You are not logged in.

#1 2023-01-04 20:16:02

apm
Member
Registered: 2022-11-20
Posts: 3

Has archlinux GPG key changed?

Hi all,

I am preparing for a new installation and I found out that the PGP fingerprint for a new installation medium has changed. Previously the PGP was 0x9741E8AC, but in 2023.01.01 it changed to 0x54449A5C.

Since I can't find any information on the planned key rotation I wanted to verify if that is correct. Can anybody confirm that the keys were to be changed this year?

Offline

#2 2023-01-04 22:10:09

oz
Member
Registered: 2004-05-20
Posts: 99

Re: Has archlinux GPG key changed?

Something wacky has been going on since the December 2022 release. When running pacman -S whatever when booted in the install ISO, about 90% of the time it fails with "keyring not writable", corrupted package, invalid signature, or wants to import keys that don't work. If I get the right mirror(?) or something eventually the install will sometimes, if I'm lucky, work. I can't find anyone talking about it. It seems quite broken.

Last edited by oz (2023-01-04 22:14:30)

Offline

#3 2023-01-04 22:56:52

Scimmia
Fellow
Registered: 2012-09-01
Posts: 10,046

Re: Has archlinux GPG key changed?

Pierre did switch to a new key. You can see that key on the keys page. https://archlinux.org/master-keys/

What oz is talking about is completely different, nothing to do with the topic of this thread.

Offline

#4 2023-01-05 07:07:59

apm
Member
Registered: 2022-11-20
Posts: 3

Re: Has archlinux GPG key changed?

Right, this seems correct. Thank you for the information, I guess that the chances that the website was compromised and the iso checksums are wrong are also small?

The reason I am asking is that when I was checking the checksum of the iso (sha256 61dbae312cf677be38a93f424c91abadd8a8ed1f3a602b697aac4c57a7872645) I was 100% certain that this is the same checksum that I saw a few months ago. Now searching brings up the results just for the current iso release, and searching back on https://archlinux.org/releng/releases/ I can't confirm that the checksum was anywhere similar to this.

Offline

Board footer

Powered by FluxBB