Did you check the archlinux-keyring-wkd-sync statūs?
Yes, I did.
I just guess, my habit to update the system directly after startup if more than ten updates are waiting could be the reason to face it that often.
]]>UPDATES="$(checkupdates | cut -d' ' -f1)"
grep linux <<< $UPDATES
ARCH_KEYRING=$(checkupdates 2>/dev/null | cut -d' ' -f1 | grep "archlinux-keyring" | wc -l)
I'm sure you could find a way to add one or to cat's there
Did you check the archlinux-keyring-wkd-sync statūs?
There's either sth. wrong or the timer never hits (eg. because you're rarely booting the system and only do so to update it?) or you're the unluckiest dude on the planet.
# pacman -Sy archlinux-keyring && pacman -Su
was neccessary during the last two years.
To make my life a bit easier I now use a bash script named "updatesAvailable.sh" to check what mainenance task are waiting for me and to inform me if its neccessary to update the archlinux-keyring in advance.
#!/bin/bash
printf "."
UPDATES=$(checkupdates 2>/dev/null | wc -l)
#UPDATE_COUNT=$UPDATES
printf "."
KERNEL=$(checkupdates 2>/dev/null |\
grep -c '^linux \|^linux-headers\|^linux-lts-headers\|^linux-zen-headers\|^linux-zen-docs\|^linux-lts\|^linux-zen')
printf "."
AUR_UPDATES=$(pikaur -Qua 2>/dev/null | wc -l)
printf "."
ORPHANS=$(pacman -Qdt | wc -l)
printf "."
REBUILD=$(checkrebuild | wc -l)
printf "."
PACNEW=$(updatedb && locate --existing --regex "\.pac(new|save)$" | wc -l)
printf "."
ARCH_KEYRING=$(checkupdates 2>/dev/null | cut -d' ' -f1 | grep "archlinux-keyring" | wc -l)
printf "."
# echo " Arch: $((UPDATES - KERNEL)) Kernel: $KERNEL AUR: $AUR_UPDATES News: $(~/scripts/lastArchNewsIsFrom.sh)"
printf "\b\b\b\b\b\b\b\b Arch: %d Kernel: %d AUR: %d Orphans: %d Rebuild: %d PacNew: %d News: %s\n" \
$((UPDATES - KERNEL)) $KERNEL $AUR_UPDATES $ORPHANS $REBUILD $PACNEW $(~/scripts/lastArchNewsIsFrom.sh)
if [ "$ARCH_KEYRING" -eq "1" ]; then
# As the Arch Linux Keyring is a pending update - just prevent most
# signing errors during system upgrade by manually sync the package
# database first and than upgrade the archlinux-keyring package.
printf "\n Please execute: pacman -Sy archlinux-keyring && pacman -Su\n"
# This command is "not" considered a "partial upgrade" since it syncs
# the package database and upgrades the keyring package first. Both
# must be processed just before starting system upgrade to ensure
# signatures of all upgraded packages can be properly verified.
fi
# EOF
and "~/scripts/lastArchNewsIsFrom.sh"
#!/bin/bash
curl https://archlinux.org/news/ 2>/dev/null |\
grep "<td>20" | head -n1 | cut -d'>' -f2- |\
cut -d'<' -f1 | sort | tail -n1
# EOF
Arch is up to date if the output looks like:
# ~/scripts/updatesAvailable.sh
Arch: 0 Kernel: 0 AUR: 0 Orphans: 0 Rebuild: 0 PacNew: 0 News: 2023-09-22
After making sure the timer is up and the service is being executed on timer, the problem disappeared for me, with the exception of systemd-less WSL instances, but they aren't supported anyway and nobodies problem.
]]>systemctl status archlinux-keyring-wkd-sync.timer
cat /etc/pacman.d/gnupg/gpg.conf
sudo pacman-key -r dvzrv@archlinux.org
sudo pacman-key --keyserver hkps://keyserver.ubuntu.com -r dvzrv@archlinux.org
]]>$ sudo pacman -Syu
[...]
Total (507/507) 2.2 GiB 14.7 MiB/s 02:33 [######################################################################################################] 100%
(507/507) checking keys in keyring [######################################################################################################] 100%
downloading required keys...
:: Import PGP key 9B7A287D9A2EC608, "David Runge <dvzrv@archlinux.org>"? [Y/n]
error: key "9B7A287D9A2EC608" could not be looked up remotely
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
$ sudo pacman -S archlinux-keyring
[...]
