The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Signature Roll Back Failed

Discussion in 'General Discussion' started by keat63, May 9, 2016.

Tags:
  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Any ideas what these are. I found a number of these in my logs ??


    [2016-05-08 18:17:01 +0100] die [autorepair] Signature verification failed for URL 'http://httpupdate.cpanel.net/autofixer2/recoverymgmt'. Signature rollback detected. Please see cPanel & WHM Download Security - cPanel Knowledge Base - cPanel Documentation for further information about this error. at /usr/local/cpanel/Cpanel/HttpRequest.pm line 1321.
    Cpanel::HttpRequest::_die(Cpanel::HttpRequest=HASH(0x1386168), "Signature verification failed for URL 'http://httpupdate.cpan"...) called at /usr/local/cpanel/Cpanel/HttpRequest.pm line 1332
     
  2. ciao70

    ciao70 Member

    Joined:
    Nov 3, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Same problem

    11.56.0.14
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Signature verification ensures the files you download from cPanel are not compromised or corrupted. It's documented at:

    cPanel & WHM Download Security - cPanel Knowledge Base - cPanel Documentation

    Could you verify if you have any entries populated in the /etc/cpsources.conf file? If not, do you have any existing RPM processes running? You can check that with a command such as:

    Code:
    ps aux|grep rpm
    Thank you.
     
  4. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I have whm configured for manual updates. I see a few hours before these errors started that Cpanel tried to do an update with a message saying words along the lines 'update will not perform..same version'

    I cannot see a file in etc called cpsources.cnf.

    xxxxxx 959 0.0 0.0 103308 836 pts/0 S+ 08:16 0:00 grep rpm
     
  5. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Code:
    
    /usr/local/cpanel/scripts/updatenow (19024) at Sat May  7 02:00:04 2016
    [2016-05-07 02:00:04 +0100]   Detected version '11.54.0.21' from version file.
    [2016-05-07 02:00:04 +0100]   Running version '11.54.0.21' of updatenow.
    [2016-05-07 02:00:04 +0100]   cPanel & WHM updates are disabled via cron because they are set to “manual” in /etc/cpupdate.conf
    [2016-05-07 02:00:04 +0100]   No sync will occur.
    => Log closed Sat May  7 02:00:04 2016
    
    
    I've now initiated an manual update. I'll keep you posted.
     
  6. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Since upgrading to 11.56.0.14, i'm now also seeing a different error.

    Code:
    
    
    /usr/local/cpanel/logs/error_log:
    ==> cpsrvd 11.56.0.14 started
    ==> cpsrvd: loading security policy....Done
    ==> cpsrvd: Setting up native SSL support ... Done
    ==> cpsrvd: transferred port bindings
    ==> cpsrvd: bound to ports
    ==> cpsrvd 11.56.0.14 started
    ==> cpsrvd: loading security policy....Done
    ==> cpsrvd: Setting up native SSL support ... Done
    ==> cpsrvd: transferred port bindings
    ==> cpsrvd: bound to ports
    
    
    [B]PLUS[/B]
    
    [2016-05-10 12:15:13 +0100] die [autorepair] Signature verification failed for URL '[URL]http://httpupdate.cpanel.net/autofixer2/recoverymgmt[/URL]'. Signature rollback detected. Please see [URL]https://go.cpanel.net/sigerrors[/URL] for further information about this error. at /usr/local/cpanel/Cpanel/HttpRequest.pm line 1145.
            Cpanel::HttpRequest::_die(Cpanel::HttpRequest=HASH(0x22a4c80), "Signature verification failed for URL '[URL]http://httpupdate.cpan[/URL]"...) called at /usr/local/cpanel/Cpanel/HttpRequest.pm line 1155
            Cpanel::HttpRequest::_sigerror_die(Cpanel::HttpRequest=HASH(0x22a4c80), "Signature verification failed for URL '[URL]http://httpupdate.cpan[/URL]"...) called at /usr/local/cpanel/Cpanel/HttpRequest.pm line 338
            Cpanel::HttpRequest::request(Cpanel::HttpRequest=HASH(0x22a4c80), "host", "httpupdate.cpanel.net", "url", "/autofixer2/recoverymgmt", "protocol", 0, "signed", 1, ...) called at /usr/local/cpanel/scripts/autorepair line 26
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    This is a bug associated with the "UPDATES=manual" entry in the /etc/cpupdate.conf file. This is equivalent to setting "Daily Updates" to "Manual Updates Only" in "WHM >> Server Configuration >> Update Preferences". The issue was resolved in cPanel version 54.0.22, which is build newer than what you were using:

    Fixed case CPANEL-4439: Fixed terminal detection for manual /scripts/upcp runs.

