You are not logged in.

Pages: 1

#1 2011-09-20 17:19:25

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819
Website

Pacman 4.0.0 RC1 and archive integrity checksums

I thought I'd give pacman 4.0.0 a whirl after the announcement on the development mailing list (yes, I know, it's been a while already, I'm late to the party).

This is what I get:

# pacman -Syu
:: Synchronizing package databases...
 testing                                                                      39,8K  147,9K/s 00:00:00 [############################################################] 100%
 core is up to date
 extra                                                                       820,0K  234,7K/s 00:00:03 [############################################################] 100%
 community-testing is up to date
 community is up to date
 multilib-testing is up to date
 multilib is up to date
:: Starting full system upgrade...
warning: pacman: local (4.0.0rc1-1) is newer than core (3.5.4-4)
warning: xorg-xdm: local (1.1.10-3) is newer than extra (1.1.10-2)
resolving dependencies...
looking for inter-conflicts...

Targets (6): db-5.2.36-1  p11-kit-0.6-2  gnutls-3.0.3-1  librsvg-2.34.1-2  util-linux-2.20-3  wget-1.13.4-1

Total Download Size:    4,34 MiB
Total Installed Size:   30,26 MiB
Net Upgrade Size:       0,59 MiB

Proceed with installation? [Y/n] 
:: Retrieving packages from testing...
 db-5.2.36-1-x86_64                                                         1113,4K  259,4K/s 00:00:04 [############################################################] 100%
 util-linux-2.20-3-x86_64                                                   1375,6K  175,9K/s 00:00:08 [############################################################] 100%
:: Retrieving packages from core...
 wget-1.13.4-1-x86_64                                                        415,1K  177,3K/s 00:00:02 [############################################################] 100%
:: Retrieving packages from extra...
 p11-kit-0.6-2-x86_64                                                         59,1K   80,1K/s 00:00:01 [############################################################] 100%
 gnutls-3.0.3-1-x86_64                                                      1360,5K  203,0K/s 00:00:07 [############################################################] 100%
 librsvg-2.34.1-2-x86_64                                                     122,1K  259,7K/s 00:00:00 [############################################################] 100%
:: File /var/cache/pacman/pkg/p11-kit-0.6-2-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).------------------------------------------]   0%
Do you want to delete it? [Y/n] 
:: File /var/cache/pacman/pkg/gnutls-3.0.3-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).-----------------------------------------]  33%
Do you want to delete it? [Y/n] 
:: File /var/cache/pacman/pkg/librsvg-2.34.1-2-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).#########------------------------------]  50%
Do you want to delete it? [Y/n] 
:: File /var/cache/pacman/pkg/util-linux-2.20-3-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).#################---------------------]  66%
Do you want to delete it? [Y/n] 
:: File /var/cache/pacman/pkg/wget-1.13.4-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).###############################-----------]  83%
Do you want to delete it? [Y/n] 
(6/6) checking package integrity                                                                       [############################################################] 100%
error: failed to commit transaction (invalid or corrupted package (PGP signature))
p11-kit-0.6-2-x86_64.pkg.tar.xz is invalid or corrupted
gnutls-3.0.3-1-x86_64.pkg.tar.xz is invalid or corrupted
librsvg-2.34.1-2-x86_64.pkg.tar.xz is invalid or corrupted
util-linux-2.20-3-x86_64.pkg.tar.xz is invalid or corrupted
wget-1.13.4-1-x86_64.pkg.tar.xz is invalid or corrupted
Errors occurred, no packages were upgraded.
[root@hermes ~]#

Am I missing something? I merged the new pacman conf, I saw no options I thought were relevant (except those commented by default, but it seems a bit crazy to me that necessary options would be commented, unless they have sane default settings).

Enlighten me.

Last edited by .:B:. (2011-09-20 17:21:31)

Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#2 2011-09-20 17:45:19

jakobm
Member
Registered: 2008-03-24
Posts: 132

Re: Pacman 4.0.0 RC1 and archive integrity checksums

The packages are rejected because you don't have the key used to sign in your keyring, or you did not set a trust level. Either modify your keyring or change the SigLevel option.

