# "freebsd-update fetch", fetching public key failed.



## Logan (Jan 4, 2009)

A FreeBSD installed in a vmware server 2 in win 2003.
When the first time I tried to update, I got the following problem:

```
# freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 1 mirrors found.
Fetching public key from update1.FreeBSD.org... failed.
No mirrors remaining, giving up.
```

The same as portsnap:

```
# portsnap fetch
Looking up portsnap.FreeBSD.org mirrors... 3 mirrors found.
Fetching public key from portsnap1.FreeBSD.org... failed.
Fetching public key from portsnap2.FreeBSD.org... failed.
Fetching public key from portsnap4.FreeBSD.org... failed.
No mirrors remaining, giving up.
#
```


And ping:

```
# ping update1.freebsd.org
PING update1.freebsd.org (72.21.59.252): 56 data bytes
36 bytes from 192.168.10.1: Communication prohibited by filter
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 5400 7075   0 0000  7e  01 b3f9 192.168.211.128  72.21.59.252
```

Google doesn't help.
Thanks.


----------



## danger@ (Jan 4, 2009)

does actually any networking work on your vmware installation?


----------



## Logan (Jan 4, 2009)

danger@ said:
			
		

> does actually any networking work on your vmware installation?


Thank you for replying.
Yes, ping http://www.google.com:


```
$ ping www.google.com
PING www-china.l.google.com (64.233.189.147): 56 data bytes
64 bytes from 64.233.189.147: icmp_seq=0 ttl=128 time=41.187 ms
```


----------



## danger@ (Jan 4, 2009)

is there any firewall in front of you?


----------



## DutchDaemon (Jan 4, 2009)

Where is 192.168.10.1 in your network? Is that part of your LAN?


----------



## sasha (Jan 4, 2009)

I have the same problem with PCBSD-7.0.2. I'm trying to update it from 7.1-PRERELEASE to 7.1-RELEASE.



> # [0:10:26] /usr>> freebsd-update -r 7.1-RELEASE fetch
> Looking up update.FreeBSD.org mirrors... 1 mirrors found.
> Fetching public key from update1.FreeBSD.org... failed.
> No mirrors remaining, giving up.
> ...



Do you have any ideas?

PS: Sorry for my English...


----------



## danger@ (Jan 4, 2009)

*freebsd-update supported versions*

Your problem is different. In your case, updating from 7.1-PRERELEASE is not supported. 7.1-PRERELEASE is just a different name for 7.1-STABLE which is a moving target. A list of supported versions by freebsd-update(8) can be found at http://update.freebsd.org/.

Your options are either to wait for the pc-bsd group to release a new version based on 7.1-RELEASE (which I'm sure they will release soon after the 7.1-RELEASE will be officially announced), or perform the standard csup/buildworld/buildkernel procedure.


----------



## sasha (Jan 5, 2009)

Thank you!


----------



## Logan (Jan 5, 2009)

danger@ said:
			
		

> is there any firewall in front of you?



Yes, the server is in a LAN, but has a global IP. FreeBSD vm connect to the internet via NAT.
If the problem is about the Host, I can handle it, e.g. Forwarding some ports.
Otherwise, if it is about the Lan firewall, well, I should try another way.

Can I get the key manually?

192.168.10.1 seems not in my LAN, for I can ping http://www.google.com successfully.

Thanks.


----------



## sasha (Jan 5, 2009)

Logan said:
			
		

> Can I get the key manually?



I found the key here: http://update1.freebsd.org/7.1-RELEASE/i386/pub.ssl


----------



## Logan (Jan 5, 2009)

sasha said:
			
		

> I found the key here: http://update1.freebsd.org/7.1-RELEASE/i386/pub.ssl



Thanks.
But where to put the key?


----------



## DutchDaemon (Jan 5, 2009)

Logan said:
			
		

> 192.168.10.1 seems not in my LAN, for I can ping http://www.google.com successfully.



I was referring to:


```
# ping update1.freebsd.org
PING update1.freebsd.org (72.21.59.252): 56 data bytes
36 bytes from [B][SIZE="5"]192.168.10.1: Communication prohibited by filter[/SIZE][/B]
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 5400 7075   0 0000  7e  01 b3f9 192.168.211.128  72.21.59.252
```

That seems to be the host blocking access.


