macports 2.5.0 failed verification on 10.13.5

[kickingvegas (Charles Choi)]

Trying to do selfupdate and upgrade outdated and getting this message when running with debug flag

DEBUG: failed verification with key /opt/local/share/macports/macports-pubkey.pem

Unable to install or upgrade packages because of this.

[ryandesign (Ryan Carsten Schmidt)]

I haven't heard any other reports of this problem, which makes me think it is specific to your system. Does the problem persist if you try again?

If you can't get selfupdate to work, you can always update to MacPorts 2.5.0 by using the downloadable installer on our web site.

[kickingvegas (Charles Choi)]

Thanks for the quick response!

I tried uninstalling and reinstalling macports from the pkg installer; still same failed verification message.

This is on a MacBook Pro Mid 2015 model.

[ryandesign (Ryan Carsten Schmidt)]

The pkg installer should have succeeded. Yes, it will run selfupdate when it is finished, but if that selfupdate fails due the same problem you reported in this ticket, MacPorts 2.5.0 will still have been successfully installed by the installer. You can verify that by running port version.

[kickingvegas (Charles Choi)]

To clarify, installation of port was successful.

cchoi@tiledev3:~> port -v
MacPorts 2.5.0
Entering shell mode... ("help" for help, "quit" to quit)

But running port selfupdate yields the following:

cchoi@tiledev3:~> sudo port selfupdate
Password:
--->  Updating MacPorts base sources using rsync
MacPorts base version 2.5.0 installed,
MacPorts base version 2.5.0 downloaded.
--->  Updating the ports tree
Error: Synchronization of the local ports tree failed doing rsync
cchoi@tiledev3:~> 

Running port -d selfupdate

cchoi@tiledev3:~> sudo port -d selfupdate
DEBUG: Copying /Users/cchoi/Library/Preferences/com.apple.dt.Xcode.plist to /opt/local/var/macports/home/Library/Preferences
DEBUG: MacPorts sources location: /opt/local/var/macports/sources/rsync.macports.org/macports/release/tarballs
--->  Updating MacPorts base sources using rsync
DEBUG: system: /usr/bin/rsync -rtzvl --delete-after rsync://rsync.macports.org/macports/release/tarballs/base.tar /opt/local/var/macports/sources/rsync.macports.org/macports/release/tarballs

Willkommen auf dem RSYNC-server auf ftp.fau.de.
Nicht all unsere Mirror sind per rsync verfuegbar.

Welcome to the RSYNC daemon on ftp.fau.de.
Not all of our mirrors are available through rsync.


receiving file list ... done

sent 16 bytes  received 55 bytes  28.40 bytes/sec
total size is 85604352  speedup is 1205695.10
DEBUG: system: /usr/bin/rsync -rtzvl --delete-after rsync://rsync.macports.org/macports/release/tarballs/base.tar.rmd160 /opt/local/var/macports/sources/rsync.macports.org/macports/release/tarballs

Willkommen auf dem RSYNC-server auf ftp.fau.de.
Nicht all unsere Mirror sind per rsync verfuegbar.

Welcome to the RSYNC daemon on ftp.fau.de.
Not all of our mirrors are available through rsync.


receiving file list ... done

sent 16 bytes  received 62 bytes  52.00 bytes/sec
total size is 512  speedup is 6.56
DEBUG: successful verification with key /opt/local/share/macports/macports-pubkey.pem
DEBUG: system: /usr/bin/tar -C /opt/local/var/macports/sources/rsync.macports.org/macports/release/tarballs/tmp -xf /opt/local/var/macports/sources/rsync.macports.org/macports/release/tarballs/base.tar
MacPorts base version 2.5.0 installed,
DEBUG: Rebuilding and reinstalling MacPorts if needed
MacPorts base version 2.5.0 downloaded.
--->  Updating the ports tree
Synchronizing local ports tree from rsync://rsync.macports.org/macports/release/tarballs/ports.tar
DEBUG: system: /usr/bin/rsync -rtzvl --delete-after --include=/ports.tar --include=/ports.tar.rmd160 --exclude=* rsync://rsync.macports.org/macports/release/tarballs/ /opt/local/var/macports/sources/rsync.macports.org/macports/release/tarballs

Willkommen auf dem RSYNC-server auf ftp.fau.de.
Nicht all unsere Mirror sind per rsync verfuegbar.

Welcome to the RSYNC daemon on ftp.fau.de.
Not all of our mirrors are available through rsync.


receiving file list ... done
./

sent 68 bytes  received 99 bytes  66.80 bytes/sec
total size is 63914496  speedup is 382721.53
DEBUG: failed verification with key /opt/local/share/macports/macports-pubkey.pem
DEBUG: openssl output: /opt/local/var/macports/sources/rsync.macports.org/macports/release/tarballs/ports.tar: Permission denied
Error: Failed to verify signature for ports tree!
cchoi@tiledev3:~> 

[jmroot (Joshua Root)]

DEBUG: openssl output: /opt/local/var/macports/sources/rsync.macports.org/macports/release/tarballs/ports.tar: Permission denied

Permission denied when running as root is strange. Does that file exist? What are the permissions on it? Any extended attributes such as ACLs?

