PGP SIGNATURES /opt/pakfire/db

Hi everyone!
I have a question about PGP signatures.
When I crawl the mirrors for ipfire, for eg I have on mirror1/ the following file:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

HTTPS;firemirror.scp-systems.ch;pakfire2/2.27;
HTTPS;ftp.belnet.be;mirror/ipfire/current/pakfire2/2.27;
HTTPS;ftp.fau.de;ipfire/pakfire2/2.27;
HTTPS;ftp.gwdg.de;pub/linux/ipfire/pakfire2/2.27;
HTTPS;ftp.yz.yamagata-u.ac.jp;pub/network/security/ipfire/pakfire2/2.27;
HTTPS;ipfire.earl-net.com;pakfire2/2.27;
HTTPS;mirror1.ipfire.org;pakfire2/2.27;
HTTPS;mirror7.ipfire.org;pakfire2/2.27;
HTTPS;mirror.aarnet.edu.au;pub/ipfire/pakfire2/2.27;
HTTPS;mirror.cedia.org.ec;ipfire/pakfire2/2.27;
HTTPS;mirror.clarkson.edu;ipfire/pakfire2/2.27;
HTTPS;mirror.csclub.uwaterloo.ca;ipfire/pakfire2/2.27;
HTTPS;mirror.datacenter.by;pub/ipfire/pakfire2/2.27;
HTTPS;mirror.easyname.at;ipfire/pakfire2/2.27;
HTTPS;mirror.ihost.md;ipfire/pakfire2/2.27;
HTTPS;mirror.marwan.ma;ipfire/pakfire2/2.27;
HTTPS;mirrors.dotsrc.org;ipfire/pakfire2/2.27;
HTTPS;mirrors.ocf.berkeley.edu;ipfire/pakfire2/2.27;
HTTPS;mirrors.up.pt;pub/ipfire/pakfire2/2.27;
HTTPS;mirror.vtti.vt.edu;ipfire/pakfire2/2.27;
HTTPS;muug.ca;mirror/ipfire/pakfire2/2.27;
HTTPS;quantum-mirror.hu;mirrors/pub/ipfire/pakfire2/2.27;
HTTPS;www.mirrorservice.org;sites/downloads.ipfire.org/pakfire2/2.27;
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEPsqKpEeCCLkku5Ygb+96jtcTWUsFAmW//+4ACgkQb+96jtcT
WUtHVhAAgfkqe47dK2jsEfYnj746GhowfPzJG6ZoryHGCJkJ12M+ArG0cZwf7omX
LkCWruQR+A6uYCV7SHR9Uldb1pmh/WoZoImiZweznuvbgR483mJ3fSXY5Kq87SRy
imvHtILTp2zOUg6YvKDoukPZs9QdTmmu8SJV0cgNfet8xYpzwD/B7hpYl+KBFUL2
gfFlrdvq5o1LpbwnOurzXuVaAwKUCZagQ7hD1lWTvrsQ2b70Uy6RJhvNdvaxCx1T
HqvyuC0iqbxY0PoiBrZdP4gs2rCvBfgZlSMgtd16Zf/stjdZPQvBTSrPu2TshAHc
qtdhBNWF2zGrJQGTJ+cs6QtOGpDnGzev6vmRWYcMzP9WLu9AUcwLCQG73W80SI4k
9cdbLyJ6j5MYrtEeDbGJDEy1EDCXN6Zmck0wy2SCmJHIXOu3CwAbJ6aYYo2QTAV0
ntyekWur39g3mwLKDuTZTNZcTPq4Ek6TRmJFndpWExGgXA/CE5rVRkY1ScW87jK2
76ig3ntxBaARp64FXYrRtjy/K6TfMjq+7g1M2Xip7zFyFsSJT0JE5CYp0rerpcVc
Yg7XxY5f7NfjI4bLydNX4EcHW/OiW0RX51i38F+S9wgbAa2mRgexOumFrmrUplnV
kMp68xpapI8i3b3u6iTEFh+NwURG1coZqein6+7/m3fYYru5nJ4=
=q+yY
-----END PGP SIGNATURE-----

but when I inspect my server.list.db what I get is:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

