You are not logged in.
- Topics: Active | Unanswered
#1 2018-02-08 13:49:51
- Kaeltis
- Member
- Registered: 2016-07-05
- Posts: 3
[SOLVED] signature from "XXX" is unknown trust even after reseting key
Hey everyone
I just tried doing a fresh install of Arch on my desktop (using archlinux-2018.02.01).
However after setting the basics up (including enabling ntp and verifying the correct system time) I tried to do pacstrap, which failed installing the packages.
Each of the packages failed with "signature from "XXX" is unknown trust".
I then set pacman's SigLevel to TrustAll and tried updating archlinux-keyring, still the same issue after removing TrustAll again.
I then tried the following:
rm -rf /etc/pacman.d/gnupg
pacman-key --init
pacman-key --populate
// tried pacstrap again, same issue
pacman-key --refresh-keys
// still same issueTo at least get Arch running i added TrustAll to pacman again and finished installing everything.
Got my installation working now, but the keys are still broken, pacman is not installing anything without TrustAll
SigLevel = Required DatabaseOptional TrustAll
LocalFileSigLevel = Optional
#RemoteFileSigLevel = RequiredHere's a debug output of it (without TrustAll), as you can see it says the signature is valid but unknown trust. This happens with ALL packages I tried.
[root@arch ~]# pacman -S bash-completion --debug
debug: pacman v5.0.2 - libalpm v10.0.2
debug: config: attempting to read file /etc/pacman.conf
debug: config: new section 'options'
debug: config: HoldPkg: pacman
debug: config: HoldPkg: glibc
debug: config: arch: x86_64
debug: config: SigLevel: Required
debug: config: SigLevel: DatabaseOptional
debug: config: LocalFileSigLevel: Optional
debug: config: new section 'core'
debug: config file /etc/pacman.conf, line 76: including /etc/pacman.d/mirrorlist
debug: config: new section 'extra'
debug: config file /etc/pacman.conf, line 79: including /etc/pacman.d/mirrorlist
debug: config: new section 'community'
debug: config file /etc/pacman.conf, line 85: including /etc/pacman.d/mirrorlist
debug: config: finished parsing /etc/pacman.conf
debug: setup_libalpm called
debug: option 'logfile' = /var/log/pacman.log
debug: option 'gpgdir' = /etc/pacman.d/gnupg/
debug: option 'hookdir' = /etc/pacman.d/hooks/
debug: option 'cachedir' = /var/cache/pacman/pkg/
debug: registering sync database 'core'
debug: database path for tree core set to /var/lib/pacman/sync/core.db
debug: "/var/lib/pacman/sync/core.db.sig" is not readable: No such file or directory
debug: sig path /var/lib/pacman/sync/core.db.sig could not be opened
debug: missing optional signature
debug: setting usage of 15 for core repository
debug: adding new server URL to database 'core': http://mirror.f4st.host/archlinux/core/os/x86_64
debug: adding new server URL to database 'core': https://ftp.halifax.rwth-aachen.de/archlinux/core/os/x86_64
debug: adding new server URL to database 'core': https://mirror.f4st.host/archlinux/core/os/x86_64
debug: adding new server URL to database 'core': rsync://mirror.f4st.host/archlinux/core/os/x86_64
debug: adding new server URL to database 'core': rsync://ftp.halifax.rwth-aachen.de/archlinux/core/os/x86_64
debug: registering sync database 'extra'
debug: database path for tree extra set to /var/lib/pacman/sync/extra.db
debug: "/var/lib/pacman/sync/extra.db.sig" is not readable: No such file or directory
debug: sig path /var/lib/pacman/sync/extra.db.sig could not be opened
debug: missing optional signature
debug: setting usage of 15 for extra repository
debug: adding new server URL to database 'extra': http://mirror.f4st.host/archlinux/extra/os/x86_64
debug: adding new server URL to database 'extra': https://ftp.halifax.rwth-aachen.de/archlinux/extra/os/x86_64
debug: adding new server URL to database 'extra': https://mirror.f4st.host/archlinux/extra/os/x86_64
debug: adding new server URL to database 'extra': rsync://mirror.f4st.host/archlinux/extra/os/x86_64
debug: adding new server URL to database 'extra': rsync://ftp.halifax.rwth-aachen.de/archlinux/extra/os/x86_64
debug: registering sync database 'community'
debug: database path for tree community set to /var/lib/pacman/sync/community.db
debug: "/var/lib/pacman/sync/community.db.sig" is not readable: No such file or directory
debug: sig path /var/lib/pacman/sync/community.db.sig could not be opened
debug: missing optional signature
debug: setting usage of 15 for community repository
debug: adding new server URL to database 'community': http://mirror.f4st.host/archlinux/community/os/x86_64
debug: adding new server URL to database 'community': https://ftp.halifax.rwth-aachen.de/archlinux/community/os/x86_64
debug: adding new server URL to database 'community': https://mirror.f4st.host/archlinux/community/os/x86_64
debug: adding new server URL to database 'community': rsync://mirror.f4st.host/archlinux/community/os/x86_64
debug: adding new server URL to database 'community': rsync://ftp.halifax.rwth-aachen.de/archlinux/community/os/x86_64
debug: loading package cache for repository 'core'
debug: opening archive /var/lib/pacman/sync/core.db
debug: added 228 packages to package cache for db 'core'
debug: loading package cache for repository 'extra'
debug: opening archive /var/lib/pacman/sync/extra.db
debug: added 3014 packages to package cache for db 'extra'
debug: adding package 'bash-completion'
debug: loading package cache for repository 'local'
debug: added 597 packages to package cache for db 'local'
warning: bash-completion-2.7-2 is up to date -- reinstalling
debug: adding package bash-completion-2.7-2 to the transaction add list
resolving dependencies...
