Arch Linux

hwallace

Member

Registered: 2021-08-30

Posts: 110

[SOLVED]how to import/update gpg keys when gpg recv-keys doesn't work

For an old VBox VM I'm firing up for the first time in months and months, updates are blocked by an expired key.  After many failed attempts using different key servers and mirrors, I found the key I'm looking for here :

https://keyserver.ubuntu.com/pks/lookup … n&op=index

What to do with this info? I have the best results with the gpg --recv-keys below, but as you can see it's not working.

# gpg --recv-keys --keyserver hkps://keyserver.ubuntu.com 8053EB88879A68CB4873D32B011FDC52DA839335
gpg: key 12C87A28FEAC6B20: public key "Maxim Baz <pgp@maximbaz.com>" imported
gpg: Total number processed: 1
gpg: imported: 1

That looks like exactly what I want to do but:

# pacman -Syy
error: maximbaz: key "8053EB88879A68CB4873D32B011FDC52DA839335" is unknown
:: Import PGP key 8053EB88879A68CB4873D32B011FDC52DA839335? [Y/n] Y
error: key "8053EB88879A68CB4873D32B011FDC52DA839335" could not be looked up remotely

I downloaded a key to 'lookup.txt' and then

# pacman-key --add lookup.txt
==> Updating trust database...
gpg: no need for a trustdb check

But this has no effect.

Last edited by hwallace (2021-10-30 13:32:42)

loqs

Member

Registered: 2014-03-06

Posts: 18,462

Re: [SOLVED]how to import/update gpg keys when gpg recv-keys doesn't work

# gpg --recv-keys --keyserver hkps://keyserver.ubuntu.com 8053EB88879A68CB4873D32B011FDC52DA839335

Imports the key into root's keyring not pacman's.

Is the archlinux-keyring package up to date?  Does the following update the key?

# pacman-key --refresh-keys

Ammako

Member

Registered: 2021-07-16

Posts: 267

Re: [SOLVED]how to import/update gpg keys when gpg recv-keys doesn't work

pacman doesn't use your user keys, it uses keys from its own keyring.

Chances are your mirror is broken, or you might need to upgrade pacman-keyring somehow.

hwallace

Member

Registered: 2021-08-30

Posts: 110

Re: [SOLVED]how to import/update gpg keys when gpg recv-keys doesn't work

# gpg --recv-keys --keyserver hkps://keyserver.ubuntu.com 8053EB88879A68CB4873D32B011FDC52DA839335

Imports the key into root's keyring not pacman's.

Is the archlinux-keyring package up to date?  Does the following update the key?

# pacman-key --refresh-keys

#  pacman-key --refresh-keys
gpg: key 12C87A28FEAC6B20: public key "Maxim Baz <pgp@maximbaz.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   rsa4096 2017-09-09 [SC]
      EB4F9E5A60D32232BB52150C12C87A28FEAC6B20
uid           [ unknown] Maxim Baz <pgp@maximbaz.com>
sub   rsa4096 2017-09-09 [E]
sub   rsa4096 2017-09-09 [S]
sub   rsa4096 2017-09-09 [A]

#pacman -Syy
error: maximbaz: signature from "Maxim Baz <pgp@maximbaz.com>" is unknown trust
:: Synchronizing package databases...
 maximbaz              110.0 KiB  99.1 KiB/s 00:01 [######################] 100%
 core                  138.8 KiB   204 KiB/s 00:01 [######################] 100%
 extra                1572.2 KiB  1289 KiB/s 00:01 [######################] 100%
 community               5.8 MiB  2.67 MiB/s 00:02 [######################] 100%
error: maximbaz: signature from "Maxim Baz <pgp@maximbaz.com>" is unknown trust
error: failed to synchronize all databases (unexpected error)

hwallace

Member

Registered: 2021-08-30

Posts: 110

Re: [SOLVED]how to import/update gpg keys when gpg recv-keys doesn't work

pacman doesn't use your user keys, it uses keys from its own keyring.

Chances are your mirror is broken, or you might need to upgrade pacman-keyring somehow.

I copied the mirrorlist from a working system but that had no effect.

And of course

# pacman -S arch-keyring
error: maximbaz: signature from "Maxim Baz <pgp@maximbaz.com>" is unknown trust
error: database 'maximbaz' is not valid (invalid or corrupted database (PGP signature))

Last edited by hwallace (2021-10-30 02:49:35)

loqs

Member

Registered: 2014-03-06

Posts: 18,462

Re: [SOLVED]how to import/update gpg keys when gpg recv-keys doesn't work

pacman -S arch-keyring
error: target not found: arch-keyring

You have a package named arch-keyring signed by Maxim Baz <pgp@maximbaz.com> ?

