Bug 254434 - ports-mgmt/pkg pkg: cannot parse fingerprints: error while parsing <unknown>: line: 1, column: 0 - 'key must begin with a letter', character: '-'
Summary: ports-mgmt/pkg pkg: cannot parse fingerprints: error while parsing <unknown>:...
Status: Closed Not A Bug
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-pkg (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-03-20 14:00 UTC by Graham Perrin
Modified: 2023-12-13 02:23 UTC (History)
6 users (show)

See Also:
bugzilla: maintainer-feedback? (pkg)
grahamperrin: maintainer-feedback? (markj)
grahamperrin: maintainer-feedback? (kevans)


Attachments
Output from pkg -vv (3.28 KB, text/plain)
2021-08-19 03:12 UTC, Graham Perrin
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Graham Perrin freebsd_committer freebsd_triage 2021-03-20 14:00:37 UTC
For example, from <https://codeberg.org/pkgbase/website/issues/3#issuecomment-183652>: 

root@mowa219-gjp4-8570p:~ # pkg update
Updating FreeBSD repository catalogue...
Fetching packagesite.txz: 100%    6 MiB   6.4MB/s    00:01    
pkg: cannot parse fingerprints: error while parsing <unknown>: line: 1, column: 0 - 'key must begin with a letter', character: '-'
Processing entries: 100%
Fetching provides database: 100%   14 MiB   7.3MB/s    00:02    
Extracting database....success
FreeBSD repository update completed. 30278 packages processed.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
Updating poudriere repository catalogue...
poudriere repository is up to date.
All repositories are up to date.
root@mowa219-gjp4-8570p:~ # 

----

% ls -hlrt /usr/local/etc/pkg/repos/
total 1
-rw-r--r--  1 root  wheel    30B  1 Feb  2019 FreeBSD.conf
-rw-r--r--  1 root  wheel   138B 12 Jan 14:25 poudriere.conf
-rw-r--r--  1 root  wheel   208B  7 Mar 01:41 base.conf
-rw-------  1 root  wheel    11M  7 Mar 10:00 bectl.core
% cat /usr/local/etc/pkg/repos/FreeBSD.conf
FreeBSD: {
    priority: 3,
}
% cat /usr/local/etc/pkg/repos/poudriere.conf
poudriere: {
        url: "file:///usr/local/poudriere/data/packages/main-default",
        enabled: yes,
        priority: 4,
        CONSERVATIVE_UPGRADE: false,
}
% cat /usr/local/etc/pkg/repos/base.conf
# FreeBSD pkgbase repo

FreeBSD-base: {
  url: "https://alpha.pkgbase.live/current/${ABI}/latest",
  signature_type: "pubkey",
  pubkey: "/usr/share/keys/pkg/trusted/alpha.pkgbase.live.pub",
  enabled: yes
}
% cat /etc/pkg/FreeBSD.conf 
# $FreeBSD$
#
# To disable this repository, instead of modifying or removing this file,
# create a /usr/local/etc/pkg/repos/FreeBSD.conf file:
#
#   mkdir -p /usr/local/etc/pkg/repos
#   echo "FreeBSD: { enabled: no }" > /usr/local/etc/pkg/repos/FreeBSD.conf
#

FreeBSD: {
  url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
  mirror_type: "srv",
  signature_type: "fingerprints",
  fingerprints: "/usr/share/keys/pkg",
  enabled: yes
}
%
Comment 1 Baptiste Daroussin freebsd_committer freebsd_triage 2021-08-18 09:28:14 UTC
is this still happening, if yes can you show me the output of pkg -vv
Comment 2 Graham Perrin freebsd_committer freebsd_triage 2021-08-19 03:12:42 UTC
Created attachment 227313 [details]
Output from pkg -vv

(In reply to Baptiste Daroussin from comment #1)

Yes …
Comment 3 Baptiste Daroussin freebsd_committer freebsd_triage 2021-08-21 04:56:08 UTC
can you show me the output of ls /usr/share/keys/pkg
Comment 4 Graham Perrin freebsd_committer freebsd_triage 2021-08-21 14:26:19 UTC
% ls -hlR /usr/share/keys/pkg
total 1
drwxr-xr-x  2 root  wheel     2B 13 Dec  2018 revoked
drwxr-xr-x  2 root  wheel     4B 13 Aug 22:40 trusted

