You are not logged in.

Pages: 1

#1 2020-04-07 23:44:53

shakhmatov
Member
Registered: 2020-04-07
Posts: 3

Invalid or corrupted package (PGP signature)

During system update I've obtained such error message:

error: spice: signature from "Anatol Pomozov <anatol.pomozov@gmail.com>" is marginal trust
:: File /var/cache/pacman/pkg/spice-0.14.2-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).

These commands didn't solve the issue:

# pacman-key --refresh-keys
# find /var/cache/pacman/pkg/ -iname "*.part" -delete

How can I fix this issue?

Offline

#2 2020-04-08 00:28:59

mpan
Member
Registered: 2012-08-01
Posts: 1,597
Website

Re: Invalid or corrupted package (PGP signature)

Sanity check: is this certainly happening on Arch Linux and not some “Arch-based distro”?

pacman-key --list-sigs 8E1992167465DB5FB045557CB02854ED753E0F1F

The output should list signatures that match at least that list.

If the above is true:

pacman-key --list-keys 3348882F6AC6A4C2 BA1DFB64FFF979E7 D6D055F927843F1C

That should list three master keys and each of them should be fully trusted. Is that the case?

The dirty approach is to backup⁽¹⁾ and remove “/etc/pacman.d/gnupg” and then running manually:

pacman-key --init
pacman-key --populate archlinux

Ensure you have the latest archlinux-keyring (20200108-1 as of 2020-04-08 UTC).
____
⁽¹⁾ In case something goes wrong during that operation you should have a copy of the old keyring: better to have issue with one package than all of them.

Paperclips in avatars? | Sometimes I seem a bit harsh — don’t get offended too easily!

Offline

#3 2020-04-08 11:34:20

shakhmatov
Member
Registered: 2020-04-07
Posts: 3

Re: Invalid or corrupted package (PGP signature)

mpan wrote:

Sanity check: is this certainly happening on Arch Linux and not some “Arch-based distro”?

pacman-key --list-sigs 8E1992167465DB5FB045557CB02854ED753E0F1F

The output should list signatures that match at least that list.

If the above is true:

pacman-key --list-keys 3348882F6AC6A4C2 BA1DFB64FFF979E7 D6D055F927843F1C

That should list three master keys and each of them should be fully trusted. Is that the case?

The dirty approach is to backup⁽¹⁾ and remove “/etc/pacman.d/gnupg” and then running manually:

pacman-key --init
pacman-key --populate archlinux

Ensure you have the latest archlinux-keyring (20200108-1 as of 2020-04-08 UTC).
____
⁽¹⁾ In case something goes wrong during that operation you should have a copy of the old keyring: better to have issue with one package than all of them.

Hello,

The described behaviour is happend on Arch Linux.

pacman-key --list-sigs 8E1992167465DB5FB045557CB02854ED753E0F1F

printed:

pub   rsa4096 2014-02-04 [SC] [   годен до: 2023-09-30]
      8E1992167465DB5FB045557CB02854ED753E0F1F
uid         [ ограничено ] Anatol Pomozov <anatol.pomozov@gmail.com>
sig          3348882F6AC6A4C2 2014-02-19  Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sig          5184252D824B18E8 2014-02-19  Thomas Bächler (Arch Linux Master Key) <thomas@master-key.archlinux.org>
sig          BA1DFB64FFF979E7 2014-02-20  Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig 3        B02854ED753E0F1F 2014-02-04  Anatol Pomozov <anatol.pomozov@gmail.com>
sig 3        B02854ED753E0F1F 2014-09-08  Anatol Pomozov <anatol.pomozov@gmail.com>
sig          7EFD567D4C7EA887 2015-02-07  Ionut Biru (Arch Linux Master Key) <ionut@master-key.archlinux.org>
sig          A04F9397CDFD6BB0 2015-02-09  Dan McGee (Arch Linux Master Key) <dan@master-key.archlinux.org>
sig 3        B02854ED753E0F1F 2017-04-02  Anatol Pomozov <anatol.pomozov@gmail.com>
sig          872E6714EAF5EC44 2014-04-09  [User ID is not found]
sig          D6D055F927843F1C 2019-01-17  [User ID is not found]
sig 3        B02854ED753E0F1F 2018-01-08  Anatol Pomozov <anatol.pomozov@gmail.com>
sig 3        B02854ED753E0F1F 2019-10-01  Anatol Pomozov <anatol.pomozov@gmail.com>
sub   rsa4096 2014-02-04 [E] [   годен до: 2023-09-30]
sig          B02854ED753E0F1F 2014-02-04  Anatol Pomozov <anatol.pomozov@gmail.com>
sig          B02854ED753E0F1F 2014-09-08  Anatol Pomozov <anatol.pomozov@gmail.com>
sig          B02854ED753E0F1F 2017-04-02  Anatol Pomozov <anatol.pomozov@gmail.com>
sig          B02854ED753E0F1F 2019-10-01  Anatol Pomozov <anatol.pomozov@gmail.com>