Offline

#3 2011-09-20 17:47:53

falconindy
Developer
From: New York, USA
Registered: 2009-10-22
Posts: 4,111
Website

Re: Pacman 4.0.0 RC1 and archive integrity checksums

So, this is sort of broken in rc1 in that it doesn't really give you a proper error message and explain what's going on. The problem here is that you're missing the public key for the developer who signed the packages, and gpg is unable to decrypt it. The unfortunate part is that it labels the data as corrupt, rather than politely informing you that the signature isn't available to verify against. Dan just recently tackled this problem:

http://projects.archlinux.org/pacman.gi … 9256433923

I'm not going to give any deadlines, but we're working towards RC2 which should provide more precise error messaging for exactly this situation (which will be quite common at the start) as well as download/add the missing key to ease the verification process for end users.

blog | ±github

Offline

#4 2011-09-20 18:27:07

toofishes
Developer
From: Chicago, IL
Registered: 2006-06-06
Posts: 602
Website

Re: Pacman 4.0.0 RC1 and archive integrity checksums

What falconindy said. Notably, if you just put 'SigLevel = Never' in your options section for now, you can ignore this mess and still give the rest of the code changes a good test run.

Offline

#5 2011-09-20 19:12:26

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819
Website

Re: Pacman 4.0.0 RC1 and archive integrity checksums

Okay, thanks. I set the SigLevel option for now. Any chance I can get that GPG key now, or am I just being a pain in the proverbial hiney now?

Btw falconindy - now that we're at it, I have cower breaking on the libalpm soname bump. However, rebuilding that package doesn't work, which is quite bizarre since there is no libalpm.so.6 anywhere on my system anymore... Did you hardcode cower to libalpm.so.6?

Last edited by .:B:. (2011-09-20 19:17:02)

Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#6 2011-09-21 01:58:44

falconindy
Developer
From: New York, USA
Registered: 2009-10-22
Posts: 4,111
Website

Re: Pacman 4.0.0 RC1 and archive integrity checksums

.:B:. wrote:

Okay, thanks. I set the SigLevel option for now. Any chance I can get that GPG key now, or am I just being a pain in the proverbial hiney now?

The process right now is to find the developer's pubkey, recv/add it with pacman-key, and then locally sign and/or trust it. If you're feeling lazy, just wait for RC2. Things should be hugely improved.

.:B:. wrote:

Btw falconindy - now that we're at it, I have cower breaking on the libalpm soname bump. However, rebuilding that package doesn't work, which is quite bizarre since there is no libalpm.so.6 anywhere on my system anymore... Did you hardcode cower to libalpm.so.6?

I didn't, but the linker did at compile time. You'll be interested in my pacman4 branch which will compile against pacman-git.

blog | ±github

Offline

#7 2011-09-21 06:37:57

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819
Website

Re: Pacman 4.0.0 RC1 and archive integrity checksums

Thanks. As for the key issue, I guess I'll just wait tongue.

Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#8 2011-09-21 06:52:48

ngoonee
Forum Fellow
From: Between Thailand and Singapore
Registered: 2009-03-17
Posts: 7,356

Re: Pacman 4.0.0 RC1 and archive integrity checksums

toofishes wrote:

What falconindy said. Notably, if you just put 'SigLevel = Never' in your options section for now, you can ignore this mess and still give the rest of the code changes a good test run.

This is merely a temporary advise to get things running right now? Seems to me that would pretty much defeat the whole point of package signing.

Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.

Offline

#9 2011-09-21 08:44:14

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819
Website

Re: Pacman 4.0.0 RC1 and archive integrity checksums

I suppose all devs have that key, so it doesn't apply to them.

Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#10 2011-09-21 09:07:34

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,405
Website

Re: Pacman 4.0.0 RC1 and archive integrity checksums

ngoonee wrote:
toofishes wrote:

What falconindy said. Notably, if you just put 'SigLevel = Never' in your options section for now, you can ignore this mess and still give the rest of the code changes a good test run.

This is merely a temporary advise to get things running right now? Seems to me that would pretty much defeat the whole point of package signing.

Yes...  better solutions are on the way with RC2 which will help with importing missing keys.

PGP Key: F99FFE0FEAE999BD

Offline

Pages: 1

Board footer

Powered by FluxBB