----------



## Logan (Jan 5, 2009)

DutchDaemon said:
			
		

> I was referring to:
> 
> 
> ```
> ...



Yes, I think so. Google told me that some of servers block ICMP, but not all the Communication.

Thanks.


----------



## sasha (Jan 5, 2009)

Logan said:
			
		

> But where to put the key?



Maybe into /var/db/freebsd-update.

But it will try to fetch a lot of data after - I don't think that manually fetched key will solve your problem.

Can you post output of `uname -a` here?


----------



## Logan (Jan 5, 2009)

sasha said:
			
		

> Maybe into /var/db/freebsd-update.
> 
> But it will try to fetch a lot of data after - I don't think that manually fetched key will solve your problem.
> 
> Can you post output of `uname -a` here?



Of cause.


```
FreeBSD  7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008     root@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
```


----------



## sasha (Jan 5, 2009)

Try `freebsd-update -v debug fetch` and post result here.


----------



## tangram (Jan 5, 2009)

I once had a similar issue.

Try this:


```
% su
# env UNAME_r=7.1-PRERELEASE freebsd-update upgrade -r 7.1
```

Substitute the current and target versions according to you particular system and you should be able to update the system as usual.


----------



## Logan (Jan 5, 2009)

sasha said:
			
		

> Try `freebsd-update -v debug fetch` and post result here.




```
# freebsd-update -v debug fetch
Looking up update.FreeBSD.org mirrors... 1 mirrors found.
Fetching public key from update1.FreeBSD.org... fetch: http://update1.FreeBSD.org/7.0-RELEASE/i386/pub.ssl: Connection refused
failed.
No mirrors remaining, giving up.
```
More details. Does it help?



			
				tangram said:
			
		

> I once had a similar issue.
> 
> Try this:
> 
> ...




```
# env UNAME_r=7.0-RELEASE freebsd-update upgrade -r 7.1
Looking up update.FreeBSD.org mirrors... 1 mirrors found.
Fetching public key from update1.FreeBSD.org... failed.
No mirrors remaining, giving up.
#
```


----------



## sasha (Jan 5, 2009)

Connection refused... Very strange. May be your provider had closed access to this server?

Try manually fetch it: 
# fetch -vvv http://update1.FreeBSD.org/7.0-RELEASE/i386/pub.ssl

Or you can update with cvsup

# cvsup /usr/share/examples/cvsup/stable-supfile

Also you can do something like this:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/updating-upgrading-freebsdupdate.html
Section 24.2.3.2 (from the CD-ROM)


----------



## Logan (Jan 5, 2009)

I have got this answer.
Thanks to you all, especially sasha.
There is sth wrong with the LAN, some of the website could be visited directly, some of them counld not, but via a http proxy.

Thanks again. It is my first post here.


----------



## Logan (Jan 5, 2009)

How to Change to status of this thread to 'solved'?


----------



## JuniorRoy (May 5, 2009)

Can I join with the same problem? I have DesktopBSD 1.6 and kernel version is:

```
FreeBSD HomePC 6.3-RC2 FreeBSD 6.3-RC2 #30: Sun Jan  6 01:54:42 UTC 2008     root@tinderbox.3c-consulting.lokal:/usr/obj/usr/src/sys/SMP  i386
```
trying to do minor update to 6.4-RELEASE:

```
sh freebsd-update.sh -f freebsd-update.conf -r 6.4-REALEASE upgrade
```
as recommended at http://www.daemonology.net/blog/2007-11-10-freebsd-minor-version-upgrade.html
and get this:

```
Looking up update.FreeBSD.org mirrors... 6 mirrors found.
Fetching public key from update5.FreeBSD.org... failed.
Fetching public key from update4.FreeBSD.org... failed.
Fetching public key from update2.FreeBSD.org... failed.
Fetching public key from update3.FreeBSD.org... failed.
Fetching public key from update6.FreeBSD.org... failed.
Fetching public key from update1.FreeBSD.org... failed.
No mirrors remaining, giving up.
```

What am I doing wrong?
And how can I do the upgrade?


----------



## sasha (May 5, 2009)

http://update.freebsd.org/ - Here a list of versions, from which you can update your system using freebsd-update. Unfortunately, 6.3-RC2 is not supported, so you can use cvsup and rebuild everything or reinstall system from CD.