debug: resolving target's dependencies
debug: started resolving dependencies
debug: checkdeps: package bash-completion-2.7-2
debug: finished resolving dependencies
looking for conflicting packages...
debug: looking for conflicts
debug: check targets vs targets
debug: check targets vs targets
debug: check targets vs db and db vs targets
debug: check targets vs db
debug: check db vs targets
debug: checking dependencies
debug: checkdeps: package bash-completion-2.7-2
debug: setting download size 186344 for pkg bash-completion
debug: sorting by dependencies
debug: started sorting dependencies
debug: sorting dependencies finished
Packages (1) bash-completion-2.7-2
Total Download Size: 0,18 MiB
Total Installed Size: 0,80 MiB
Net Upgrade Size: 0,00 MiB
:: Proceed with installation? [Y/n]
debug: using cachedir: /var/cache/pacman/pkg/
debug: checking available disk space for download
debug: discovered mountpoint: /tmp
debug: discovered mountpoint: /sys/kernel/security
debug: discovered mountpoint: /sys/kernel/debug
debug: discovered mountpoint: /sys/kernel/config
debug: discovered mountpoint: /sys/fs/pstore
debug: discovered mountpoint: /sys/fs/cgroup/unified
debug: discovered mountpoint: /sys/fs/cgroup/systemd
debug: discovered mountpoint: /sys/fs/cgroup/rdma
debug: discovered mountpoint: /sys/fs/cgroup/pids
debug: discovered mountpoint: /sys/fs/cgroup/perf_event
debug: discovered mountpoint: /sys/fs/cgroup/net_cls,net_prio
debug: discovered mountpoint: /sys/fs/cgroup/memory
debug: discovered mountpoint: /sys/fs/cgroup/hugetlb
debug: discovered mountpoint: /sys/fs/cgroup/freezer
debug: discovered mountpoint: /sys/fs/cgroup/devices
debug: discovered mountpoint: /sys/fs/cgroup/cpuset
debug: discovered mountpoint: /sys/fs/cgroup/cpu,cpuacct
debug: discovered mountpoint: /sys/fs/cgroup/blkio
debug: discovered mountpoint: /sys/fs/cgroup
debug: discovered mountpoint: /sys/firmware/efi/efivars
debug: discovered mountpoint: /sys
debug: discovered mountpoint: /run/user/1000
debug: discovered mountpoint: /run
debug: discovered mountpoint: /proc/sys/fs/binfmt_misc
debug: discovered mountpoint: /proc
debug: discovered mountpoint: /dev/shm
debug: discovered mountpoint: /dev/pts
debug: discovered mountpoint: /dev/mqueue
debug: discovered mountpoint: /dev/hugepages
debug: discovered mountpoint: /dev
debug: discovered mountpoint: /boot
debug: discovered mountpoint: /
debug: loading fsinfo for /
debug: partition /, needed 46, cushion 5121, free 53332755
:: Retrieving packages...
debug: url: http://mirror.f4st.host/archlinux/extra/os/x86_64/bash-completion-2.7-2-any.pkg.tar.xz
debug: maxsize: 186344
debug: opened tempfile for download: /var/cache/pacman/pkg/bash-completion-2.7-2-any.pkg.tar.xz.part (wb)
downloading bash-completion-2.7-2-any.pkg.tar.xz...
