You are not logged in.
I would file it in the releng project, it's not really a pacstrap issue.
Offline
Going further:
• "pacstrap" is a bash script that has pacman as a "backend".
• [pacstrap -K /mnt PKGs] is the same as [pacman -Sy] (from the code in the repository)
>> We are starting a clean keyring that will only be used in chroot or by booting directly into the installed system.
• pacman (from the live environment) will never use the keyring installed in /mnt.
>> The problem with invalid keys is because the ISO keyring is old and contains expired keys.
-----------
I think to solve this permanently, may:
A) Pacman could now read new keys from /mnt when installing new packages to where pacstrap points.
B) A systemd service to update the 'archlinux-keyring' of the live environment once a stable internet connection is established.
C) Force pacstrap to update the live environment keyring and start a new one where specified = /mnt
D) Point in the Wiki, in the installation guide to update the keyring before using pacstrap.
-----------
I particularly think "BCD" is good and easy, and "A" is kind of weird. These are just suggestions/possibilities, I imagine there is a better or more appropriate way to do it but I don't have enough knowledge to do it.
I apologize for the terrible text formatting, was written on Mobile device.
I'm testing suggestion (B) but it's too much pac-things for me, so I'm sharing all info which I have here and I hope it can be useful so this doesn't happen again in the future.
Mara
Offline
for A), there's potentially nothing in the target dir, so there's no keys to read.
for C), pacstrap can be ran from anywhere, I haven't even used the ISO in many years. You want pacstrap to do a partial update on your system when you are using it to create a new root on USB? Hell no.
Offline
You want pacstrap to do a partial update on your system when you are using it to create a new root on USB? Hell no.
My intention is to just have the latest keys during the install.
Per #3.1 at pacman/Package signing It is not considered a partial upgrade | And as you pointed out earlier
This is one of the few times you can use -Sy without following it with -Su or -Syu.
I still think there's certainly a better way to do this without resorting to upgrading just one package. I don't see where the operation of updating only the keyring in the live environment could cause problems. I'm currently testing (B).
Perhaps the way I suggested it (A,C) does cause problems
Anyway, once next month's ISO is released the problem is temporarily fixed > until a GPG key expires again and someone "pacman -Sy archlinux-keyring" to fix it. So keeping it up to date always fixes it permanently.
I would file it in the releng project, it's not really a pacstrap issue.
There really are no bugs in pacman/pacstrap, just changing the behavior of the ISO would do the trick.
Mara
Offline
You're stuck on the assumption that pacstrap only exists and is only used on the ISO. That's not a good assumption at all.
Offline
Hello.... I encountered same issue this morning while I was installing fresh install
pacstrap /mnt .........
I don't know how to run pacman command this stage
I found the easiest way.... to do..
.....
i found another way to do. just in this morning
root@archiso ~ # pacman -Sy archlinux-keyring
root@archiso ~ # pacman-key --init
return #
root@archiso ~ # pacman-key --populate
root@archiso ~ # pacman -Sy archlinux-keyring
hope all things go well each time we encounter keyring error
have a nice day to all
Offline
There's nothing easy about that. The proper work-around is in the wiki and was linked to in the second post of this thread and confirmed as working in the 6th post. How this solved (though not so-marked) thread has been allowed to ramble on to 31 posts is beyond me.
If there is any remaining question it is whether / how the installation guide or iso should be patched to avoid related issues in the future. This forum, however, is not really the right venue for either of these questions. Discussion of installation guide edits should be done on the wiki talk page (I think). Feature requests for the installation iso should go to the bug tracker.
Last edited by Trilby (2022-12-24 21:57:37)
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
withgoody7 wrote:Hello.... I encountered same issue this morning while I was installing fresh install
pacstrap /mnt .........
I don't know how to run pacman command this stage
I found the easiest way.... to do..
.....
i found another way to do. just in this morning
root@archiso ~ # pacman -Sy archlinux-keyring
root@archiso ~ # pacman-key --init
return #
root@archiso ~ # pacman-key --populate
root@archiso ~ # pacman -Sy archlinux-keyring
hope all things go well each time we encounter keyring error
have a nice day to all
prior above all initializing, i found that we need to do below...
root@archiso ~# rm -rf /etc/pacman.d/gnupg/*.*
root@archiso ~# killall gpg-agent
have a nice day to all
Last edited by withgoody7 (2023-01-06 00:32:40)
Offline
This thread was actually solved, but ZetaRevan did not mark it so. I am going to close this thread now.
ZetaRevan, if you would like the thread reopened, contact a moderator using the report link on the thread and we will be happy to assist.
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline