Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Failed: signature when validating ASN.1 encoded signature #1484

Closed
Malix-Labs opened this issue Jul 3, 2024 · 2 comments
Closed

Update Failed: signature when validating ASN.1 encoded signature #1484

Malix-Labs opened this issue Jul 3, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@Malix-Labs
Copy link

Malix-Labs commented Jul 3, 2024
edited
Loading

Describe the bug

malix@malix-pc /u/s/ublue-os> rpm-ostree update
note: automatic updates (stage) are enabled
Pulling manifest: ostree-image-signed:docker://ghcr.io/ublue-os/bluefin-dx-nvidia:stable
error: Creating importer: Failed to invoke skopeo proxy method OpenImage: remote error: cryptographic signature verification failed: invalid signature when validating ASN.1 encoded signature

What did you expect to happen?

Working Updates

Output of rpm-ostree status

malix@malix-pc /u/s/ublue-os [1]> rpm-ostree status
State: idle
AutomaticUpdates: stage; rpm-ostreed-automatic.service: last run failed
Deployments:
● ostree-image-signed:docker://ghcr.io/ublue-os/bluefin-dx-nvidia:stable
                   Digest: sha256:3a86261872d8d7d67c9b6cd494c57c186d9bc27626aeaa978a954babd70be2ed
                  Version: 40.20240702.0 (2024-07-02T05:58:47Z)
          LayeredPackages: google-chrome-stable

  ostree-image-signed:docker://ghcr.io/ublue-os/bluefin-dx-nvidia:latest
                   Digest: sha256:3d8bcf55e734ae743249eb7c0cf8c15494041bd7f97432d1d2ee9c9ee36d040c
                  Version: 40.20240630.0 (2024-06-30T18:52:33Z)
          LayeredPackages: google-chrome-stable

Output of groups

`malix wheel docker incus-admin lxd libvirt`

Extra information or context

  1. I used rpm-ostree rebase ...:stable after the recent 3.0.0 update
  2. I tried to repair the automatic update functioning (see Problem: ujust toggle-updates doesn't change AutomaticUpdatePolicy config#286)
@dosubot dosubot bot added the bug Something isn't working label Jul 3, 2024
@p5
Copy link
Member

p5 commented Jul 3, 2024

We made some mistakes yesterday which caused updates to break.
Please can you follow the instructions in this Discourse post to remediate the issues.

TL;DR
We lost access to our signing keys so had to rotate them.
Users need to run the following command or manually perform the actions in this script

$ curl -sL https://fix.universal-blue.org/ | sudo bash

Apologies for the inconvenience caused by this!

@p5 p5 pinned this issue Jul 3, 2024
@castrojo
Copy link
Member

castrojo commented Jul 7, 2024

https://universal-blue.discourse.group/t/important-announcement-regarding-system-updates-action-needed/2689

Placeholding this here. ^

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@castrojo @p5 @Malix-Labs