HTTPS;firemirror.scp-systems.ch;pakfire2/2.27;
HTTPS;ftp.belnet.be;mirror/ipfire/current/pakfire2/2.27;
HTTPS;ftp.fau.de;ipfire/pakfire2/2.27;
HTTPS;ftp.yz.yamagata-u.ac.jp;pub/network/security/ipfire/pakfire2/2.27;
HTTPS;ipfire.earl-net.com;pakfire2/2.27;
HTTPS;mirror1.ipfire.org;pakfire2/2.27;
HTTPS;mirror7.ipfire.org;pakfire2/2.27;
HTTPS;mirror.aarnet.edu.au;pub/ipfire/pakfire2/2.27;
HTTPS;mirror.cedia.org.ec;ipfire/pakfire2/2.27;
HTTPS;mirror.datacenter.by;pub/ipfire/pakfire2/2.27;
HTTPS;mirror.easyname.at;ipfire/pakfire2/2.27;
HTTPS;mirror.ihost.md;ipfire/pakfire2/2.27;
HTTPS;mirror.marwan.ma;ipfire/pakfire2/2.27;
HTTPS;mirrors.dotsrc.org;ipfire/pakfire2/2.27;
HTTPS;mirrors.ocf.berkeley.edu;ipfire/pakfire2/2.27;
HTTPS;mirrors.up.pt;pub/ipfire/pakfire2/2.27;
HTTPS;mirror.vtti.vt.edu;ipfire/pakfire2/2.27;
HTTPS;muug.ca;mirror/ipfire/pakfire2/2.27;
HTTPS;quantum-mirror.hu;mirrors/pub/ipfire/pakfire2/2.27;
HTTPS;www.mirrorservice.org;sites/downloads.ipfire.org/pakfire2/2.27;
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEPsqKpEeCCLkku5Ygb+96jtcTWUsFAmW4CGUACgkQb+96jtcT
WUtKLw//XVKWz6ynkWOHNbGaT5FPopqhtMTs9oWVIY7Xkh1uMwuc8sX34V1pYxnA
jquBH9hrQblH4uqmsF1GXJzsBUlWhUy8a9yvBnKuJIMVK1ZYzsLbkYl086BhHJrx
48QGrI1dNG/4RDoMlLTOaLs26O3enkgapEFlH27UaQOqVbsvVT7NgxmxBLnnzl8m
H7k+PfHJasiqGyL+SBAglYo0LOc9xenTOYCCnw2ivl7a3stXkeraIKZhItrCxc/V
CnHf6zqyzpn0409gbvMofeqaMZbej/9YEEXueOegrjxvnypn0fHzkqlvF1f0qoUM
C4DoV7tZ6tga3Qp+OBoisgdR1ky9Y6C5AhKmosiYTQNFGnAqCoE3O1w9Q0oM6pbG
MCbZFROaVFAFg1ongdWj3QwrxJ1OtiRHwESH3gMniRjpq1rbKywDiNcqeZXCx1aH
tTwZYKDzSCKv05lYFHgQ/vehpoFLW3fspx9bJxcvFAQR3BFv8I5UIV1tB2yBN7Im
n/Ij75aij6brT578Z5SXFsbUneoUroZJOmwI0b0c0v75pafAjYCIAs466UARXKk+
XrvK0xRRpImhMiz8wmb+Ab7e3WkLNsS3wpIjOzlhCFbaVPwyDzG61N90DgGXYYNP
7T+8mBAKt2C9ViMu5KPudno2Odl8JYc+DwUpwBsbqWblEgQPoPw=
=lL7J
-----END PGP SIGNATURE-----

I thought once the files are equal they should have the same PGP’s signatures shouldn’t they? Wonder if this PGP’s signatures difference is preventing me from pakfire update my system.
Are they supposed to be different?
Regards
G70P

Depending on various things the server-list.db can change over time. So it could depend on which mirror system you have compared it to and what time they last updated and also the last time that the filke was updated on your IPFire system.

I just looked on my system and the file was last updated at 04:00 today. I then pressed the update files button on pakfire and after that the files on my IPFire had a time of 13:31 from today.

The signature in the two files was different, and the latest version I downloaded had an extra server listed compared to the list from 04:00

I then updated again so the file time changed to 13:34 and now the signature in the file was the same as the one from 13:31

So update the files first then look at the file to see, but also check what the last time that the update of the mirror you are comparing it with was done.

Also if you look at the two lists that you show the first that you got from a mirror server has 22 mirror servers listed and the second list which you got from your IPFire system has 19 mirror servers listed. So the signatures will be different as the content of the file is different.

