OTA Updates are not working

Bug #1687639 reported by Dalton Durst
22
This bug affects 5 people
Affects Status Importance Assigned to Milestone
UBports Infrastructure
Fix Released
Critical
Marius Gripsgard 

Bug Description

While an issue between the CI server and our system image server has been fixed (so images are moving to the system-image-server correctly), OTA updates have not resumed on client devices.

Here is the relevant part of /var/log/system-image/client.log . The rest is attached.

[systemimage] May 02 09:09:39 2017 (3238) check_for_update failed
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/systemimage/api.py", line 111, in check_for_update
    self._state.run_until('download_files')
  File "/usr/lib/python3/dist-packages/systemimage/state.py", line 179, in run_until
    step()
  File "/usr/lib/python3/dist-packages/systemimage/state.py", line 298, in _get_channel
    ctx.validate(asc_path, channels_path)
  File "/usr/lib/python3/dist-packages/systemimage/gpg.py", line 221, in validate
    self.keyring_paths, self.blacklist_path)
systemimage.gpg.SignatureError:
    sig path : 86170a4d86146667cb1a43ea90346e18
               /tmp/system-image-l_ecf9st/channels.json.asc
    data path: 541c9497550ed6471a82d429030d8667
               /tmp/system-image-l_ecf9st/channels.json
    keyrings : ['42ca3e8c7ad611cbc2c021de1a96f44d']
               ['/var/lib/system-image/keyrings/image-signing.tar.xz']
    blacklist: no blacklist

Revision history for this message
Dalton Durst (universalsuperbox) wrote :
Changed in ubports-infra:
assignee: nobody → Marius Gripsgard  (mariogrip)
Revision history for this message
Marius Gripsgard  (mariogrip) wrote :

Steps to fix:

1. Add old image-signing key to the blacklist key
2. Backup old image-signing key
3. Create new image-signing key
4. Create new keyrings
5. Publish new keyrings
6. Update all files to use the new key (using re-sign-indexes.py)

Changed in ubports-infra:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.