 at this point. Make sure you're set to latest stable to see 22.05.
Steve
-
@stephenw10 I get the same results from all branches; here's the output from 2.6.0
pkg-static -d update
DBG(1)[9368]> pkg initialized
Updating pfSense-core repository catalogue...
DBG(1)[9368]> PkgRepo: verifying update for pfSense-core
DBG(1)[9368]> PkgRepo: need forced update of pfSense-core
DBG(1)[9368]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense-core.sqlite'
DBG(1)[9368]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_6_0_amd64-core/meta.conf
DBG(1)[9368]> opening libfetch fetcher
DBG(1)[9368]> Fetch > libfetch: connecting
DBG(1)[9368]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_6_0_amd64-core/meta.conf with opts "i"
DBG(1)[9368]> Fetch: fetcher chosen: https
Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
DBG(1)[9368]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_6_0_amd64-core/packagesite.pkg
DBG(1)[9368]> opening libfetch fetcher
DBG(1)[9368]> Fetch > libfetch: connecting
DBG(1)[9368]> Fetch: fetching from: https://pkg01-atx.netgate.com/pfSense_v2_6_0_amd64-core/packagesite.pkg with opts "i"
DBG(1)[9368]> Fetch: fetcher chosen: https
Fetching packagesite.pkg: 100% 2 KiB 1.7kB/s 00:01
DBG(1)[9368]> PkgRepo: extracting packagesite.yaml of repo pfSense-core
DBG(1)[9600]> PkgRepo: extracting signature of repo in a sandbox
pkg-static: No trusted public keys found
Unable to update repository pfSense-core
Updating pfSense repository catalogue...
DBG(1)[9368]> PkgRepo: verifying update for pfSense
DBG(1)[9368]> PkgRepo: need forced update of pfSense
DBG(1)[9368]> Pkgrepo, begin update of '/var/db/pkg/repo-pfSense.sqlite'
DBG(1)[9368]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_6_0_amd64-pfSense_v2_6_0/meta.conf
DBG(1)[9368]> opening libfetch fetcher
DBG(1)[9368]> Fetch > libfetch: connecting
DBG(1)[9368]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_6_0_amd64-pfSense_v2_6_0/meta.conf with opts "i"
DBG(1)[9368]> Fetch: fetcher chosen: https
Fetching meta.conf: 100% 163 B 0.2kB/s 00:01
DBG(1)[9368]> Request to fetch pkg+https://pkg.pfsense.org/pfSense_v2_6_0_amd64-pfSense_v2_6_0/packagesite.pkg
DBG(1)[9368]> opening libfetch fetcher
DBG(1)[9368]> Fetch > libfetch: connecting
DBG(1)[9368]> Fetch: fetching from: https://pkg00-atx.netgate.com/pfSense_v2_6_0_amd64-pfSense_v2_6_0/packagesite.pkg with opts "i"
DBG(1)[9368]> Fetch: fetcher chosen: https
Fetching packagesite.pkg: 100% 149 KiB 153.0kB/s 00:01
DBG(1)[9368]> PkgRepo: extracting packagesite.yaml of repo pfSense
DBG(1)[9650]> PkgRepo: extracting signature of repo in a sandbox
pkg-static: No trusted public keys found
Unable to update repository pfSense
Error updating repositories! -
Hmm, you were running 22.01 and trying to upgrade to 22.05 I assume?
You shouldn't be seeing 2.6 as an available branch at all.
What i the history on that install?
-
@stephenw10 I went from the 2.7.0 (last nightly from 8/30 IIRC) to Pfsense+
-
Ah, OK. Yes, that's not (yet) a supported upgrade path. Curently you can only upgrade between 2.6 and 22.01. You can then update to 22.05.
Are you able to re-install clean? That's probably going to be the quickest way back.
Otherwise try running
freebsd-version -kru
anduname -a
to see what you have ended up with. -
@stephenw10 said in No trusted public keys found:
Wipe and reload is going to be a pita, but one that I forced on myself, this sucker is remote.
Here's the output(s):
uname -a
freebsd-version -kru
12.3-STABLE
12.3-STABLE
12.3-STABLEuname -a
FreeBSD a.localdomain 12.3-STABLE FreeBSD 12.3-STABLE plus-RELENG_22_01-n202637-97cc5c23e13 pfSense amd64 -
Ok, the latest stable repo branch is showing 22.01 or 2.6?
It needs to be 22.01. If it is then I would first try this:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#upgrade-not-offered-library-errors -
@stephenw10 pulling the keys from git looks like it resolved the key issue. I'm somewhere between the CE>+ migration, but at least the FW is running. I'll leave it like this for the time being. Thank you for the assistance.
-
Ah, good call!