$ sudo pacman -Syu
[...]
Works.
I'm not sure how others are never hitting this.
]]>invalid or corrupted package
That's not the full message , (invalid or corrupted package (PGP signature)) is.
]]>j♭ sudo pacman -Syu
[...]
Total (816/816) 3.8 GiB 13.9 MiB/s 04:41 [######################################################################################################] 100%
(816/816) checking keys in keyring [######################################################################################################] 100%
downloading required keys...
:: Import PGP key FDC3040B92ACA748, "Robin Candau <antiz@archlinux.org>"? [Y/n]
(816/816) checking package integrity [######################################################################################################] 100%
error: hidapi: signature from "Balló György <bgyorgy@archlinux.org>" is unknown trust
:: File /media/crucru/var/cache/pacman/pkg/hidapi-0.13.1-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: python-pydantic: signature from "Balló György <bgyorgy@archlinux.org>" is unknown trust
:: File /media/crucru/var/cache/pacman/pkg/python-pydantic-1.10.7-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.
j♭ sudo pacman -S archlinux-keyring ~
resolving dependencies...
looking for conflicting packages...
Packages (1) archlinux-keyring-20230320-1
Total Installed Size: 1.61 MiB
Net Upgrade Size: 0.02 MiB
:: Proceed with installation? [Y/n]
(1/1) checking keys in keyring [######################################################################################################] 100%
(1/1) checking package integrity [######################################################################################################] 100%
(1/1) loading package files [######################################################################################################] 100%
(1/1) checking for file conflicts [######################################################################################################] 100%
(1/1) checking available disk space [######################################################################################################] 100%
:: Processing package changes...
(1/1) upgrading archlinux-keyring [######################################################################################################] 100%
==> Appending keys from archlinux.gpg...
==> Disabling revoked keys in keyring...
-> Disabled 3 keys.
==> Updating trust database...
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 6 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 6 signed: 95 trust: 1-, 0q, 0n, 5m, 0f, 0u
gpg: depth: 2 valid: 72 signed: 27 trust: 72-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2023-07-12
==> Updating trust database...
gpg: next trustdb check due at 2023-07-12
:: Running post-transaction hooks...
(1/2) Reloading system manager configuration...
(2/2) Arming ConditionNeedsUpdate...
j♭ sudo pacman -Syu ~
:: Synchronizing package databases...
core 153.3 KiB 2.49 MiB/s 00:00 [######################################################################################################] 100%
extra 1773.5 KiB 23.7 MiB/s 00:00 [######################################################################################################] 100%
community 7.2 MiB 30.2 MiB/s 00:00 [######################################################################################################] 100%
multilib is up to date
:: Starting full system upgrade...
:: Replace imagemagick-doc with extra/imagemagick? [Y/n]
:: Replace tbb with extra/onetbb? [Y/n]
resolving dependencies...
[...]
I've read some very interestings answers and facts, and thanks to them I do know more about how it works. I understand it's not that simple and it has been done as best could be or seemed to be. However, it still seems to me that something's not right in the message about an invalid or corrupted package.
]]>Trilby wrote:EDIT: also may be worth noting, this thread is the first I've heard of this WKD service and I've never enabled / used it.
The timer is enabled by default:
$ pacman -Ql archlinux-keyring | grep -F timers.target.wants/archlinux-keyring-wkd-sync.timer archlinux-keyring /usr/lib/systemd/system/timers.target.wants/archlinux-keyring-wkd-sync.timer
It wasn't active on a couple of my systems, although I don't see how it couldn't have been without manually disabling the timer and I don't remember doing so.
]]>The timer is enabled by default:
fortunately it's not hard to disable timers permanently.
$ ls -l /etc/systemd/system/*wkd*
lrwxrwxrwx 1 root root 9 28 sep 12:52 /etc/systemd/system/archlinux-keyring-wkd-sync.timer -> /dev/null
$
EDIT: also may be worth noting, this thread is the first I've heard of this WKD service and I've never enabled / used it.
The timer is enabled by default:
$ pacman -Ql archlinux-keyring | grep -F timers.target.wants/archlinux-keyring-wkd-sync.timer
archlinux-keyring /usr/lib/systemd/system/timers.target.wants/archlinux-keyring-wkd-sync.timer
But, since I have faced this several times, I have been updating my computer with a script that contains this line:
paru --show --news && sudo pacman -Sy archlinux-keyring --needed ; sudo pacman -Su ; paru -Syua