[OpenIndiana-discuss] Hipster repository catalog validation failure (IPS 0.5.11 / 2022 branch)

[Luca Lenardi]

Hello,

I am experiencing persistent repository catalog validation failures on an
OpenIndiana Hipster system tyring to upgrade with pkg.

*Error*: *CatalogPart failed validation: The signature data for
catalog.summary.C is not valid.*


*System details:*- OpenIndiana Hipster (branch 2022.0.0.5587)
- pkg 0.5.11
- r151x (uname -a available if needed)
- NTP synchronized
- No proxy configured
- signature-policy set to ignore (tried, no effect)
- Publisher fully removed and recreated
- /var/pkg/cache, /var/pkg/ssl and /var/pkg/publisher wiped
- Same behavior over HTTP and HTTPS

Manual download of the catalog:
https://pkg.openindiana.org/hipster/openindiana.org/catalog/1/catalog.summary.C
is stable and reproducible (different machines, different connections):

- SHA256: f26090ba284276be54e435263296fcb91e79496a77ac6c8e12e67aece667fcbc
- Size: 41440888 bytes

However, pkg refresh fails during internal catalog validation before any
package processing occurs.

*Questions*:

- Has there been any recent change in catalog metadata format, signing
policy, or digest algorithm that would break compatibility with IPS 0.5.11
(2022 branch)?
- Is there currently a minimum supported client/IPS version required to
access the Hipster repository?
- What is the recommended upgrade path for systems on older Hipster
branches where pkg cannot validate the repository catalog and therefore
cannot self-update? Can we use an ISO live CD / USB?

This appears to be either:
- a repository metadata evolution not backward compatible with older IPS
clients, or
- a signing/validation change introduced server-side.

Any clarification on the compatibility policy and supported upgrade
strategy would be appreciated.
Thanks

--
Luca Lenardi