debug: curl returned error 0 from transfer
debug: response code: 200
debug: using cachedir: /var/cache/pacman/pkg/
checking keyring...
debug: GPGME version: 1.10.0
debug: GPGME engine info: file=/usr/bin/gpg, home=/etc/pacman.d/gnupg/
debug: looking up key 1EB2638FF56C0C53 locally
debug: key lookup success, key exists
checking package integrity...
debug: found cached pkg: /var/cache/pacman/pkg/bash-completion-2.7-2-any.pkg.tar.xz
debug: sig data: iQEzBAABCAAdFiEESH6swIVXrQggiNq6HrJjj/VsDFMFAlnovksACgkQHrJjj/VsDFPzVAgAj3QcsP2RVCqgJQCmPIm4JdU8ko2goljlvs2jMZ2Y4yWyzra5OhSvwd+spURO0GKCjlBkwtDwm+Inv/VQ1MKwIXpqWBxZlMMJhlsRbW9zDktMhhBV8j3D4XGg1RcsdzfPI90FS+NGKorHxFfIlHUKw1cZSMZYMW9DSYL/FFadQVkNOIFEcgOxnB9EXr7LuDptbrw1F44mv8M6XFLjK6kmNUpjgqS8TPhpPlC1Yy0C96wSwubY3Ikgh7m09tnMbcDERNyHcl9mvNaPsQa7RAPY8vfQOpFdsUxgv/EDbhJ7QZ6UQA2F1kk2Z+y74S9VekfJRWmhcPyhEzMVa2vcdDqKIQ==
debug: checking signature for /var/cache/pacman/pkg/bash-completion-2.7-2-any.pkg.tar.xz
debug: 1 signatures returned
debug: fingerprint: 487EACC08557AD082088DABA1EB2638FF56C0C53
debug: summary: (empty)
debug: status: Success
debug: timestamp: 1508425291
debug: exp_timestamp: 0
debug: validity: unknown; reason: Success
debug: key: 487EACC08557AD082088DABA1EB2638FF56C0C53, Dave Reisner <d@falconindy.com>, owner_trust unknown, disabled 0
debug: signature is valid
debug: signature is unknown trust
error: bash-completion: signature from "Dave Reisner <d@falconindy.com>" is unknown trust
:: File /var/cache/pacman/pkg/bash-completion-2.7-2-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
debug: unregistering database 'local'
debug: freeing package cache for repository 'local'
debug: unregistering database 'core'
debug: freeing package cache for repository 'core'
debug: unregistering database 'extra'
debug: freeing package cache for repository 'extra'
debug: unregistering database 'community'[root@arch ~]# pacman-key --list-keys d@falconindy.com
pub rsa2048 2011-06-25 [SC]
487EACC08557AD082088DABA1EB2638FF56C0C53
uid [ unknown] Dave Reisner <d@falconindy.com>
uid [ unknown] Dave Reisner <dreisner@archlinux.org>
sub rsa2048 2011-06-25 [E]Last edited by Kaeltis (2018-02-08 15:32:12)
Offline
#2 2018-02-08 14:56:40
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 11,560
Re: [SOLVED] signature from "XXX" is unknown trust even after reseting key
Let's see `pacman-key --list-sigs Master`
Online
#3 2018-02-08 15:04:29
- Kaeltis
- Member
- Registered: 2016-07-05
- Posts: 3
Re: [SOLVED] signature from "XXX" is unknown trust even after reseting key
[root@arch ~]# pacman-key --list-sigs Master
pub rsa2048 2018-02-08 [SC]
252086ED9B16824428B4F5EE0D6F9560475D65A2
uid [ultimate] Pacman Keyring Master Key <pacman@localhost>
sig 3 0D6F9560475D65A2 2018-02-08 Pacman Keyring Master Key <pacman@localhost>
pub rsa4096 2011-11-29 [SC]
AB19265E5D7D20687D303246BA1DFB64FFF979E7
uid [ unknown] Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig 3 BA1DFB64FFF979E7 2011-11-29 Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig 3EC72E5826BD94C2 2012-02-05 [User ID not found]
rev 3EC72E5826BD94C2 2012-02-05 [User ID not found]
sig 1BB89C0602367449 2018-01-16 [User ID not found]
sig F99FFE0FEAE999BD 2011-11-30 Allan McRae <me@allanmcrae.com>
sig 06096A6AD1CEDDAC 2011-11-30 Laurent Carlier <lordheavym@gmail.com>
sig B773EB82DABACDA8 2013-08-16 [User ID not found]
sig 7ACFA647C5B3322D 2014-05-27 [User ID not found]
sig C3918344475A229F 2015-09-23 [User ID not found]
sig 872E6714EAF5EC44 2014-04-09 [User ID not found]
sig 80394F9187983512 2016-11-14 [User ID not found]
