You are not logged in.

#1 2023-12-07 15:47:49

DrLucky
Member
Registered: 2021-09-21
Posts: 23

Unable to update arch system due to signature issues [SOLVED]

edit:
SOLVED
the issue seemed to be with the archzfs repository I have added to my pacman.conf.
Removing, updating and re-adding the repository and signatures resolved the issue.
Further detail at the end of my final post below

_________________________________________________________________________________________

When I try to update my system it fails:

error: aom: signature from "Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/aom-3.8.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: npm: signature from "Daniel M. Capella <polyzen@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/npm-10.2.5-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: ostree: signature from "David Runge <dvzrv@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/ostree-2023.8-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: postgresql-libs: signature from "Evangelos Foutras <evangelos@foutrelis.com>" is unknown trust
:: File /var/cache/pacman/pkg/postgresql-libs-16.1-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: python-setuptools: signature from "Felix Yan <felixonmars@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/python-setuptools-1:68.2.2-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: scrcpy: signature from "Alexander F. Rødseth <xyproto@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/scrcpy-2.3.1-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: signal-desktop: signature from "kpcyrd <git@rxv.cc>" is unknown trust
:: File /var/cache/pacman/pkg/signal-desktop-6.41.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

I have tried reinstalling the archlinux-keyring, which fails like above.
I have tried installing gnupg manually by downloading from here and installing locally and then restarting with

gpgconf --kill all

and I have tried refreshing the keys with

sudo pacman-key --refresh-keys

At one point, I got an error saying

 gpg: WARNING: server 'gpg-agent' is older than us (2.2.41 < 2.4.3) 

which is likely a factor, but I do not know how to resolve that.


Any help would be greatly appreciated.

Last edited by DrLucky (2023-12-07 16:47:05)

Offline

#2 2023-12-07 16:07:45

nl6720
The Evil Wiki Admin
Registered: 2016-07-02
Posts: 671

Re: Unable to update arch system due to signature issues [SOLVED]

Offline

#3 2023-12-07 16:17:13

DrLucky
Member
Registered: 2021-09-21
Posts: 23

Re: Unable to update arch system due to signature issues [SOLVED]

Yes, I get a similar 'invalid or corrupted package PGP signature' error:

 
❯ sudo pacman -Sy archlinux-keyring && sudo pacman -Su
:: Synchronizing package databases...
 core                                           129.4 KiB   286 KiB/s 00:00 [------------------------------------------] 100%
 extra                                            8.2 MiB  10.5 MiB/s 00:01 [------------------------------------------] 100%
 community is up to date
 archzfs is up to date
warning: archlinux-keyring-20231130-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Package (1)             Old Version  New Version  Net Change  Download Size

core/archlinux-keyring  20231130-1   20231130-1     0.00 MiB       1.15 MiB

Total Download Size:   1.15 MiB
Total Installed Size:  1.64 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
 archlinux-keyring-20231130-1-any              1178.0 KiB  2010 KiB/s 00:01 [------------------------------------------] 100%
(1/1) checking keys in keyring                                              [------------------------------------------] 100%
(1/1) checking package integrity                                            [------------------------------------------] 100%
error: archlinux-keyring: signature from "Christian Hesse <eworm@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20231130-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

And following section 4.1 seems sucessful until I try a pacman -Syu at the end of the process:

❯ sudo hwclock -w
❯ sudo pacman -Scc

Cache directory: /var/cache/pacman/pkg/
:: Do you want to remove ALL files from cache? [y/N] y
removing all files from cache...

Database directory: /var/lib/pacman/
:: Do you want to remove unused repositories? [Y/n] y
removing unused sync repositories...
❯ sudo rm -r /etc/pacman.d/gnupg
❯ sudo pacman-key --init
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/F079FE5AFF84CB8A6117A68EE36CD6E17C7E6E52.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
❯ sudo pacman-key --populate
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signed 6 keys.
==> Importing owner trust values...
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: inserting ownertrust of 4
gpg: setting ownertrust to 4
==> Disabling revoked keys in keyring...
  -> Disabled 41 keys.
==> Updating trust database...
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
gpg: (use option "--allow-weak-key-signatures" to override)
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   6  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   6  signed:  97  trust: 0-, 0q, 0n, 6m, 0f, 0u
gpg: depth: 2  valid:  75  signed:  21  trust: 75-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2023-12-31
❯ sudo pacman -Syu
error: archzfs: key "DDF7DB817396A49B2A2723F7403BD972F75D9D76" is unknown
:: Import PGP key DDF7DB817396A49B2A2723F7403BD972F75D9D76? [Y/n] y
error: archzfs: signature from "ArchZFS Bot <buildbot@archzfs.com>" is unknown trust
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
 archzfs                                         14.9 KiB  21.9 KiB/s 00:01 [------------------------------------------] 100%
error: archzfs: signature from "ArchZFS Bot <buildbot@archzfs.com>" is unknown trust
error: failed to synchronize all databases (invalid or corrupted database (PGP signature))

Last edited by DrLucky (2023-12-07 16:28:52)

Offline

#4 2023-12-07 16:37:02

DrLucky
Member
Registered: 2021-09-21
Posts: 23

Re: Unable to update arch system due to signature issues [SOLVED]

I commented out the archzfs repository from pacman.conf and am now able to update successfully with no errors.
Adding the repo back in:

...
[archzfs]
Include = /etc/pacman.d/mirrorlist-archzfs
...

and re-running a simple pacman -Syyy, the errors return:

error: archzfs: signature from "ArchZFS Bot <buildbot@archzfs.com>" is unknown trust
:: Synchronizing package databases...
 core                                                                                129.4 KiB   271 KiB/s 00:00 [-------------------------------------------------------------------] 100%
 extra                                                                                 8.2 MiB  9.22 MiB/s 00:01 [-------------------------------------------------------------------] 100%
 community                                                                            45.0   B   127   B/s 00:00 [-------------------------------------------------------------------] 100%
 archzfs                                                                              14.9 KiB  24.5 KiB/s 00:01 [-------------------------------------------------------------------] 100%
error: archzfs: signature from "ArchZFS Bot <buildbot@archzfs.com>" is unknown trust
error: failed to synchronize all databases (invalid or corrupted database (PGP signature)) 

I̶s̶ ̶t̶h̶i̶s̶ ̶a̶n̶ ̶i̶s̶s̶u̶e̶ ̶o̶n̶ ̶a̶r̶c̶h̶z̶f̶s̶'̶s̶ ̶s̶i̶d̶e̶ ̶o̶r̶ ̶a̶n̶ ̶i̶s̶s̶u̶e̶ ̶w̶i̶t̶h̶ ̶m̶y̶ ̶s̶y̶s̶t̶e̶m̶?̶
edit: SOLVED

I removed the archzfs repository from pacman.conf again, and reinstalled archlinux-keyring

I then re-added the repository via these instructions on the archzfs github
https://github.com/archzfs/archzfs/wiki

which has resolved the issue.

Last edited by DrLucky (2023-12-07 16:45:17)

Offline

Board footer

Powered by FluxBB