smpatch PatchPro failed: ERROR: Failed to validate the digital signature
Hello,
I 'm trying to update solaris 9 (5.9 Generic_118558-03 sun4u sparc) using smpatch.
I get the following error from all - to be installed - patches!!
Downloading the required patches for machine "xxx". Please wait...
Error: PatchPro failed: ERROR: Failed to validate the digital signature(s).
/var/sadm/spool/112941-10.jar.tmp cannot be validated.
I have read that you need to install patchid 112945-44 so i have installed it with no solution.
I have cleared the /var/tmp/patches/ directory:
# rm /var/tmp/patches/*.jar.tmp
# rm /var/sadm/spool/*.jar
I would be grateful if you reply me with any help.
Thanks,
[688 byte] By [
sapilaa] at [2007-11-27 7:31:02]
# 1
Patch 112945-45 is now available, try applying this patch to see if it makes any difference. If not, can you post the exact commands that you are using to download and apply the patches.
Are there any other systems showing the same problem? Is this system connected to a local patch server? What version of Java is installed? Did you also clear the cache directory?
# rm /var/sadm/spool/cache/
# 2
None of our solaris 9 or 10 systems (+20 systems) has the same behavior. The problematic system is not connected to a local patch server.
Also I have just cleared cache directory
java -version
java version "1.4.0_00"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.0_00-b05)
Java HotSpot(TM) Client VM (build 1.4.0_00-b05, mixed mode)
# smpatch download -i 112945-45
Requested patches:
112945-45
Downloading the requested patches
Error: PatchPro failed: ERROR: Failed to validate the digital signature(s).
/var/sadm/spool/112945-45.jar.tmp cannot be validated.
The following patches were not downloaded. Contact your Sun Microsystems support provider for more information.
112945-45
# showrev -p |grep 112945
Patch: 112945-44 Obsoletes: 113829-04, 114724-01 Requires: Incompatibles: Packages: SUNWmccom, SUNWmcc, SUNWwbapi, SUNWwbcor, SUNWwbcou, SUNWwbmc, SUNWwbpro, SUNWmga, SUNWdclnt, SUNWlvma, SUNWwbdev
Patch: 112945-19 Obsoletes: 113829-04, 114724-01 Requires: Incompatibles: Packages: SUNWwbapi, SUNWmga, SUNWdclnt, SUNWlvma
Patch: 112945-27 Obsoletes: 113829-04, 114724-01 Requires: Incompatibles: Packages: SUNWwbapi, SUNWwbcor, SUNWwbcou, SUNWwbpro, SUNWmga, SUNWdclnt, SUNWlvma, SUNWwbdev
Patch: 112945-31 Obsoletes: 113829-04, 114724-01 Requires: Incompatibles: 117679-01 Packages: SUNWwbapi, SUNWwbcor, SUNWwbcou, SUNWwbpro, SUNWmga, SUNWdclnt, SUNWlvma, SUNWwbdev
Any ideas?
Thanks,
# 3
I thought this solution:
To download signed patch 112945-45 and:
# mv 112945-45.jar /var/sadm/spool/
# smpatch add -i 112945-45
On machine ""xxx"...
Installing patch 112945-45 ...
Error: PatchPro failed: Received a Manipulable event.
Error: PatchPro failed: Received a Manipulable event.
Error: PatchPro failed: ALERT: Failed to install a patch. 112945-45
/var/sadm/spool/patchpro_dnld_2007.06.14@12:22:38:EEST.txt has been moved to /var/sadm/spool/patchproSequester/patchpro_dnld_2007.06.14@12:22:38:EEST.txt
Problem Summary:
Inside /var/log/messages :
Jun 14 12:44:05 polymnia root: [ID 702911 user.error] Thu Jun 14 12:44:05 EEST 2007(ERROR) => Thread[Thread-18,5,main] <=Problem installing patches: Received a Manipulable event.
Jun 14 12:44:05 polymnia root: [ID 702911 user.alert] Thu Jun 14 12:44:05 EEST 2007(ALERT) => com.sun.patchpro.manipulators.SunOSSunPatchInstaller@73a5d3 <=112945-45 validation failed.
Jun 14 12:44:05 polymnia root: [ID 702911 user.crit] Thu Jun 14 12:44:05 EEST 2007(CRITICAL) => com.sun.patchpro.manipulators.SunOSSunPatchInstaller@73a5d3 <=com.sun.patchpro.security.SignatureValidationException: ERROR: Failed to validate the digital signature(s) for:
Jun 14 12:44:05 polymniaat com.sun.patchpro.manipulators.Installer.extractPatch(Installer.java:314)
Jun 14 12:44:05 polymniaat com.sun.patchpro.manipulators.SunOSSunPatchInstaller.install(SunOSSunPatchInsta ller.java:46)
Jun 14 12:44:05 polymniaat com.sun.patchpro.manipulators.Installer.run(Installer.java:134)
Jun 14 12:44:05 polymniaat java.lang.Thread.run(Thread.java:536)
Jun 14 12:44:06 polymnia root: [ID 702911 user.error] Thu Jun 14 12:44:05 EEST 2007(ERROR) => Thread[Thread-18,5,main] <=Problem installing patches: Received a Manipulable event.