1 Like

Thks Adolf,
The issue, of different, messages is resolved, if they aren’t equal of course the SHA512 must be diffrent. I Would like to understand how pakfire checks file integrity and signatures of files (PGP --verify), I can’t understand why pakfire is pushing me core 162

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

$core_release="162";
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEPsqKpEeCCLkku5Ygb+96jtcTWUsFAmXA0ycACgkQb+96jtcT
WUs/xg/5AVesQObaVN9nkgvLRVHXgNLBPTmtz3uxrGrkDr6vKbO7RIqO7zvUxRQ2
tDYfZRkn35mWJ4r71TSa+G9ys8cyWk6clSLOQM2DoxFHzeE5oWbscl5jB+M/Z/gy
xLDW+svwuCgh5lS5IuHyOeDcM2zK5W+UVRAJ0CwjXfx/hBcWxLLo2Ylri7knEj0G
cVVX0aLBl58fkUjDEX6cfdYxUP2eCWKkhAY0FyG54RUx6jUWtH/b93fRp07rPekp
KSkoVIBL9da3vzsic+Hae8oA6ZfWN7eICPOEl0ccGlKn3PXekYB03GsZz60HfKx1
6gfg8JTJtm8l88rhoufQkleGv7oFaRHDNZBpzh6CWNkJa5qia+T/aQlqvhLqG9CN
TW+ln5Ki5DCkEZkmMJ6ZjOefTeon8elOBlllfhyy5qeu6TXi01Y/kjxU0BlDLklX
p3vaGvPWMfMLiERMhFduQ9yC7F/WwEl4h9SGis7/nk8p4eDiDkteU4V9trso9xs7
Kk5yFPBOUDcBF4pe8jPsSly2fKvjurFVimGbNS7Jmc+hpjsZ1dp6RGHITwwMmQEm
EvbfyM1MFU2FWyOrWRtAdac0Kqy3iGo+zJxCl97BSxmKQXSurTM7yINoRhek96P2
ZOa58XP65E6v8ZfCKKVY5UKk/I2JHBl/23lH4YqBvp5sRpLoM/M=
=xnkL
-----END PGP SIGNATURE-----

Update was today 05.02.2024 @ 13.41

I also can’t understand.

Mine is showing Core Update 182

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

$core_release="182";
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEPsqKpEeCCLkku5Ygb+96jtcTWUsFAmXAqfgACgkQb+96jtcT
WUu/DQ//RdDngq0XbBlIsD/5xj7+rT2OrVwN25LIow5E7L8YGJpGaLF9JD4dYYDQ
grLJPEW6efafMzaaXuAyDooMrRFMs6rtFLobNxizG9KuPZyOoKMlGH1/4VHFkm20
rszsFMjZW9qubT/7h4gNFq5ac5snS+Lr0DSTvoVwa/uk/XlMtw4i17vr/uB3kB65
I9nKlhhYAH90sk/JQOuy4XGEg39dElPAdP1qMKdgDnAfVp+N71553BxX+GxJ2BfN
7eyy0OEKTkQlbHJ6djfyAMcWehcCts+G6ZAGUzwqsK0RpACXIIZV/GNykIckcZds
rgNYX3szJn1U+Qn3gNDqrfUOuJRq7bgqQWbj6KPr3Xg2rMIjRAnlmnnC5pPfXzyF
toIstEjllD8mc3o6YEXUOqCNiDp8t7OsZA1+p0dnJlqyDSN6Y+47XAlGNYs2FC8f
kubUVk6a8JESslhbX8SgwRwRlnW0/kH7W1/Z3k8rsTwsoN7nPeJzid21VmhOLmmq
If3dLFKOFjRu2Iu2/PSDTlmOy1PlwYAG4JoimCjdq97jDZkkuCOs8TOcBz6HVIkE
2p+Mj541Qcg1b0fnh101mLxh1JZarrJ4WODYhq0OO2p6iT9OuvshbPSI1cK9b/j4
rW5G55RkzwKIO19c4fzX2SoGAu5Bv1A2CYIEQfAT0hZcDPibOuU=
=PTln
-----END PGP SIGNATURE-----

and that is the one was was provided when I did my last update at 13:34

ls -hal /opt/pakfire/db/lists/
total 24K
drwxr-xr-x 2 root root 4.0K Feb  5 13:34 .
drwxr-xr-x 7 root root 4.0K Jun 26  2023 ..
-rw-r--r-- 1 root root  903 Feb  5 13:34 core-list.db
-rw-r--r-- 1 root root 5.2K Feb  5 13:34 packages_list.db
-rw-r--r-- 1 root root 2.0K Feb  5 13:34 server-list.db

I would suggest pressing the Refresh list button again on the Pakfire WUI page.

