You are not logged in.

#1 2020-11-01 22:24:19

MountainX
Member
Registered: 2016-02-08
Posts: 262

[SOLVED] private repo - signature is invalid

I normally add packages to my repo like this:

# cd /"$pkgsroot"/"$reponame"/"$package"/
# aur build --chroot --sign --database="$reponame" --directory=/$chrootpath

The signatures on the packages and the repo database are valid. I have not had any errors.

Today is the first day I had to remove a package. I did it like this:

# repo-remove /"$reporoot/$reponame/$reponame.db.tar.gz" "$oldpkg"
# rm /"$reporoot/$reponame/$oldpkg"-r10*

However, after doing that I started getting these errors:

error: myaur: signature from "MountainX" is invalid
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
 myaur                                                                                                                       25.6 KiB  0.00   B/s 00:00 [#############################################################################################] 100%
 myaur.sig                                                                                                                  438.0   B  0.00   B/s 00:00 [#############################################################################################] 100%
error: myaur: signature from "MountainX" is invalid
error: failed to update myaur (invalid or corrupted database (PGP signature))
error: failed to synchronize all databases
myaur: signature from "MountainX" is invalid
downloading myaur.db (26216/26216) 100%
downloading myaur.db.sig (438/438) 100%
myaur: signature from "MountainX" is invalid
error: could not sync db 'myaur' (invalid or corrupted database (PGP signature))
error: myaur: signature from "MountainX" is invalid
error: database 'myaur' is not valid (invalid or corrupted database (PGP signature))

I'd like to know why. Did I remove the package incorrectly? Also, is there a fix or do I need to delete the repo database and recreate it with repo-add?

EDIT: Oh, I see that I removed a package and did not re-sign the db. What is the correct process?

Last edited by MountainX (2020-11-01 22:33:26)

Offline

#2 2020-11-01 22:27:59

progandy
Member
Registered: 2012-05-17
Posts: 3,930

Re: [SOLVED] private repo - signature is invalid

Since you signed the database, you'll have to also sign it when removing a package.

Just do an empty repo-add with the signature to fix it I think.

Last edited by progandy (2020-11-01 22:31:18)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#3 2020-11-01 22:29:58

eschwartz
Trusted User/Bug Wrangler
Registered: 2014-08-08
Posts: 3,768

Re: [SOLVED] private repo - signature is invalid

"aur build --sign --database=..." invokes "repo-add --sign" for you. So "repo-remove" must also use the --sign option.


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#4 2020-11-01 22:33:04

MountainX
Member
Registered: 2016-02-08
Posts: 262

Re: [SOLVED] private repo - signature is invalid

eschwartz wrote:

"aur build --sign --database=..." invokes "repo-add --sign" for you. So "repo-remove" must also use the --sign option.

Thank you. I should have realized that, but I didn't think about it when I removed the package. Issue solved.

Offline

Board footer

Powered by FluxBB