----------



## pete (Feb 17, 2012)

Hi!


```
phoenix# portsnap fetch
Looking up portsnap.FreeBSD.org mirrors... none found.
Fetching public key from portsnap.FreeBSD.org... failed.
No mirrors remaining, giving up.

dig portsnap.freebsd.org +short
208.86.224.118

phoenix# portsnap -s 208.86.224.118 fetch
Looking up 208.86.224.118 mirrors... none found.
Fetching public key from 208.86.224.118... done.
Fetching snapshot tag from 208.86.224.118... done.
Fetching snapshot metadata... done.
Fetching snapshot generated at Fri Feb 17 01:13:22 CET 2012:
c878fde6d2fd132543fc7ff786975ddb700fa491b5bb69100% of   66 MB  240 kBps 00m00s
Extracting snapshot... done.
Verifying snapshot integrity... done.
Fetching snapshot tag from 208.86.224.118... done.
Fetching snapshot metadata... done.
Updating from Fri Feb 17 01:13:22 CET 2012 to Fri Feb 17 06:09:40 CET 2012.
Fetching 4 metadata patches... done.
Applying metadata patches... done.
Fetching 0 metadata files... done.
Fetching 2 patches.. done.
Applying patches... done.
Fetching 0 new ports or files... done.
phoenix# 

Best Regards!
```


----------



## pete (Sep 25, 2012)

Hi!


```
phoenix# freebsd-update fetch
Looking up update.FreeBSD.org mirrors... none found.
Fetching metadata signature for 9.0-RELEASE from update.FreeBSD.org... failed.
No mirrors remaining, giving up.
```

Determine mirror`s IP address :


```
phoenix# ping update.FreeBSD.org
PING update.FreeBSD.org (149.20.53.40): 56 data bytes 64 bytes from 149.20.53.40: icmp_seq=0 ttl=54 time=411.142 ms
64 bytes from 149.20.53.40: icmp_seq=1 ttl=54 time=336.141 ms
```

Modify /etc/freebsd-update.conf:


```
# Server or server pool from which to fetch updates.  You can change
# this to point at a specific server if you want, but in most cases
# using a "nearby" server won't provide a measurable improvement in
# performance.
ServerName 149.20.53.40 #update.FreeBSD.org
```

Or just run :


```
phoenix# freebsd-update -s 149.20.53.40 fetch
Looking up 149.20.53.40 mirrors... none found.
Fetching metadata signature for 9.0-RELEASE from 149.20.53.40... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.
```

Best Regards!


----------



## Raqibul Hassan (Sep 5, 2016)

Hello everyone,

I am a newcomer to the Unix world and this is my first post here.

I am trying to upgrade FreeBSD to a newer version with a failure.


```
$ sudo freebsd-update upgrade -r 11.0-RC2
Password:
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching public key from update3.freebsd.org... failed.
Fetching public key from update6.freebsd.org... failed.
Fetching public key from update5.freebsd.org... failed.
Fetching public key from update4.freebsd.org... failed.
No mirrors remaining, giving up.
```

`uname -a` returns


```
$ uname -a
FreeBSD stratus.speedmail.co 10.3-STABLE FreeBSD 10.3-STABLE #0 r303856: Mon Aug  8 21:34:58 UTC 2016  root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64
```

Networks seems to be working fine


```
$ ping -c 4 update.freebsd.org
PING update5.freebsd.org (204.9.55.80): 56 data bytes
64 bytes from 204.9.55.80: icmp_seq=0 ttl=44 time=317.293 ms
64 bytes from 204.9.55.80: icmp_seq=1 ttl=44 time=318.738 ms
64 bytes from 204.9.55.80: icmp_seq=2 ttl=44 time=322.386 ms
64 bytes from 204.9.55.80: icmp_seq=3 ttl=44 time=323.632 ms
```

Tried the above solution but also failed:


```
$ sudo freebsd-update -s 204.9.55.80 fetch
Looking up 204.9.55.80 mirrors... none found.
Fetching public key from 204.9.55.80... failed.
No mirrors remaining, giving up.
```


Can anybody please help? Thanks in advance!


----------



## SirDice (Sep 5, 2016)

You cannot use freebsd-update(8) on -STABLE versions. It only works for -RELEASE versions. If you want to move to 11.0-RELEASE (11.0-PRERELEASE at this time, it hasn't been released yet) you'll have to do a source update.


----------