    You can workaround the issue by forcing an update of cPanel with the following command:

    Code:
    /scripts/upcp --force
    This feature is documented at:

    cPanel & WHM Download Security - cPanel Knowledge Base - cPanel Documentation

    You mentioned that no /etc/cpsources.conf file exists on the system. Are you using any custom entries in /etc/hosts for httpupdate.cpanel.net?

    Thank you.
     
  8. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I'm not sure where I was looking this morning, as I found cpupdate.conf.

    CPANEL=release
    RPMUP=never
    SARULESUP=daily
    STAGING_DIR=/usr/local/cpanel
    UPDATES=manual


    You mention that signature verification thing is a feature.
    I've never seen this before Sunday evening when Cpanel tried to do an update.
    Since then I've seen a few.

    I prefer to run updates manually, however, even after running the update manually, I still see this message?
    I'm confused.
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    It's a feature, but it doesn't mean you should be getting that error message. You mentioned that no /etc/cpsources.conf file exists on the system. Are you using any custom entries in /etc/hosts for httpupdate.cpanel.net?

    Thank you.
     
  10. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    I'm not sure where I was looking when i was searching for cpupdate.conf, as I found it.

    CPANEL=release
    RPMUP=never
    SARULESUP=daily
    STAGING_DIR=/usr/local/cpanel
    UPDATES=manual

    However, as I mentioned, I have updates set for manual. On sunday evening the system tried to do an update.
    Code:
    /usr/local/cpanel/scripts/updatenow (19024) at Sat May  7 02:00:04 2016
    [2016-05-07 02:00:04 +0100]   Detected version '11.54.0.21' from version file.
    [2016-05-07 02:00:04 +0100]   Running version '11.54.0.21' of updatenow.
    [2016-05-07 02:00:04 +0100]   cPanel & WHM updates are disabled via cron because they are set to “manual” in /etc/cpupdate.conf
    [2016-05-07 02:00:04 +0100]   No sync will occur.
    => Log closed Sat May  7 02:00:04 2016
    
    at which point those errors started.

    I've since manually upgraded to 56.0.14, but still see these errors.

    Code:
    /usr/local/cpanel/logs/error_log:
    [2016-05-11 00:18:33 +0100] die [autorepair] Signature verification failed for URL 'http://httpupdate.cpanel.net/autofixer2/recoverymgmt'. Signature rollback detected. Please see https://go.cpanel.net/sigerrors for further information about this error. at /usr/local/cpanel/Cpanel/HttpRequest.pm line 1145.
            Cpanel::HttpRequest::_die(Cpanel::HttpRequest=HASH(0x24bac80), "Signature verification failed for URL 'http://httpupdate.cpan"...) called at /usr/local/cpanel/Cpanel/HttpRequest.pm line 1155
            Cpanel::HttpRequest::_sigerror_die(Cpanel::HttpRequest=HASH(0x24bac80), "Signature verification failed for URL 'http://httpupdate.cpan"...) called at /usr/local/cpanel/Cpanel/HttpRequest.pm line 338
            Cpanel::HttpRequest::request(Cpanel::HttpRequest=HASH(0x24bac80), "host", "httpupdate.cpanel.net", "url", "/autofixer2/recoverymgmt", "protocol", 0, "signed", 1, ...) called at /usr/local/cpanel/scripts/autorepair line 26
    
     
  11. cPTerrance

    cPTerrance *nix Technical Analyst II / Migrations Specialist
    Staff Member

    Joined:
    Jul 9, 2015
    Messages:
    72
    Likes Received:
    8
    Trophy Points:
    8
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    This was due to an issue, I have opened a Case this morning in an attempt to get this resolved, CPANEL-6110. Please update this post if you see this issue again.
     
  12. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    765
    Likes Received:
    20
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Thinking about it logically, is this an issue at CPanels server end.
    If my server never did an update, then nothing should have changed at my end.
    And maybe the error I'm seeing is related to an issue on the CPanel servers. ??

