You are not logged in.
No, you should do a "use a different mirror, that has a more up to date keyring package".
Offline
No, you should do a "use a different mirror, that has a more up to date keyring package".
Grabbed new mirrorlist from here.
Same problem.
If it ain't broke, you haven't tweaked it enough.
Offline
No, you should do a "use a different mirror, that has a more up to date keyring package".
In this case, you're wrong:
https://bugs.archlinux.org/task/35478
It only affects new installs. Just re-enable the key as mentioned by geno.nullfree.
Offline
Woah! Okay, I'll be quiet now.
Offline
Just had the same problem. Disabled PGP validation in pacman.conf and worked fine. Would be really nice to know why his key got revoked?!? Anyone?
Offline
An update to archlinux-keyring should have fixed this without changing pacman.conf, I think. Well, I was just trying to install terminus-font, but I assume that fixed the problem for any package installation that raised an error about this developer's key. Latest version of archlinux-keyring is 20130525-2.
Offline
I did already try an keyring update, without any joy . If that's the latest version it looks like it's dated 25/05/2013. This post was orginally started 03/06/2013. A little worrying that a developers key has been revoked, but unfortunately not knowledge of why.
Thanks anyway for responding so quickly!
Last edited by Hutchism (2013-06-20 12:10:43)
Offline
While running pacman-key --refresh-keys I get another error.
gpgkeys: key E943040E3EAB5C99CD936EECE33AD258DA7B9D6E not found on keyserver
No luck with above mentioned solution.
error: steam: key "Daniel Wallace <danielwallace@gtmanfred.com>" is disabled
:: File /var/cache/pacman/pkg/steam-1.0.0.39-2-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
Last edited by donniezazen (2013-06-20 15:28:53)
Offline
Hey Donnie. The key for danielwallace has apparently been revoked?
Quick fix is to temporarily edit the line "#SigLevel = Optional TrustedOnly" to "SigLevel = Never" in /etc/pacman.conf
Offline
@Hutchism, @donniezazen,
This is a better solution than disabling the Signature check completely...
Offline
Thanks Geno! A better solution yes, but would really like to know why it's broke in the first place. Nearly a month, and we have no idea why a dev's pgp key has been revoked. No one else a little curious as to what's gone wrong here? :s
Offline
Thanks Geno! A better solution yes, but would really like to know why it's broke in the first place. Nearly a month, and we have no idea why a dev's pgp key has been revoked. No one else a little curious as to what's gone wrong here? :s
Your definition of "we" is a little strange.
"We" know about this: https://bugs.archlinux.org/task/35478
"We" fixed it: https://projects.archlinux.org/pacman.g … d=d080a469
Offline
I think he was [also?] curious why the key has been revoked in the first place.
Offline
Thanks karol. Yeah, that's about right. Didn't come on here with an axe to grind, was just curious as to the status of the problem and if anyone knew what was going on.
I really appreciate the work that you guys put into this OS. I'm more of an end user I'm afraid, so consequently can't afford the time to spend hours wading through forums when all I originally wanted in this case was a dependency for Rainlendar - a simple calendar app.
Offline
Is there some news about this problem? Any reaction from Wallace himself why the key is revoked?
I dont think that it is a good "solution" to force enable a disabled key due to security issues. There are also other packages affected by the key problem, like lib32libpng12. And I can't understand how these packages are not installable for months (!) without manually enabling the disabled key.
Offline
Is your system up to date? I can install steam w/o a problem. archlinux-keyring has been updated in the meantime, so things should be just fine https://www.archlinux.org/packages/core … x-keyring/
Steam has been just updated https://www.archlinux.org/packages/?name=steam so maybe you're experiencing some issues due to this.
Offline
That's odd. I did a
pacman-key --populate archlinux
, then
pacman-key --refresh-keys
and afterwards
pacman -Syu
.
Content of /etc/pacman.d/gnupg/gpg.conf:
[vibee@archpc ~]$ cat /etc/pacman.d/gnupg/gpg.conf
no-greeting
no-permission-warning
lock-never
keyserver hkp://pool.sks-keyservers.net
keyserver-options timeout=10
And still I got problems installing packages from Daniel Wallace:
:: Starting full system upgrade...
resolving dependencies...
looking for inter-conflicts...
Packages (1): steam-1.0.0.40-1
Total Installed Size: 2.65 MiB
Net Upgrade Size: 0.23 MiB
:: Proceed with installation? [Y/n] Y
(1/1) checking keys in keyring [#####################################################################################################] 100%
(1/1) checking package integrity [#####################################################################################################] 100%
error: steam: key "Daniel Wallace <danielwallace@gtmanfred.com>" is disabled
:: File /var/cache/pacman/pkg/steam-1.0.0.40-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Edit: Also trying different key servers doesn't change the result.
Last edited by vibee (2013-09-03 11:13:49)
Offline
Offline
Thank you! It worked. Why did I have to manually delete and import the key, although I did an arch-populate and a refresh-keys?
Offline
Comments on https://bugs.archlinux.org/task/35478 say the script (pacman-key?) fails silently when trying to disable invalid keys.
I don't know if this has been fixed. Maybe it's still not possible to say if disabling a key way successful when running gpg in batch mode.
Offline
Another way to solve this problem is to completely remove the archlinux-keyring package with the following command:
pacman -Rdd archlinux-keyring
And then install it with the following command:
pacman -Syy archlinux-keyring
There are other, and possibly more correct solutions in the thread, but this is what worked for me. Hope it helps someone out!
Offline
Just a heads up: you should add a 'u' in that last command, '-Syy <package>' can lead to problems, and partial upgrades are unsupported.
Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD
Making lemonade from lemons since 2015.
Online
There should be no difference between updating and reinstalling the keyring:
post_upgrade() {
if usr/bin/pacman-key -l >/dev/null 2>&1; then
usr/bin/pacman-key --populate archlinux
# Re-enable key of dwallace
# See https://bugs.archlinux.org/task/35478
if [ -z "$2" ] || [ "$2" = "20130525-1" ]; then
printf 'enable\nquit\n' | LANG=C \
gpg --homedir /etc/pacman.d/gnupg \
--no-permission-warning --command-fd 0 \
--quiet --batch --edit-key \
5559BC1A32B8F76B3FCCD9555FA5E5544F010D48 \
2>/dev/null
fi
fi
}
post_install() {
if [ -x usr/bin/pacman-key ]; then
post_upgrade
fi
}
Offline
Hi,
I ran into this problem trying to install a new system. Here is my solution, do the following as 'root' or via `sudo`
pacman-key --refresh-keys gpg --homedir /etc/pacman.d/gnupg --edit-key 182ADEA0 enable quit
Could somebody explain to me in detail why the second command looks like that? Should be there --homedir or my homedir name (firekage)? Also, why it is edited to gnupg while gnupg here is not a conf file but a directory?
I did that, but still can't install steam.
Last edited by firekage (2013-09-21 13:17:08)
Offline