This morning I got a notification that there were FreePBX modules available for update and after applying the updates, this is back:
Note that the security warning doesn’t identify any specific problem, as it usually does. If I click on “(What Does this Mean?)” it takes me to the page at http://wiki.freepbx.org/display/F2/Module+Signing which has to do with module signing, but again it doesn’t identify anything specific. I’ve been testing the revisions to the Custom Destinations module that Rob (xrobau) has been working on, but he provided a key for those, and what’s weird is that it’s not identifying any specific module that’s causing the warning.
Any idea why I’m seeing this and how to get rid of it? I suspect there’s really nothing wrong at this point because I completely removed the Dialplan Injection module that I had been using (which was the previous source of such warnings) for for some reason this banner seems to come back from time to time for no apparent reason. Just to be certain I looked in the /var/www/html/admin/modules directory and there is no trace of Dialplan Injection in there anymore.
You may be right. Rob posted the updated Custom Applications module and then separately posted a link to a module.sig file. It’s possible those are out of sync, and I’m not sure how I’d tell. But if that’s the case, I wonder why it doesn’t identify Custom Applications as the offending module in the security notice?
I’m using the Custom Applications module that Rob is updating, but he posted a module.sig file to use with that. Do you need to have a new module.sig every time there’s an update? If so it’s possible that he might not have posted the module.sig for the version that’s now current at http://git.freepbx.org/projects/FREEPBX/repos/customappsreg/commits?until=refs%2Fheads%2Frelease%2F12.0 because the signature file I am using is the latest one he posted, which was from http://pastebin.ca/29823801 and those might not be in sync.
But if that’s the case, I wonder why the security notice didn’t specifically identify Custom Applications as the module with the invalid signature file?
Something weird is going on here. This will be the third time I have tried to respond. My reply stays up for about a minute and then disappears. So I’ll try again:
I’m using the Custom Applications module that Rob is updating, but he posted a module.sig file to use with that. Do you need to have a new module.sig every time there’s an update? If so it’s possible that he might not have posted the module.sig for the version that’s now current at http://git.freepbx.org/projects/FREEPBX/repos/customappsreg/commits?until=refs%2Fheads%2Frelease%2F12.0 because the signature file I am using is the latest one he posted, which was from http://pastebin.ca/29823801 and those might not be in sync.
But if that’s the case, I wonder why the security notice didn’t specifically identify Custom Applications as the module with the invalid signature file?
The system keeps thinking you are spam. Sorry. Personally I am going to remove myself from this topic I will ask Rob to publish said module. I am no longer going to talk about FreePBX modules signing or security notices.