sig A9358D7DDD12F986 2012-02-29 [User ID not found]
sig 5F03C767C247A4D5 2017-08-17 [User ID not found]
sig 2 P 09B69B615AD10C8E 2015-12-01 [User ID not found]
sig 1 P 8508252F9B301536 2017-03-23 [User ID not found]
pub rsa4096 2017-05-15 [SC]
DDB867B92AA789C165EEFA799B729B06A680C281
uid [ unknown] Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig 3 9B729B06A680C281 2017-05-15 Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig 1BB89C0602367449 2018-01-16 [User ID not found]
sig 1 P 2 AA14E96200F5E006 2017-09-14 [User ID not found]
sig B6002D906D137D09 2017-09-03 [User ID not found]
sig BBE43771487328A9 2017-05-15 Bartlomiej Piotrowski <b@bpiotrowski.pl>
sig 2 5F03C767C247A4D5 2017-08-17 [User ID not found]
sub rsa4096 2017-05-15 [E]
sig 9B729B06A680C281 2017-05-15 Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
pub rsa4096 2015-12-17 [SC]
91FFE0700E80619CEB73235CA88E23E377514E00
uid [ unknown] Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sig 3 A88E23E377514E00 2015-12-17 Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sig 1BB89C0602367449 2018-01-16 [User ID not found]
sig 1 P 2 AA14E96200F5E006 2017-09-14 [User ID not found]
sig 80394F9187983512 2016-11-14 [User ID not found]
sig 6D1655C14CE1C13E 2015-12-17 Florian Pritz <bluewind@xinu.at>
sig 2 5F03C767C247A4D5 2017-08-17 [User ID not found]
sig 1 P 8508252F9B301536 2017-03-23 [User ID not found]
sub rsa4096 2015-12-17 [E]
sig A88E23E377514E00 2015-12-17 Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
pub rsa3072 2011-11-18 [SC]
0E8B644079F599DFC1DDC3973348882F6AC6A4C2
uid [ unknown] Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sig 3 3348882F6AC6A4C2 2011-11-18 Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sig 1BB89C0602367449 2018-01-16 [User ID not found]
sig 1 P 2 AA14E96200F5E006 2017-09-14 [User ID not found]
sig 7F2D434B9741E8AC 2011-11-18 Pierre Schmitz <pierre@archlinux.de>
sig 7ACFA647C5B3322D 2014-05-27 [User ID not found]
sig 872E6714EAF5EC44 2014-04-09 [User ID not found]
sig 80394F9187983512 2016-11-14 [User ID not found]
sig A9358D7DDD12F986 2012-02-29 [User ID not found]
sig 3 AD94BA169DBB5BF2 2016-10-12 [User ID not found]
sig 2 5F03C767C247A4D5 2017-08-17 [User ID not found]
sig 1 P 8508252F9B301536 2017-03-23 [User ID not found]
sub rsa1024 2011-11-18 [E]
sig 3348882F6AC6A4C2 2011-11-18 Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sub rsa3072 2011-11-18 [A]
sig 3348882F6AC6A4C2 2011-11-18 Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
pub rsa3072 2011-11-19 [SC]
684148BB25B49E986A4944C55184252D824B18E8
uid [ unknown] Thomas Bächler (Arch Linux Master Key) <thomas@master-key.archlinux.org>
sig 3 5184252D824B18E8 2011-11-19 Thomas Bächler (Arch Linux Master Key) <thomas@master-key.archlinux.org>
sig 1BB89C0602367449 2018-01-16 [User ID not found]
sig 1 P 2 AA14E96200F5E006 2017-09-14 [User ID not found]
sig 7ACFA647C5B3322D 2014-05-27 [User ID not found]
sig 284FC34C8E4B1A25 2011-11-19 Thomas Bächler <thomas@bchlr.de>
sig 872E6714EAF5EC44 2014-04-09 [User ID not found]
sig 80394F9187983512 2016-11-14 [User ID not found]
sig A9358D7DDD12F986 2012-02-29 [User ID not found]
sig 1 P 8508252F9B301536 2017-03-23 [User ID not found]
pub rsa3072 2011-11-29 [SC] [revoked: 2011-11-29]
27FFC4769E19F096D41D9265A04F9397CDFD6BB0
rev A04F9397CDFD6BB0 2011-11-29 Dan McGee (Arch Linux Master Key) <dan@master-key.archlinux.org>
uid [ revoked] Dan McGee (Arch Linux Master Key) <dan@master-key.archlinux.org>
sig 3 A04F9397CDFD6BB0 2011-11-29 Dan McGee (Arch Linux Master Key) <dan@master-key.archlinux.org>