    Incidentally, I've not seen it now since yesterday afternoon, although this one below occurs occasionally.

    /usr/local/cpanel/logs/error_log:
    ==> cpsrvd 11.56.0.14 started
    ==> cpsrvd: loading security policy....Done
    ==> cpsrvd: Setting up native SSL support ... Done
    ==> cpsrvd: transferred port bindings
    ==> cpsrvd: bound to ports

    Edit: Just a thought, could these ↑↑↑, be being created when I log in to Cpanel/WHM at all, I think they only started since I applied the free SSL certificate ???
     
    #12 keat63, May 12, 2016
    Last edited: May 12, 2016
  13. cPTerrance

    cPTerrance *nix Technical Analyst II / Migrations Specialist
    Staff Member

    Joined:
    Jul 9, 2015
    Messages:
    72
    Likes Received:
    8
    Trophy Points:
    8
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    As mentioned previously, I put a Case in to get this fixed (CPANEL-6110), the actual error is caused by a autorepair cronjob (recoverymgmt) that runs every x hours. As of right now, we believe the Signature Issues are resolved but if you see the errors again, feel free to let us know!
     
  14. ciao70

    ciao70 Member

    Joined:
    Nov 3, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1

    Now it seems ok.

    No die [autorepair]

    Thanks
     
  15. ciao70

    ciao70 Member

    Joined:
    Nov 3, 2006
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    It seems to have reintroduced the problem after the upgrade 11.56.0.22
    Code:
    die [autorepair] Signature verification failed for URL 'http://httpupdate.cpanel.net/autofixer2/recoverymgmt'. Signature rollback detected. Please see cPanel & WHM Download Security - cPanel Knowledge Base - cPanel Documentation for further
    
     
    #15 ciao70, Jun 1, 2016
    Last edited by a moderator: Jun 6, 2016
  16. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Are you able to reproduce this issue when running the "/scripts/upcp" command? If so, please check the contents of the /etc/cpsources.conf file and post it here. Also, let us know if the following command helps:

    Code:
    /usr/local/cpanel/scripts/updatesigningkey
    Thank you.
     
  17. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    121
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    11.56.0.22

    Don't know if it is relevant, but since upgrade to this version, now getting the following in upcp each run

    Code:
    [2016-05-31 21:16:33 +0000]    - Processing command `/usr/local/cpanel/scripts/autorepair autorepair`
    [2016-05-31 21:16:34 +0000]      [647806] Requesting script ... exit level [die] [pid=647806] (Signature verification failed for URL 'http://httpupdate.cpanel.net/autofixer2/autorepair'. Invalid signature. Please see https://go.cpanel.net/sigerrors for further information about this error.)
     
  18. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    121
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Sorry, should have been included in last post

    Tried
    Code:
    /usr/local/cpanel/scripts/updatesigningkey
    and then ran upcp again - same Signature verification failure

    I don't see a /etc/cpsources.conf file at all - could this be an issue ?
     
  19. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,762
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    No, it's only an issue if it exists and is forcing a bad mirror. Please open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  20. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    121
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Switching off Signature validation on assets downloaded from cPanel & WHM mirrors in Tweak Settings allows upcp to complete without reporting any errors
    Code:
    [2016-06-01 22:02:30 +0000]  - Processing command `/usr/local/cpanel/scripts/autorepair autorepair`
    [2016-06-01 22:02:30 +0000]  [967302] Requesting script ... Done
    [2016-06-01 22:02:31 +0000]  [967302] Auto Repair is running...Running Auto Repair routines
    [2016-06-01 22:02:31 +0000]  [967302] Running autorepair on abrt_argparse
    [2016-06-01 22:02:31 +0000]  [967302] Running autorepair on cpsources_mirror
    [2016-06-01 22:02:31 +0000]  [967302] Running autorepair on fix_duplicate_cpanel_rpms
    [2016-06-01 22:02:31 +0000]  [967302] Running autorepair on fix-exim-permissions
    [2016-06-01 22:02:31 +0000]  [967302] Finished running Auto Repair routines
    [2016-06-01 22:02:31 +0000]  [967302] ...Auto Repair is done.
     
Loading...

Share This Page