And some output signatures didn't match the provided list (for example, Ionut Biru entry).

pacman-key --list-keys 3348882F6AC6A4C2 BA1DFB64FFF979E7 D6D055F927843F1C

returned only two keys:

pub   rsa4096 2011-11-29 [SC]
      AB19265E5D7D20687D303246BA1DFB64FFF979E7
uid         [   полное   ] Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>

pub   rsa3072 2011-11-18 [SC]
      0E8B644079F599DFC1DDC3973348882F6AC6A4C2
uid         [   полное   ] Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sub   rsa1024 2011-11-18 [E]
sub   rsa3072 2011-11-18 [A]

Can I try the dirty approach in this case for fixing?

Offline

#4 2020-04-08 12:42:07

Lone_Wolf
Administrator
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 15,057

Re: Invalid or corrupted package (PGP signature)

let's check how out-of-date your system is first.

post 

$ pacman -Qi pacman
$ pacman -Qi archlinux-keyring

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

clean chroot building not flexible enough ?
Try clean chroot manager by graysky

Offline

#5 2020-04-08 16:34:31

shakhmatov
Member
Registered: 2020-04-07
Posts: 3

Re: Invalid or corrupted package (PGP signature)

Lone_Wolf wrote:

let's check how out-of-date your system is first.

post 

$ pacman -Qi pacman
$ pacman -Qi archlinux-keyring

Hello,

The output was:

$ pacman -Qi pacman
Version: 5.0.2-2
...
Build date: 04 Jul 2017 12:29:50
Installation date: 15 Aug 2017 22:02:11

and

$ pacman -Qi archlinux-keyring
Version: 20171213-1
...
Build date: 13 Dec 2017 22:03:08
Installation date: 16 Dec 2017 14:45:38

Also I've failed to update archlinux-keyring previously because of error with message 'unrecognized archive format .zst' and actually I don't know how to fix this.

Offline

#6 2020-04-08 17:15:29

Slithery
Administrator
From: Norfolk, UK
Registered: 2013-12-01
Posts: 5,776

Re: Invalid or corrupted package (PGP signature)

And this is what happens when you don't update your system for 2+ years.

I suggest you find out the date of your last update from the pacman log and then use the ALA to step forward a couple of months at a time.

No, it didn't "fix" anything. It just shifted the brokeness one space to the right. - jasonwryan
Closing -- for deletion; Banning -- for muppetry. - jasonwryan

aur - dotfiles

Offline

#7 2020-04-08 17:33:56

mpan
Member
Registered: 2012-08-01
Posts: 1,597
Website

Re: Invalid or corrupted package (PGP signature)

shakhmatov
Since the core issue has been detected — and that is hiding important information regarding the problem from people on the forum — one more comment: while posting to international fora, consider using C locale by setting the LANG environment variable to C. E.g. like that:

LANG=C pacman-key --list-sigs 8E1992167465DB5FB045557CB02854ED753E0F1F

Localized oututs in the best case require translating words, in the worst one are unintelligible and will simply make people not willing to answer. Thanks.

Paperclips in avatars? | Sometimes I seem a bit harsh — don’t get offended too easily!

Offline

Pages: 1

Board footer

Powered by FluxBB