[kickingvegas (Charles Choi)]

Permissions on ports.tar

cchoi@tiledev3:/opt/local/var/macports/sources/rsync.macports.org/macports/release/tarballs> ls -l 
total 314680
-rw-r--r--   1 root        wheel    11581609 Jun  3 13:55 PortIndex
-rw-r--r--   1 root        wheel         512 Jun  3 14:05 PortIndex.rmd160
drwxr-xr-x  29 messagebus  polkitd       928 May 28 12:31 base/
-rw-r--r--   1 root        wheel    85604352 May 28 12:48 base.tar
-rw-r--r--   1 root        wheel         512 May 28 12:48 base.tar.rmd160
drwxr-xr-x  61 root        polkitd      1952 Jun  3 17:00 ports/
-rw-r--r--   1 root        wheel    63913984 Jun  3 20:18 ports.tar
-rw-r--r--   1 root        wheel         512 Jun  3 20:19 ports.tar.rmd160

No extended attributes on ports.tar

cchoi@tiledev3:/opt/local/var/macports/sources/rsync.macports.org/macports/release/tarballs> sudo xattr -l ports.tar
cchoi@tiledev3:/opt/local/var/macports/sources/rsync.macports.org/macports/release/tarballs> 

[kickingvegas (Charles Choi)]

Speculation: Is the private key on ftp.fau.de in sync with /opt/local/share/macports/macports-pubkey.pem?

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2bUqZgZmQNtkInIcery
c/DQIbGdKgrdJ2+x45jOCITEf7QubgNmJAtw4OSNt30EXWGOrJXGD5Vb81o4ycEr
f+bdTgCAG9fOipMxxDhT8AbSkAzYx9vGIcEwQP6VX5QhPlFxJJweeefEINNHkrm5
KdmGpGxwe5AtTzxJiabWmJookKuoPxdy+5Am/EaCOIU6+HyM8i163L+DYDT+MF+e
LFUVtpoZ4xVzvHhLMDwIsZWdpBrJcj9MVv3TOL0PQDAjyo/Gp2TWWRbiMaQ8vkfO
NVSDAfvtOUlTBFcdt0oeLYL0F5Yj8wt5HYdL9GE6u+JOl+ee/dEUUhcmoFew9x9W
YznHujitbmbQVPV1IYi4qIE4MyZPlmPmSyVg1bnt9UIgSTccqwUV6VzxF2fpwjvP
tTo/sNLdtI3S/mprvzxTgv/gaB//1JAHXDKgUAtsgUyb6+RREjF2mFnAJb99H7sN
5E89dIbI9v9CW5gJr0BoPYiDIZ1+HTUhW3+FCw+eNvPET+p8H5b9E+VXG/ctjac2
7Lkexo4TOVJCN0p9kTdgCNzHrsJpyMkvsP8sR1SVvv94uC1X7sspIgFNcf/+YQ9t
hzq+5L7GZgAyYy06xi+DYL4xR4oAOkirp/va1Yu4PaYGqly/Fbuw8ibJH1lmnu0G
u3jRn1M2GBkVDNlb9oUHiecCAwEAAQ==
-----END PUBLIC KEY-----

[kickingvegas (Charles Choi)]

Just updated to 2.5.1; still see issue with macport-pubkey.pem failing verification

:msg:archivefetch --->  Fetching archive for texlive-pictures
:debug:archivefetch Executing org.macports.archivefetch (texlive-pictures)
:debug:archivefetch euid/egid changed to: 0/0
:debug:archivefetch chowned /opt/local/var/macports/incoming to macports
:debug:archivefetch euid/egid changed to: 502/501
:info:archivefetch --->  texlive-pictures-44395_0+doc.darwin_17.noarch.tbz2 doesn't seem to exist in /opt/local/var/macports/incoming/verified
:msg:archivefetch --->  Attempting to fetch texlive-pictures-44395_0+doc.darwin_17.noarch.tbz2 from https://packages.macports.org/texlive-pictures
:msg:archivefetch --->  Attempting to fetch texlive-pictures-44395_0+doc.darwin_17.noarch.tbz2.rmd160 from https://packages.macports.org/texlive-pictures
:debug:archivefetch failed verification with key /opt/local/share/macports/macports-pubkey.pem
:debug:archivefetch openssl output: /opt/local/var/macports/incoming/texlive-pictures-44395_0+doc.darwin_17.noarch.tbz2.TMP: Permission denied
:warn:archivefetch Failed to verify signature for archive!
:error:archivefetch Failed to archivefetch texlive-pictures: version @44395_0+doc
:debug:archivefetch Error code: NONE
:debug:archivefetch Backtrace: version @44395_0+doc
:debug:archivefetch     while executing
:debug:archivefetch "error "version @[option version]_[option revision][option portvariants]""
:debug:archivefetch     (procedure "portarchivefetch::fetchfiles" line 144)
:debug:archivefetch     invoked from within
:debug:archivefetch "portarchivefetch::fetchfiles"
:debug:archivefetch     (procedure "portarchivefetch::archivefetch_main" line 5)
:debug:archivefetch     invoked from within
:debug:archivefetch "$procedure $targetname"
:error:archivefetch See /opt/local/var/macports/logs/_opt_local_var_macports_sources_rsync.macports.org_macports_release_tarballs_ports_tex_texlive-pictures/texlive-pictures/main.log for details.

[ryandesign (Ryan Carsten Schmidt)]

The problem you're reporting is not exactly the same as #50867 but is similar. Can you check whether the permissions of your /private/tmp directory are correct?

[kickingvegas (Charles Choi)]

Figured it out. Apparently anti-virus software (Trend Micro) is trying to inspect/foul up rsync. Disabling Trend Micro makes the above observation disappear.

Thanks ryandesign and jmroot for input!

[ryandesign (Ryan Carsten Schmidt)]

I don't think it's entirely rsync-related, since your problem report from comment:9 involves verification of a file downloaded via https and does not involve rsync traffic. But I'm glad you found the culprit. Antivirus software can indeed be intrusive and cause problems.