From your listing it looks like somehow you only updated the core-list.db file because the packages_list.db and server-list .db files are much older - from 22:27 and 22:37 on 4th Feb.

Using the pakfire Refresh list button updates all the files at the same time.

1 Like

Can you look through your pakfire log to see which mirror provided that core-list.db

I just manually checked a couple of mirrors and they both had 182 in the core-list.db file.

This shows my logs for the update that I did at 13:34

13:34:48 pakfire:  PAKFIRE INFO: Pakfire has finished. Closing.
13:34:48 pakfire:  DOWNLOAD FINISHED: ipfire/pakfire2/2.27-x86_64/lists/core-list.db
13:34:48 pakfire:  DOWNLOAD INFO: Signature of core-list.db is fine.
13:34:48 pakfire:  DOWNLOAD INFO: File received. Start checking signature...
13:34:48 pakfire:  DOWNLOAD INFO: HTTP-Status-Code: 200 - 200 OK
13:34:47 pakfire:  DOWNLOAD INFO: ipfire/pakfire2/2.27-x86_64/lists/core-list.db has size of 903 bytes
13:34:46 pakfire:  DOWNLOAD INFO: Host: mirrors.ocf.berkeley.edu (HTTPS) - File: ipfire/pakfire2/2.27-x86_64/lists/core-list.db
13:34:46 pakfire:  MIRROR INFO: 20 servers found in list
13:34:46 pakfire:  DOWNLOAD STARTED: lists/core-list.db
13:34:46 pakfire:  CORE INFO: core-list.db is 201 seconds old. - DEBUG: force

and it can be seen that the mirrors.ocf.berkeley.edu was the mirror used to download the core-list.db file.

Got the file from this mirror.
https://mirrors.dotsrc.org/ipfire/pakfire2/2.27/lists/
Regards

I just manually checked the file at that mirror

http://mirrors.dotsrc.org/ipfire/pakfire2/2.27-x86_64/lists/core-list.db

and it has 182 in it.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

$core_release="182";
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEPsqKpEeCCLkku5Ygb+96jtcTWUsFAmXA0yEACgkQb+96jtcT
WUsguxAAja44ZRKrJbJGguxBCUSEpEDuthV1fM5hRwSi1CBKGVZVOzDx8KtEdNyZ
ueWuxhc+j/03FGm3/nO26C/VXKc5J+SSw39Zl9djmNv40qEdhvo+dUlhSH8ai+1a
fZdH/rAg/NaUXsKV1+Sfk8a/W3ianW1jBGAVsRZTLRPhSiIIVFwTvX2RGlQMmsPI
cBPNswcRULqd1T+E3ccJkDj0ZBBR0x30LGbjZ3pX3Dtd5P8xol/XQIikoj5ZtG2W
P/X1TXsRdTBuk89YV9cTgRzHIovYuhMlEDCt8Y+GYr6+IjvM8uHM0kGXO0MwJwOx
uwj7NgusK9JHhWK+OzUi12dM4EPNWZWPqr44jwBTvPSIKd6kzIxqWwIaOVSUV+m2
izF4YdIyz20xkmqoZexfvH1r1SQzSOdJa6NBCtTNts1vo97sR0w54GnsLqrjFVD8
GU1dJPfQUJi8Mxw2t/iT9dZMBiD7YIrbFN5/PPyXJWGTwvt8XfYq+/LjTIvc12/Y
6EdLQeqejppTxcOKP50Z2SyTDOjmWEzQTZ/ND0aVrFiG1jcrNeWKLj6Jr2Db404g
dzMmDaKOy5C3nUSh89WMZuTof7kyrxxWQpncI6B/MbwHsIAFpWBSBV4zXgP/af9j
O0vdcoJnPSV/tLKWNMBfmyvcWtbkqUSTQa9sHWzDeMfc8KBELGo=
=GlsV
-----END PGP SIGNATURE-----

I notice that your url has
ipfire/pakfire2/2.27/lists/

while the correct location is
ipfire/pakfire2/2.27-x86_64/lists
for x86_64 or

ipfire/pakfire2/2.27-aarch64/lists
for aarch64 (arm systems).

