signature validation failure from 14 host -> 13 jail - prevents installing packages via install rootdir & chroot

dch commented 1 year ago

task

use pkg from host 14.0-RC4 to install packages into a 13.2-RELEASE jail
uses a custom pkg repo, built via poudriere, providing 14.0-RC4 and 13.2-RELEASE packages

reproduction

# cd /jails/132_jail
# chroot  . uname -a
FreeBSD i07 14.0-RC4 FreeBSD 14.0-RC4 #0 releng/14.0-n265374-d59533eaf942: Fri Nov  3 05:51:43 UTC 2023     root@releng1.nyi.freebsd.org:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64

# chroot  . freebsd-version -ru
14.0-RC4
13.2-RELEASE

# chroot . /usr/sbin/pkg bootstrap -fy
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:13:amd64/quarterly, please wait...
Verifying signature with trusted certificate pkg.freebsd.org.2013102301... done
Installing pkg-1.20.8...
package pkg is already installed, forced install
Extracting pkg-1.20.8: 100%

# /usr/local/sbin/pkg --rootdir . install -r pkg -y devel/gitty
pkg: Warning: Major OS version upgrade detected.  Running "pkg bootstrap -f" recommended
Updating pkg repository catalogue...
Fetching meta.conf: 100%    163 B   0.2kB/s    00:01
Fetching packagesite.pkg: 100%  244 KiB 249.7kB/s    00:01
pkg: -----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArqg9cJiGgsHazfSRWKxe
vgtAScq+Ndj7LTBspNV1CIPpu4ZBFa4pOdsKOAoZCo8fHA2dvP7GK47rZj6j622R
/G9bJt6EIv/hkROL7DcNDymM/ncbTGXjm+Dyag+lBgj8egC8NKBl54EIwWSKSBlN
s+TdXZ76zw/VbXVeQLkCOvXda2XuHi24AkdiQ36ZDG7w9rTnkINN3R6btAV30QZ1
Xr0adTplG59ok8fedN0v/E1RN2m6KNvW1DZ9AbmuaZ81VDWJafu7O1kvBgGnHdtO
Lp7iyYe3xiL9ROKMZTbuPUHHhcXflkPElQwFr0IrQ4BibjGDVxod2TSvpWUDJd3Q
KTSonwhhwskj2dMnJuo64ijgpbnry2jazzivz6oOGBO32Vhbg8saS3biaijwQzVx
ojPiH/lSdIrFnMEoAZJ06F4gKIYqZ28ff6BEZ9QoFyxg2sYUoPT+MOym4RLiE03l
3Un3RFHQzAnIWJHlNf3vKU9JFNEDFtEPh47rJ3B8gDPjdgwSWIiwGDV+Cdu79oqP
wdrmWGPpje3ylJJrpSck0GIDfIQZJvRSST9A+VC5xCCt2B2h318PftpVUNUerxT6
OTrB14sRZxrRcXK4WDStFJQryEDj2iEVFQJWyPjNFtcaQNClYsoq3+kjZLHa6bPv
xD8BWNa9kvXfux/3tO6cn7ECAwEAAQ==
-----END PUBLIC KEY-----
: rsa signature verification failure
pkg: Invalid signature, removing repository.
Unable to update repository pkg
Error updating repositories!

Is there a way around this, that doesn't require duplicating pkg repo configs from host into jail?

# /usr/local/sbin/pkg --chroot .  install -r pkg -y devel/gitty
pkg: Warning: Major OS version upgrade detected.  Running "pkg bootstrap -f" recommended
No repositories are enabled.

bdrewery commented 9 months ago

I am running into similar with pkg 1.20.9. 14.0 host, <14 jails. Happens with pkg -j for me.

bdrewery commented 9 months ago

https://github.com/freebsd/pkg/issues/2169

bapt commented 4 months ago

duplicate of #2169

freebsd / pkg

signature validation failure from 14 host -> 13 jail - prevents installing packages via install rootdir & chroot #2198

task

reproduction