sig 5C2E46A0F53A76ED 2011-11-29 Dan McGee <dpmcgee@gmail.com>
sig 06096A6AD1CEDDAC 2011-11-30 Laurent Carlier <lordheavym@gmail.com>
sig 7ACFA647C5B3322D 2014-05-27 [User ID not found]
sig 872E6714EAF5EC44 2014-04-09 [User ID not found]
sig 80394F9187983512 2016-11-14 [User ID not found]
sig A9358D7DDD12F986 2012-02-29 [User ID not found]
sig 2 P 09B69B615AD10C8E 2015-12-01 [User ID not found]
pub rsa3072 2011-11-25 [SC] [revoked: 2011-11-25]
44D4A033AC140143927397D47EFD567D4C7EA887
rev 7EFD567D4C7EA887 2011-11-25 Ionut Biru (Arch Linux Master Key) <ionut@master-key.archlinux.org>
uid [ revoked] Ionut Biru (Arch Linux Master Key) <ionut@master-key.archlinux.org>
sig 3 7EFD567D4C7EA887 2011-11-25 Ionut Biru (Arch Linux Master Key) <ionut@master-key.archlinux.org>
sig E8F18BA1615137BC 2011-11-25 Ionut Biru <ibiru@archlinux.org>
sig 872E6714EAF5EC44 2014-04-09 [User ID not found]
sig 80394F9187983512 2016-11-14 [User ID not found]
sig A9358D7DDD12F986 2012-02-29 [User ID not found]
sig 2 5F03C767C247A4D5 2017-08-17 [User ID not found]
sig 1 P 8508252F9B301536 2017-03-23 [User ID not found]
sig 1 P 2 AA14E96200F5E006 2017-09-14 [User ID not found]Offline
#4 2018-02-08 15:08:31
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 11,560
Re: [SOLVED] signature from "XXX" is unknown trust even after reseting key
So none of the Arch master keys got signed by the local master key for some reason. Try it manually or just use `pacman-key --populate archlinux`
Last edited by Scimmia (2018-02-08 15:13:24)
Online
#5 2018-02-08 15:29:29
- Kaeltis
- Member
- Registered: 2016-07-05
- Posts: 3
Re: [SOLVED] signature from "XXX" is unknown trust even after reseting key
Seems something is off there:
[root@arch ~]# pacman-key --populate archlinux
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signing key DDB867B92AA789C165EEFA799B729B06A680C281...
==> ERROR: DDB867B92AA789C165EEFA799B729B06A680C281 could not be locally signed.
-> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
==> ERROR: 684148BB25B49E986A4944C55184252D824B18E8 could not be locally signed.
-> Locally signing key 91FFE0700E80619CEB73235CA88E23E377514E00...
==> ERROR: 91FFE0700E80619CEB73235CA88E23E377514E00 could not be locally signed.
-> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
==> ERROR: AB19265E5D7D20687D303246BA1DFB64FFF979E7 could not be locally signed.
-> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
==> ERROR: 0E8B644079F599DFC1DDC3973348882F6AC6A4C2 could not be locally signed.[root@arch ~]# pacman-key --lsign-key DDB867B92AA789C165EEFA799B729B06A680C281
-> Locally signing key DDB867B92AA789C165EEFA799B729B06A680C281...
==> ERROR: DDB867B92AA789C165EEFA799B729B06A680C281 could not be locally signed.Trying directly with gpg (according to https://wiki.archlinux.org/index.php/Pa … _with_gpg)
[root@arch ~]# gpg --homedir /etc/pacman.d/gnupg --lsign-key DDB867B92AA789C165EEFA799B729B06A680C281
gpg: WARNING: unsafe permissions on homedir '/etc/pacman.d/gnupg'
pub rsa4096/9B729B06A680C281
created: 2017-05-15 expires: never usage: SC
trust: unknown validity: unknown
sub rsa4096/67BFC124BD9FAD4C
created: 2017-05-15 expires: never usage: E
[ unknown] (1). Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
gpg: no default secret key: No public key
Key not changed so no update needed.
EDIT:
well, I've found it - it was my yubikeys fault: https://wiki.archlinux.org/index.php/Gn … public_key
Thanks for pointing me in the right direction!
Last edited by Kaeltis (2018-02-08 15:45:39)
Offline