/usr/share/keys/pkg/revoked:
total 0

/usr/share/keys/pkg/trusted:
total 1
-rw-r--r--  1 root  wheel   451B 14 Jan  2021 alpha.pkgbase.live.pub
-rw-r--r--  1 root  wheel   112B 13 Aug 22:40 pkg.freebsd.org.2013102301
% cat /usr/share/keys/pkg/trusted/alpha.pkgbase.live.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+EUrsACRuVAdJPt1TCm
lVcG52td5aREstDDxAtWlLJFL8HtNwtbMpNQnJDz7fzlFsw5B7LisQi1ciX6hB/u
Svx2szVyijpm6EGClK3SDvLv56DEkPjankFCziY9VLTIR+kRLcczwNhJh4QPOLjb
KMuIjU0QKzuJI2lOjuBq6JBSJe42/7nbVK9Yih06BS5MpkXTV6JkQU8AAO+89E0R
zd49b8wZy4JAVxAongJAtwBTSIwBP4d+TEzT5VVkSnE1jvT//3e9nsEcMlDcDlKH
/9OV3r0mMDE6cXpcR3V1v45IScY31/xw8nl/1HXP6F+ZSsUSai61JQcwZZPpg6j9
mQIDAQAB
-----END PUBLIC KEY-----
% cat /usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301
# $FreeBSD$

function: "sha256"
fingerprint: "b0170035af3acc5f3f3ae1859dc717101b4e6c1d0a794ad554928ca0cbb2f438"
%
Comment 5 Chuck Tuffli freebsd_committer freebsd_triage 2022-06-22 20:17:08 UTC
I'm seeing this as well running -current. Details of my pkg -vv are nearly the same and also reference alpha.pkgbase.live
Comment 6 Graham Perrin freebsd_committer freebsd_triage 2022-11-21 07:44:02 UTC
Does the incidental conversation at/around <https://github.com/freebsd/pkg/pull/2080#issuecomment-1273409582> help to progress things here? 

TIA
Comment 7 Mark Johnston freebsd_committer freebsd_triage 2022-11-21 13:58:40 UTC
(In reply to Graham Perrin from comment #6)
Based on the error message, this looks a bit different.  Though maybe libucl (the library raising this error) has changed since the bug was originally reported.
Comment 8 dfr 2023-05-12 11:36:28 UTC
I get the 'cannot parse fingerprints' message on systems where I installed the alpha.pkgbase.live public key which looks like this:

/usr/share/keys/pkg/trusted/alpha.pkgbase.live.pub:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+EUrsACRuVAdJPt1TCm
lVcG52td5aREstDDxAtWlLJFL8HtNwtbMpNQnJDz7fzlFsw5B7LisQi1ciX6hB/u
Svx2szVyijpm6EGClK3SDvLv56DEkPjankFCziY9VLTIR+kRLcczwNhJh4QPOLjb
KMuIjU0QKzuJI2lOjuBq6JBSJe42/7nbVK9Yih06BS5MpkXTV6JkQU8AAO+89E0R
zd49b8wZy4JAVxAongJAtwBTSIwBP4d+TEzT5VVkSnE1jvT//3e9nsEcMlDcDlKH
/9OV3r0mMDE6cXpcR3V1v45IScY31/xw8nl/1HXP6F+ZSsUSai61JQcwZZPpg6j9
mQIDAQAB
-----END PUBLIC KEY-----
Comment 9 Baptiste Daroussin freebsd_committer freebsd_triage 2023-05-12 12:05:55 UTC
this is not at all how fingerprints methode do work, as documented in pkg-repo we do not expect any public signatures in the trusted or revoked key directory but a ucl file which provides the following informations:

function: "sha256"
fingerprint: "b0170035af3acc5f3f3ae1859dc717101b4e6c1d0a794ad554928ca0cbb2f438"

hence the error message.
Comment 10 dfr 2023-05-12 12:13:40 UTC
I was just going with the install instructions from alpha.pkgbase.live (sadly not working any more). Apart from the error message, it did appear to work though.
Comment 11 dfr 2023-05-12 12:33:30 UTC
Ok, looking at this again, the alpha.pkgbase.live repo was using signature_type "pubkey" which explains why it worked with this key format

# FreeBSD base system repository
FreeBSD-base: {
  url: "https://alpha.pkgbase.live/stable/${ABI}/latest",
  signature_type: "pubkey",
  pubkey: "/usr/share/keys/pkg/trusted/alpha.pkgbase.live.pub",
  enabled: no
}
Comment 12 Mina Galić freebsd_triage 2023-07-12 11:02:17 UTC
does this mean that we simply have to move our pub key to a different directory and this error message will disappear?
Comment 13 dfr 2023-07-12 11:04:34 UTC
Moving the pub key to /usr/local/etc/ssl worked for me and stoped the fingerprint error message.
Comment 14 Byrd Franklin 2023-12-13 02:18:31 UTC
MARKED AS SPAM