So I’m hacking on master today, with snapd running from the tree and suddenly I noticed it spews those messages every few minutes:
2017/07/14 14:21:35.783883 snapmgr.go:418: Cannot prepare auto-refresh change: cannot add some assertions to the system database:
- failed signature verification: openpgp: invalid signature: hash tag doesn’t match
2017/07/14 14:21:35.783961 stateengine.go:98: state ensure error: cannot add some assertions to the system database:
- failed signature verification: openpgp: invalid signature: hash tag doesn’t match
Any ideas?
Clearly some of the assertions currently in your system are not being validated with the root keys from your compiled binary.
Can you please dig in further and verify why?
Potential causes:
- The key is missing
- The key is expired
- The signature is corrupted
I’m looking at this right now, what I know so far:
- my time and date is valid
- out of all the assertions on my system only ony has
since field and it says 2016-04-01T00:00:00.0Z
- out of all the assertions on my system none have timestamps from the future
- the error message comes from
golang.org/x/crypto/openpgp/packet/public_key.go
I patched my copy to print out the mismatching hashes:
- failed signature verification: openpgp: invalid signature: hash tag doesn't match "\xbfx^\xae\xd4\xe1ci\x94\x8cY-\xae\x13Yx{6\x91\xe4\"\"\n\x06\xfa\x87\x92\xc3D\xaa\xb5\xe0\xbc\xe9\xe7!\x8b\xbfz\x81\a\x9c\x8f\xbf<\x05\xed\"\x94\xbaO<\x801\xe3X>\xb4\xea\xf1\xb0Ղ\xe4" vs "\xd9~"
EDIT: ^ the 2nd string is the hash in the signature
I’ll keep digging.
I think this was the bug where we did double utf-8 encoding on the store. The issue is solved now.
