New openssl package downlaod is corrupt?

Scimmia · 2022-12-24 01:49:36

I would file it in the releng project, it's not really a pacstrap issue.

amrtykl · 2022-12-24 05:16:02

Going further:

• "pacstrap" is a bash script that has pacman as a "backend".

• [pacstrap -K /mnt PKGs] is the same as [pacman -Sy] (from the code in the repository)
>> We are starting a clean keyring that will only be used in chroot or by booting directly into the installed system.

• pacman (from the live environment) will never use the keyring installed in /mnt.
>> The problem with invalid keys is because the ISO keyring is old and contains expired keys.

-----------
I think to solve this permanently, may:

A) Pacman could now read new keys from /mnt when installing new packages to where pacstrap points.

B) A systemd service to update the 'archlinux-keyring' of the live environment once a stable internet connection is established.

C) Force pacstrap to update the live environment keyring and start a new one where specified = /mnt

D) Point in the Wiki, in the installation guide to update the keyring before using pacstrap.
-----------

I particularly think "BCD" is good and easy, and "A" is kind of weird. These are just suggestions/possibilities, I imagine there is a better or more appropriate way to do it but I don't have enough knowledge to do it.

I apologize for the terrible text formatting, was written on Mobile device.

I'm testing suggestion (B) but it's too much pac-things for me, so I'm sharing all info which I have here and I hope it can be useful so this doesn't happen again in the future.

Mara

Scimmia · 2022-12-24 13:12:26

for A), there's potentially nothing in the target dir, so there's no keys to read.
for C), pacstrap can be ran from anywhere, I haven't even used the ISO in many years. You want pacstrap to do a partial update on your system when you are using it to create a new root on USB? Hell no.

amrtykl · 2022-12-24 14:14:02

Scimmia wrote:

You want pacstrap to do a partial update on your system when you are using it to create a new root on USB? Hell no.

My intention is to just have the latest keys during the install.
Per #3.1 at pacman/Package signing It is not considered a partial upgrade | And as you pointed out earlier

Scimmia wrote:

This is one of the few times you can use -Sy without following it with -Su or -Syu.

I still think there's certainly a better way to do this without resorting to upgrading just one package. I don't see where the operation of updating only the keyring in the live environment could cause problems. I'm currently testing (B).
Perhaps the way I suggested it (A,C) does cause problems

Anyway, once next month's ISO is released the problem is temporarily fixed > until a GPG key expires again and someone "pacman -Sy archlinux-keyring" to fix it. So keeping it up to date always fixes it permanently.

Scimmia wrote:

I would file it in the releng project, it's not really a pacstrap issue.

There really are no bugs in pacman/pacstrap, just changing the behavior of the ISO would do the trick.

Mara

Scimmia · 2022-12-24 14:16:55

You're stuck on the assumption that pacstrap only exists and is only used on the ISO. That's not a good assumption at all.

withgoody7 · 2022-12-24 21:37:03

withgoody7 wrote:

Hello.... I encountered same issue this morning while I was installing fresh install
pacstrap /mnt .........
I don't know how to run pacman command this stage
I found the easiest way.... to do..

.....

i found another way to do. just in this morning

root@archiso ~ # pacman -Sy archlinux-keyring

root@archiso ~ # pacman-key --init

return #
root@archiso ~ # pacman-key --populate
root@archiso ~ # pacman -Sy archlinux-keyring

hope all things go well each time we encounter keyring error
have a nice day to all

Trilby · 2022-12-24 21:55:16

There's nothing easy about that. The proper work-around is in the wiki and was linked to in the second post of this thread and confirmed as working in the 6th post. How this solved (though not so-marked) thread has been allowed to ramble on to 31 posts is beyond me.

If there is any remaining question it is whether / how the installation guide or iso should be patched to avoid related issues in the future. This forum, however, is not really the right venue for either of these questions. Discussion of installation guide edits should be done on the wiki talk page (I think). Feature requests for the installation iso should go to the bug tracker.

Last edited by Trilby (2022-12-24 21:57:37)

withgoody7 · 2023-01-06 00:32:07

withgoody7 wrote:

withgoody7 wrote:
Hello.... I encountered same issue this morning while I was installing fresh install
pacstrap /mnt .........
I don't know how to run pacman command this stage
I found the easiest way.... to do..
.....
i found another way to do. just in this morning

root@archiso ~ # pacman -Sy archlinux-keyring
root@archiso ~ # pacman-key --init
return #
root@archiso ~ # pacman-key --populate
root@archiso ~ # pacman -Sy archlinux-keyring

hope all things go well each time we encounter keyring error
have a nice day to all

prior above all initializing, i found that we need to do below...

root@archiso ~# rm -rf /etc/pacman.d/gnupg/*.*

root@archiso ~# killall gpg-agent

have a nice day to all

Last edited by withgoody7 (2023-01-06 00:32:40)

ewaller · 2023-01-06 00:41:21

This thread was actually solved, but ZetaRevan did not mark it so. I am going to close this thread now.
ZetaRevan, if you would like the thread reopened, contact a moderator using the report link on the thread and we will be happy to assist.

Arch Linux

#26 2022-12-24 01:49:36

Re: New openssl package downlaod is corrupt?

#27 2022-12-24 05:16:02

Re: New openssl package downlaod is corrupt?

#28 2022-12-24 13:12:26

Re: New openssl package downlaod is corrupt?

#29 2022-12-24 14:14:02

Re: New openssl package downlaod is corrupt?

#30 2022-12-24 14:16:55

Re: New openssl package downlaod is corrupt?

#31 2022-12-24 21:37:03

Re: New openssl package downlaod is corrupt?

#32 2022-12-24 21:55:16

Re: New openssl package downlaod is corrupt?

#33 2023-01-06 00:32:07

Re: New openssl package downlaod is corrupt?

#34 2023-01-06 00:41:21

Re: New openssl package downlaod is corrupt?

Board footer