What is the output of

# gpg --homedir=/etc/pacman.d/gnupg ---auto-key-locate clear,wkd -v --locate-external-key '<pgp@maximbaz.com>'

cloverskull

Member

Registered: 2018-09-30

Posts: 234

Re: [SOLVED]how to import/update gpg keys when gpg recv-keys doesn't work

I had this issue when using systemd-resolved and leaving my resolv.conf empty. Likely not the same issue you’re dealing with here but posting just in case someone else stumbles across this.

hwallace

Member

Registered: 2021-08-30

Posts: 110

Re: [SOLVED]how to import/update gpg keys when gpg recv-keys doesn't work

pacman -S arch-keyring
error: target not found: arch-keyring

You have a package named arch-keyring signed by Maxim Baz <pgp@maximbaz.com> ?

Interesting. No. I don't think so. Maxim Baz is something else

:: Synchronizing package databases...
 maximbaz              110.0 KiB  84.0 KiB/s 00:01 [######################] 100%

What is the output of

# gpg --homedir=/etc/pacman.d/gnupg ---auto-key-locate clear,wkd -v --locate-external-key '<pgp@maximbaz.com>'

Out of desperation I disabled checking in the pacman.conf.
That's got me to another problem, but here:

gpg --homedir=/etc/pacman.d/gnupg --auto-key-locate clear,wkd -v --locate-external-key '<pgp@maximbaz.com>'
gpg: WARNING: unsafe ownership on homedir '/etc/pacman.d/gnupg'
gpg: Note: trustdb not writable
gpg: using pgp trust model
gpg: no running Dirmngr - starting '/usr/bin/dirmngr'
gpg: waiting for the dirmngr to come up ... (5s)
gpg: waiting for the dirmngr to come up ... (4s)
gpg: waiting for the dirmngr to come up ... (3s)
gpg: waiting for the dirmngr to come up ... (2s)
gpg: waiting for the dirmngr to come up ... (1s)
gpg: connecting dirmngr at '/run/user/1000/gnupg/d.334bwnth1rdtw8g6yq3rxprb/S.dirmngr' failed: IPC connect call failed
gpg: error retrieving '<pgp@maximbaz.com>' via WKD: No dirmngr
gpg: error reading key: No dirmngr

loqs

Member

Registered: 2014-03-06

Posts: 18,462

Re: [SOLVED]how to import/update gpg keys when gpg recv-keys doesn't work

:: Synchronizing package databases...
 maximbaz              110.0 KiB  84.0 KiB/s 00:01 [######################] 100%

You have added maximbaz's unofficial repository to pacman.conf?

gpg: connecting dirmngr at '/run/user/1000/gnupg/d.334bwnth1rdtw8g6yq3rxprb/S.dirmngr' failed: IPC connect call failed

dirmngr crashed on startup most likely due to a bad configuration.

What is the contents of the following if they exist:

/etc/pacman.d/gnupg/dirmngr.conf
/etc/pacman.d/gnupg/gpg.conf
/root/.gnupg/dirmngr.conf
/root/.gnupg/gpg.conf
~/.gnupg/dirmngr.conf
~/.gnupg/gpg.conf

Last edited by loqs (2021-10-30 13:01:09)

hwallace

Member

Registered: 2021-08-30

Posts: 110

Re: [SOLVED]how to import/update gpg keys when gpg recv-keys doesn't work

You have added maximbaz's unofficial repository to pacman.conf?

Not intentionally. Or at least I don't remember doing it. Why would I do that? Is there a good reason.

It's an old VM from when I first started using Arch.

And I just now started wondering why I'm trying to rescue it. In the time I've spent I could have created a new VM and set it up to what I'm trying to recover. Sunk costs.

I'm going to mark this one solved.

Thanks for the help.

Last edited by hwallace (2021-10-30 13:32:15)

flyingscorpio

Member

Registered: 2020-06-04

Posts: 34

Re: [SOLVED]how to import/update gpg keys when gpg recv-keys doesn't work

I'm going to mark this one solved.

But it's not solved. Won't help anyone finding this thread.

Last edited by flyingscorpio (2021-10-31 07:34:01)

V1del

Forum Moderator

Registered: 2012-10-16

Posts: 24,459

Re: [SOLVED]how to import/update gpg keys when gpg recv-keys doesn't work

Then make your own thread if you still have issues. If the OP decides the thread is solved by doing a reinstall then it is solved from their point of view. If you want to roll this back up on your own system then post the information from your own system.

seth

Member

Registered: 2012-09-03

Posts: 64,425

Re: [SOLVED]how to import/update gpg keys when gpg recv-keys doesn't work

I'm not under the impression he's the same issue…

@flyingscorpio
The OP has added a private repo and issue w/ their keyring - the thread points that out as well as importing keys to your private GPG chain won't help pacman as well as "arch-keyring" isn't "archlinux-keyring" (the latter now explicitly)
This still holds enough hints for an informed reader who might encounter similar-ish issues, even though there's no spoon-fed solution.

Fwwi, if you've not updated in a while and keyring/signature issues, first try "pacman -Sy archlinux-keyring", then re-attempt "pacman -Syu" - you're welcome, reader of our past future.

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc