You are not logged in.

#1 2024-06-02 12:40:27

Kalinda
Member
From: Canada
Registered: 2009-02-19
Posts: 75
Website

[SOLVED] Gpg signature invalid, cannot sign repo db or run pacman -Syy

Hello!

So I run a repo and in the past few days I've been having issues with my key. The problems randomly started on the 31st of May, where it started saying my key was not valid when I was trying to build some packages. I then tried to do updates and it did the same thing, it refused run updates with pacman, saying my signature is invalid.

I messed around with this for a short while and discovered it was doing the same thing on my laptop. It was hard to find any info on this issue since all the problems online were for invalid signatures for other people's keys, not the person with the issue. So I just made a new key and revoked the old one. I updated my repo website, along with the Arch wiki, and then added the key to my Pacman db. Everything worked fine for a couple days.

Then this morning, I go to run updates and I get this:

error: andontie-aur: signature from "Holly M. <kalinda@andontie.net>" is invalid
error: failed to synchronize all databases (invalid or corrupted database (PGP signature))

When I attempted to rebuild my repo db to sign it as a test, I get this:

==> Verifying database signature...
gpg: assuming signed data in '/andontie-aur/pkgs//andontie-aur.db.tar.gz'
gpg: Signature made Sat 01 Jun 2024 09:01:37 AM EDT
gpg:                using RSA key 493486B87A270B1F19EE5D4672BF227DD76AE5BF
gpg: BAD signature from "Holly M. <kalinda@andontie.net>" [ultimate]
==> ERROR: Database signature was NOT valid!

My key seems to still be valid, it's on the keyserver.ubuntu.com database here. And when I run the commands in gpg to see it, it comes up. When I made this key, I followed the instructions on the GnuPG page on the Arch wiki and sent it to a keyserver.

I've tried cleaning the packakge database and removing and re-adding my repo, but this issue is deeper than that because I cannot sign my packages or repo db, either. So there's some problem with the key itself, although the same thing is happening on the laptop and I don't use it for making packages, so it's likely not just me, but I haven't heard from anyone else yet. I'm really stumped here. I'm still learning and in no way an expert on gpg, so any help would be appreciated as I don't want to go to not signing my packages.

Thanks!

ETA: Ok, I am able to just sign a random file using the --detach-sign option in gpg, so the problem is specifically Pacman not liking my key for some reason.

ETA 2: So I can sign packages using makepkg --sign, but I cannot run repo-add or updates as long as my repo is in pacman.conf. This is really weird...

ETA 3: Fixed it, lol. I am very silly, I removed packages both before and after I revoked the old key and I didn't run the -s -v when I did repo-remove. My google fu was clearly weak, I do not pass go, I do not collect $200 lmao. Hopefully this'll help anyone else who makes this mistake in the future.

Last edited by Kalinda (2024-06-04 13:52:05)


Arch Linux Plasma 6 | AMD Ryzen 7 1700 | 64GB DDR4 RAM | Radeon RX 570 / GTX 1050 Ti | RTX 2070 Super (Windows VM)

Offline

#2 2024-06-02 16:30:42

Rahul Das
Member
Registered: 2024-06-02
Posts: 2

Re: [SOLVED] Gpg signature invalid, cannot sign repo db or run pacman -Syy

pacman -S archlinux-keyring

pacman-key --init archlinux
Pacman-key  --populate
pacman-key --update  blackarch

Offline

#3 2024-06-02 16:38:43

seth
Member
Registered: 2012-09-03
Posts: 57,026

Re: [SOLVED] Gpg signature invalid, cannot sign repo db or run pacman -Syy

This has absolutely nothing to do with the OP, blackarch isn't archlinux and also

The OP wrote:

ETA 3: Fixed it, lol. I am very silly, I removed packages both before and after I revoked the old key and I didn't run the -s -v when I did repo-remove. My google fu was clearly weak, I do not pass go, I do not collect $200 lmao. Hopefully this'll help anyone else who makes this mistake in the future.

@Kalinda, please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.

Offline

#4 2024-06-04 13:53:33

Kalinda
Member
From: Canada
Registered: 2009-02-19
Posts: 75
Website

Re: [SOLVED] Gpg signature invalid, cannot sign repo db or run pacman -Syy

seth wrote:

This has absolutely nothing to do with the OP, blackarch isn't archlinux and also

The OP wrote:

ETA 3: Fixed it, lol. I am very silly, I removed packages both before and after I revoked the old key and I didn't run the -s -v when I did repo-remove. My google fu was clearly weak, I do not pass go, I do not collect $200 lmao. Hopefully this'll help anyone else who makes this mistake in the future.

@Kalinda, please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.

Done, thanks!


Arch Linux Plasma 6 | AMD Ryzen 7 1700 | 64GB DDR4 RAM | Radeon RX 570 / GTX 1050 Ti | RTX 2070 Super (Windows VM)

Offline

Board footer

Powered by FluxBB