Can you please show the pakfire logs for the download of the core-list.db, packages_list.db and server-list.db files. I would like to see if there are any messages that can give a clue why pakfire tried to download from the wrong directory location and then failed to download and update the packages and server lists.

2 Likes

Arent we up to
/ipfire/pakfire2/2.29.x. for 182?

I was looking at this list at:
https://mirrors.dotsrc.org/ipfire/pakfire2/

and seeing this:

But this may not be the right place to look… Sorry if I am confusing things!

No. That occurs with Core Update 183.

/ipfire/pakfire2/2.29-x86_64/lists

still has 182 listed.

/ipfire/pakfire2/2.29.1-x86_64/lists

has 183 listed

/ipfire/pakfire2/2.29.2-x86_64/lists

has 184 listed so it looks like the .1 and .2 versions are for the testing and unstable, although that is a guess on my part. You would have to go through the code to figure out how it does this.

Either way, that is why pakfire is used for this as it knows which directories in the mirrors to go to to get the required lists etc.

@g70p are you trying to download the files using pakfire or are you attempting to manually download the files from the mirror directories?

1 Like

@g70p , which Core Update are you running?
CU 162 was the last x586 version. Maybe this also splitted the mirror directories.

1 Like

Yes, that one I did see.

I thought that at first but there are earlier major versions such as 2.25 and 2.23 that also have the directories split by architecture so there must be a different reason for the split.

I also wondered about the change in the download file naming but that occurred around CU170 so would not have had the splits in earlier major versions.

If someone is really interested in that then they need to go and read the code for pakfire.cgi and the pakfire application to figure out what is being done.

Pakfire is doing its job well for me.

We just need to understand if the problem of accessing the incorrect mirror directory is a bug in pakfire or not.

1 Like

My steps were:

  1. Since July I was on 182 testing.
  2. After 182 official release I changed to 182 stable.
  3. Last week I tweaked some firewall rules and also started using internal DNS servers with portforward as described in optimization.
    I also added libvirt and qemu (for learning and future use) and turned on webproxy.
  4. The logs weren’t catching ipadresses neither locationblock
  5. Afterthen pakfire stoped working (I thought it would be because of webproxy because wget was showing SSL errors)
  6. I looked for pakfire config and tested the only use one mirror.
  7. Once only one mirror was not working too I got back to lists.db. I thought that 2.27 without dash (/) would contact 2.27-x86_64. Ok my mistake
  8. just shutdown PC with firewall and doesn’t turn on
    From here I m unable to go further.
    So might be in the process and changes I did something … no bugs.
    Thank you for your help.
    .

Can you expand on this a bit more.

Is it that nothing happens at all when you turn it on. No characters at all on the screen, absolutely nothing.
If that is the case then that sounds more like a hardware problem that the PC has died.

If IPFire starts and gets to the grub menu but then stops then that could be that your change to 182 stable did not actually update to the latest changes in 182, such as the reversion of the grub change. However that grub issue would not have had any relationship to the problems you had with logs not catching anything or pakfire not working.

When you did the change to 182 stable, did you just change the branch from Testing to Stable on the Pakfire WUI page.
If so then pakfire will not have updated anything as it will have considered that the system was already at 182.

There is a way to force the update by decrementing the value in /opt/pakfire/db/core/mine but this requires you to be able to actually start your system.

If it is not starting at all then I would suggest your best bet might be to do a fresh install of 182 and then do a restore of your backup.

2 Likes

One thing I forgot is that you would only be affected by the original grub bug in Core Update 182 if you have installed your IPFire using an xfs file system rather than an ext4 file system.

Which file system did you use when you originally installed IPFire on your system?

@bonnietwin
Actually it was a hardware problem. I changed the Power Suply and it turned on.
Perfect.
Actually by mistake I was blocking ICMP from Red to Green in firewall.
As well the DNS server was pointing to LAN and Gateway but was missing some public IP as 8.8.8.8. This together was preventing pakfire from http connection to servers.
Meanhile I added -x86_64 to the lists. Update the 3 files in db directory as well is performing info and addons with 200 OK
Is working now like a charm.
I appreciate and I’m thankfull for helping and ackowledge it was a human error - mine.

Captura de ecrã 2024-02-06 135004

2 Likes

2 posts were split to a new topic: Question about xfs filesystem