Hi, Short story: the latest package snapshost (i386) is signed with 55pkg.pub, but the @signer in +CONTENTS is 54pkg.
Long story: I upgraded to (near) latest base system (OpenBSD bert.local 5.5 GENERIC.MP#217 i386). And I tried to update my ports too, via packages. My mirror is ftp://mirror.esc7.net/pub/OpenBSD/snapshots/packages/i386/ It should be same state as ftp.openbsd.org (having same SHA256 in directory). # pkg_add -aui pub fp: UQW0HmnVm5k= sig fp: qMGXBLsGJhI= signify: verification failed: checked against wrong key system(/usr/bin/signify, -p, /etc/signify/54pkg.pub, -V, -m, /tmp/pkgcontent.8ERtOK64G) failed: exit(1) --- +quirks-1.106 ------------------- Bad signature Fatal error: quirks-1.106 is corrupted at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 659. To be sure about the error, I test the following: # /usr/bin/signify -p /etc/signify/54pkg.pub -V -m /tmp/pkgcontent.8ERtOK64G pub fp: UQW0HmnVm5k= sig fp: qMGXBLsGJhI= signify: verification failed: checked against wrong key OK, the key 54pkg is not the signer. # /usr/bin/signify -p /etc/signify/55pkg.pub -V -m /tmp/pkgcontent.8ERtOK64G # So no error with 55pkg.pub, so the 55pkg is the signer. But in the package, the registered signer is 54pkg. # head /tmp/pkgcontent.8ERtOK64G @comment $OpenBSD: PLIST,v 1.2 2011/07/14 09:53:58 espie Exp $ @name quirks-1.106 @signer 54pkg @digital-signature signify:2014-01-14T21:43:38Z @option always-update @comment pkgpath=devel/quirks cdrom=yes ftp=yes @arch * +DESC @sha ZcShuBxD9cPsWmJce9rnoKKlC4qYQve7PwElfX/uk8Q= @size 348 Thanks. -- Sébastien Marie