Jun 14 12:44:06 polymnia root: [ID 702911 user.alert] Thu Jun 14 12:44:06 EEST 2007(ALERT) => com.sun.patchpro.util.PatchBundleInstaller@9360e7 <=Failed to install a patch. 112945-45
Jun 14 12:44:06 polymnia patchadd utility failed. Reason code :0
Jun 14 12:44:06 polymnia root: [ID 702911 user.error] Thu Jun 14 12:44:06 EEST 2007(ERROR) => Thread[Thread-18,5,main] <=Problem installing patches: ALERT: Failed to install a patch. 112945-45
Also i have just seen that messages complains for the digital cert when i am tryring to download the patch using smpach
Jun 14 12:49:20 polymnia root: [ID 702911 user.error] Thu Jun 14 12:49:20 EEST 2007(ERROR) => com.sun.patchpro.server.ServerPatchServiceProvider@92425a <=com.sun.patchpro.security.NotSignedByKnownCertificateException: 112945-45/prepatch CN=Enterprise Services Patch Management, O=Sun Microsystems Inc
Jun 14 12:49:20 polymniaat com.sun.patchpro.security.SignatureValidationUtil.validateJarFile(SignatureVali dationUtil.java:232)
Jun 14 12:49:20 polymniaat com.sun.patchpro.server.ServerPatchServiceProvider.validatePatchBundle(ServerPa tchServiceProvider.java:1837)
Jun 14 12:49:20 polymniaat com.sun.patchpro.server.ServerPatchServiceProvider.requestDownload(ServerPatchS erviceProvider.java:1437)
Jun 14 12:49:20 polymniaat com.sun.patchpro.server.ServerPatchServiceProvider.performDownloadPatches(Serve rPatchServiceProvider.java:739)
Jun 14 12:49:20 polymniaat com.sun.patchpro.server.ServerPatchServiceProvider.downloadPatches(ServerPatchS erviceProvider.java:585)
Jun 14 12:49:20 polymniaat com.sun.patchpro.server.PatchServerProxy.downloadPatches(PatchServerProxy.java: 130)
Jun 14 12:49:20 polymniaat com.sun.patchpro.server.GroupPatchDownloader.downloadPatches(GroupPatchDownload
Jun 14 12:49:20 polymnia root: [ID 702911 user.error] Thu Jun 14 12:49:20 EEST 2007(ERROR) => com.sun.patchpro.server.ServerPatchServiceProvider@92425a <=Failed to validate the digital signature(s). for: /var/sadm/spool/112945-45.jar.tmp: 112945-45/prepatch CN=Enterprise Services Patch Management, O=Sun Microsystems Inc
Jun 14 12:49:20 polymnia root: [ID 702911 user.error] Thu Jun 14 12:49:20 EEST 2007(ERROR) => Thread[Thread-18,5,main] <=Error: downloading patches.ERROR: Failed to validate the digital signature(s).
The following patches were not downloaded. Contact your Sun Microsystems support provider for more information.
112945-45
Message was edited by:
sapila
# 4
I have followed these instructions:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102639-1
wget http://www.sun.com/pki/certs/ca/VTN_Class2_PPCA.der
mv VTN_Class2_PPCA.der root.crt
pkgadm addcert -t -f der /tmp/root.crt
Keystore Alias: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
Certificate Type: Trusted Certificate
Issuer Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
Validity Dates: <May 18 00:00:00 1998 GMT> - <Aug 1 23:59:59 2028 GMT>
MD5 Fingerprint: 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
SHA1 Fingerprint: B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
Are you sure you want to trust this certificate? yes
Trusting certificate </C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O>
Certificate(s) from </tmp/root.crt> are now trusted
# smpatch download -i 112945-45
Requested patches:
112945-45
Downloading the requested patches
Error: PatchPro failed: ERROR: Failed to validate the digital signature(s).
/var/sadm/spool/112945-45.jar.tmp cannot be validated.
No solution yet... :(
# 5
Patch 112945-43 or newer along with the pkgadm addcert command should have updated the certificates for Solaris 9 to allow these newer patches to be installed. Could you also try restarting the WBEM service and retest?$ /etc/init.d/init.wbem stop$ /etc/init.d/init.wbem start
