OpenWrt Forum Archive

Topic: opkg signature verification

The content of this topic has been archived between 5 Apr 2018 and 22 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

abakan4222 wrote:

Hmm. Do you use external flash drive as root of openwrt system?

I don't, no. It's with an Onion Omega board: https://onion.io/

beth wrote:
abakan4222 wrote:

Hmm. Do you use external flash drive as root of openwrt system?

I don't, no. It's with an Onion Omega board: https://onion.io/

im also having the same issue with my new Onion Omega board?

the opkg update did work but suddenly stopped ?

root@Omega-1998:/etc/opkg# opkg update
Downloading http://downloads.openwrt.org/chaos_calm … ackages.gz
Updated list of available packages in /var/opkg-lists/chaos_calmer_base.
Downloading http://downloads.openwrt.org/chaos_calm … ckages.sig
Signature check passed.
Downloading http://downloads.openwrt.org/chaos_calm … ackages.gz
Updated list of available packages in /var/opkg-lists/chaos_calmer_packages.
Downloading http://downloads.openwrt.org/chaos_calm … ckages.sig
Signature check failed.
Remove wrong Signature file.

(Last edited by si458 on 13 Nov 2015, 15:28)

si458 wrote:

the opkg update did work but suddenly stopped ?

root@Omega-1998:/etc/opkg# opkg update
...
Signature check passed.
Downloading http://downloads.openwrt.org/chaos_calm … ackages.gz
Updated list of available packages in /var/opkg-lists/chaos_calmer_packages.
Downloading http://downloads.openwrt.org/chaos_calm … ckages.sig
Signature check failed.
Remove wrong Signature file.

That looks like a new issue.
Some of the packages in the CC15.05 "packages" feeds have been re-compiled (at least unzip: https://lists.openwrt.org/pipermail/ope … 37163.html ) and the package list has then been signed with the wrong key for that one repo.

See the difference between:
https://downloads.openwrt.org/chaos_cal … ckages.sig
https://downloads.openwrt.org/chaos_cal … ckages.sig

Hopefully developers will correct that and re-sign the list with the correct key. While waiting for that, you might try using the "--force-signature" override from the command line.

opkg update --force-signature

That should enable you to update the packages lists.

(Last edited by hnyman on 13 Nov 2015, 15:48)

wonderful the --force-signature worked however i cant install any packages still

root@Omega-1998:/# opkg install php5
Installing php5 (5.6.8-1) to root...
Downloading http://downloads.openwrt.org/chaos_calm … r71xx.ipk.
Collected errors:
* opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/chaos_calmer_packages.
* opkg_install_cmd: Cannot install package php5.

(Last edited by si458 on 13 Nov 2015, 16:00)

si458 wrote:

wonderful the --force-signature worked however i cant install any packages still

Use --force-signature again. Opkg complains, but installs the package. See below:

root@OpenWrt2:~# opkg install joe
Installing joe (3.7-3) to root...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/joe_3.7-3_ar71xx.ipk.
Failed to decode public key
Collected errors:
 * opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/chaos_calmer_packages.
 * opkg_install_cmd: Cannot install package joe.

root@OpenWrt2:~# opkg install --force-signature joe
Installing joe (3.7-3) to root...
Downloading http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages/packages/joe_3.7-3_ar71xx.ipk.
Failed to decode public key
Configuring joe.
Collected errors:
 * opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/chaos_calmer_packages.

root@OpenWrt2:~# joe
Processing '/etc/joe/joerc'...done
...

So, this works:

 opkg install --force-signature <PACKAGE>

(Last edited by hnyman on 13 Nov 2015, 16:06)

the force-signature works with the joe package and works with php5 too

(Last edited by si458 on 13 Nov 2015, 16:11)

This issue has been fixed by Omega now. None of the suggestions worked for me but I'm very grateful for all the help.

still showing fail sad 

root@Omega-1998:/etc/opkg/keys# date
Mon Nov 16 20:42:10 GMT 2015
root@Omega-1998:/etc/opkg/keys# opkg update
Downloading http://downloads.openwrt.org/chaos_calm … ckages.gz.
Updated list of available packages in /var/opkg-lists/chaos_calmer_base.
Downloading http://downloads.openwrt.org/chaos_calm … kages.sig.
Signature check passed.
Downloading http://downloads.openwrt.org/chaos_calm … ckages.gz.
Updated list of available packages in /var/opkg-lists/chaos_calmer_packages.
Downloading http://downloads.openwrt.org/chaos_calm … kages.sig.
Signature check failed.
Remove wrong Signature file.
root@Omega-1998:/etc/opkg/keys# date
Mon Nov 16 20:42:39 GMT 2015

I was getting this error. Turns out I didn't have DNS set up. Make sure you can resolve downloads.openwrt.org!

got similar error triing install ipsec-tools to cifs-mounted opkg destination

root@k16:~# mount
/dev/root on /rom type squashfs (ro,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,noatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,noatime)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noatime)
/dev/mtdblock3 on /overlay type jffs2 (rw,noatime)
overlayfs:/overlay on / type overlay (rw,noatime,lowerdir=/,upperdir=/overlay/upper,workdir=/overlay/work)
tmpfs on /dev type tmpfs (rw,nosuid,relatime,size=512k,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,mode=600)
debugfs on /sys/kernel/debug type debugfs (rw,noatime)
//domik/opkg_root on /opkg_root type cifs (rw,relatime,vers=1.0,cache=strict,domain=DOMIK,uid=0,noforceuid,gid=0,noforcegid,addr=10.58.16.102,unix,posixpaths,serverino,mapposix,acl,rsize=1048576,wsize=65536,actimeo=1)
root@k16:~# opkg install ipsec-tools --dest cifs
Installing ipsec-tools (0.8.2-4) to cifs...
Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/packages/ipsec-tools_0.8.2-4_ar71xx.ipk.
Installing libopenssl (1.0.2h-1) to cifs...
Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/generic/packages/base/libopenssl_1.0.2h-1_ar71xx.ipk.
Collected errors:
 * opkg_install_pkg: Failed to verify the signature of /var/opkg-lists/designated_driver_base.
 * opkg_install_cmd: Cannot install package ipsec-tools.
root@k16:~# 

--force-signature helped me

The discussion might have continued from here.