For example, from <https://codeberg.org/pkgbase/website/issues/3#issuecomment-183652>: root@mowa219-gjp4-8570p:~ # pkg update Updating FreeBSD repository catalogue... Fetching packagesite.txz: 100% 6 MiB 6.4MB/s 00:01 pkg: cannot parse fingerprints: error while parsing <unknown>: line: 1, column: 0 - 'key must begin with a letter', character: '-' Processing entries: 100% Fetching provides database: 100% 14 MiB 7.3MB/s 00:02 Extracting database....success FreeBSD repository update completed. 30278 packages processed. Updating FreeBSD-base repository catalogue... FreeBSD-base repository is up to date. Updating poudriere repository catalogue... poudriere repository is up to date. All repositories are up to date. root@mowa219-gjp4-8570p:~ # ---- % ls -hlrt /usr/local/etc/pkg/repos/ total 1 -rw-r--r-- 1 root wheel 30B 1 Feb 2019 FreeBSD.conf -rw-r--r-- 1 root wheel 138B 12 Jan 14:25 poudriere.conf -rw-r--r-- 1 root wheel 208B 7 Mar 01:41 base.conf -rw------- 1 root wheel 11M 7 Mar 10:00 bectl.core % cat /usr/local/etc/pkg/repos/FreeBSD.conf FreeBSD: { priority: 3, } % cat /usr/local/etc/pkg/repos/poudriere.conf poudriere: { url: "file:///usr/local/poudriere/data/packages/main-default", enabled: yes, priority: 4, CONSERVATIVE_UPGRADE: false, } % cat /usr/local/etc/pkg/repos/base.conf # FreeBSD pkgbase repo FreeBSD-base: { url: "https://alpha.pkgbase.live/current/${ABI}/latest", signature_type: "pubkey", pubkey: "/usr/share/keys/pkg/trusted/alpha.pkgbase.live.pub", enabled: yes } % cat /etc/pkg/FreeBSD.conf # $FreeBSD$ # # To disable this repository, instead of modifying or removing this file, # create a /usr/local/etc/pkg/repos/FreeBSD.conf file: # # mkdir -p /usr/local/etc/pkg/repos # echo "FreeBSD: { enabled: no }" > /usr/local/etc/pkg/repos/FreeBSD.conf # FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", mirror_type: "srv", signature_type: "fingerprints", fingerprints: "/usr/share/keys/pkg", enabled: yes } %
is this still happening, if yes can you show me the output of pkg -vv
Created attachment 227313 [details] Output from pkg -vv (In reply to Baptiste Daroussin from comment #1) Yes …
can you show me the output of ls /usr/share/keys/pkg
% ls -hlR /usr/share/keys/pkg total 1 drwxr-xr-x 2 root wheel 2B 13 Dec 2018 revoked drwxr-xr-x 2 root wheel 4B 13 Aug 22:40 trusted /usr/share/keys/pkg/revoked: total 0 /usr/share/keys/pkg/trusted: total 1 -rw-r--r-- 1 root wheel 451B 14 Jan 2021 alpha.pkgbase.live.pub -rw-r--r-- 1 root wheel 112B 13 Aug 22:40 pkg.freebsd.org.2013102301 % cat /usr/share/keys/pkg/trusted/alpha.pkgbase.live.pub -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+EUrsACRuVAdJPt1TCm lVcG52td5aREstDDxAtWlLJFL8HtNwtbMpNQnJDz7fzlFsw5B7LisQi1ciX6hB/u Svx2szVyijpm6EGClK3SDvLv56DEkPjankFCziY9VLTIR+kRLcczwNhJh4QPOLjb KMuIjU0QKzuJI2lOjuBq6JBSJe42/7nbVK9Yih06BS5MpkXTV6JkQU8AAO+89E0R zd49b8wZy4JAVxAongJAtwBTSIwBP4d+TEzT5VVkSnE1jvT//3e9nsEcMlDcDlKH /9OV3r0mMDE6cXpcR3V1v45IScY31/xw8nl/1HXP6F+ZSsUSai61JQcwZZPpg6j9 mQIDAQAB -----END PUBLIC KEY----- % cat /usr/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 # $FreeBSD$ function: "sha256" fingerprint: "b0170035af3acc5f3f3ae1859dc717101b4e6c1d0a794ad554928ca0cbb2f438" %
I'm seeing this as well running -current. Details of my pkg -vv are nearly the same and also reference alpha.pkgbase.live
Does the incidental conversation at/around <https://github.com/freebsd/pkg/pull/2080#issuecomment-1273409582> help to progress things here? TIA
(In reply to Graham Perrin from comment #6) Based on the error message, this looks a bit different. Though maybe libucl (the library raising this error) has changed since the bug was originally reported.
I get the 'cannot parse fingerprints' message on systems where I installed the alpha.pkgbase.live public key which looks like this: /usr/share/keys/pkg/trusted/alpha.pkgbase.live.pub: -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1+EUrsACRuVAdJPt1TCm lVcG52td5aREstDDxAtWlLJFL8HtNwtbMpNQnJDz7fzlFsw5B7LisQi1ciX6hB/u Svx2szVyijpm6EGClK3SDvLv56DEkPjankFCziY9VLTIR+kRLcczwNhJh4QPOLjb KMuIjU0QKzuJI2lOjuBq6JBSJe42/7nbVK9Yih06BS5MpkXTV6JkQU8AAO+89E0R zd49b8wZy4JAVxAongJAtwBTSIwBP4d+TEzT5VVkSnE1jvT//3e9nsEcMlDcDlKH /9OV3r0mMDE6cXpcR3V1v45IScY31/xw8nl/1HXP6F+ZSsUSai61JQcwZZPpg6j9 mQIDAQAB -----END PUBLIC KEY-----
this is not at all how fingerprints methode do work, as documented in pkg-repo we do not expect any public signatures in the trusted or revoked key directory but a ucl file which provides the following informations: function: "sha256" fingerprint: "b0170035af3acc5f3f3ae1859dc717101b4e6c1d0a794ad554928ca0cbb2f438" hence the error message.
I was just going with the install instructions from alpha.pkgbase.live (sadly not working any more). Apart from the error message, it did appear to work though.
Ok, looking at this again, the alpha.pkgbase.live repo was using signature_type "pubkey" which explains why it worked with this key format # FreeBSD base system repository FreeBSD-base: { url: "https://alpha.pkgbase.live/stable/${ABI}/latest", signature_type: "pubkey", pubkey: "/usr/share/keys/pkg/trusted/alpha.pkgbase.live.pub", enabled: no }
does this mean that we simply have to move our pub key to a different directory and this error message will disappear?
Moving the pub key to /usr/local/etc/ssl worked for me and stoped the fingerprint error message.
MARKED AS SPAM