Can't install packages from local repository created with repo-add

jriz · 2014-07-13 18:25:46

I did the following

repo-add /mnt/packages/repo.db.tar.gz /var/cache/pacman/pkg/* 
cp /var/cache/pacman/pkg/* /mnt/packages

on one computer

connected the hard drive to another computer and did the following:
added the pacman.conf configurations as follows

[repo]
SigLevel = PackageRequired
Server = file:///mnt/packages

then ran

pacman -Sy

which worked.
and then I tried to install a package using pacman -S.but all the packages give me :
error: packagename: missing required signature,File:///var/cache/pacman/pkg/packagename is corrupted(invalid or corrupted package(PGP Signature))

then i tried:

pacman-key --init
pacman-key --populate archlinux
pacman -Syy

which didn't work and made no difference.what can I do?

karol · 2014-07-13 18:33:23

What about the key used to sign these packages? Is it your key?

jriz · 2014-07-13 18:43:31

karol wrote:

What about the key used to sign these packages? Is it your key?

I don't know how to determine that.They were downloaded from the official repositories using pacman -S
(maybe I should have posted this in the newbie corner)

Last edited by jriz (2014-07-13 18:45:10)

karol · 2014-07-13 19:34:02

Is your clock OK? Do you have any *.part files in /mnt/packages ?
Why is it complaining about /var/cache/pacman/pkg/packagename ? Your packages should be in /mnt/packages , right?

anatolik · 2014-07-13 19:37:53

One thing that comes to my mind is that repo directories have *.sig files next to the packages, see file structure here http://mirrors.kernel.org/archlinux/testing/os/x86_64/

But cache directory /var/cache/pacman/pkg/ does not have these sign files and it is why pacman complains. Where to find the sign files locally? I do not know the recommended way, but I see that /var/lib/pacman/sync/$REPO.db contains signature information, so you can write a script that extracts it.

Or you can use `repo-add --sign` and sign packages with your key, but it is not very secure.

PS Instead of using repo-add you might want just use repo files from /var/lib/pacman/sync/

Last edited by anatolik (2014-07-13 19:39:22)

jriz · 2014-07-13 19:47:22

karol wrote:

Is your clock OK? Do you have any *.part files in /mnt/packages ?
Why is it complaining about /var/cache/pacman/pkg/packagename ? Your packages should be in /mnt/packages , right?

Actually my clock is NOT ok.I'll fix that and report.
I do not have any *.part files.
And from what I gather pacman first "downloads" the packages to it's cache and then tries to install them.that's why it complains about the /var/cache...

karol · 2014-07-13 20:09:02

Wrong time can be the problem.
Have you tried setting CacheDir in pacman.conf to the one in /mnt or do you need /var/cache/pacman/pkg/?

jriz · 2014-07-13 20:17:58

karol wrote:

Wrong time can be the problem.
Have you tried setting CacheDir in pacman.conf to the one in /mnt or do you need /var/cache/pacman/pkg/?

I set the cahcedir using the --cachedir option , got the same error.just got the same error, with /var/cache/pacman/packagename changed to /mnt/packages/packagename.
Also my clock was fine.the only problem was it wasn't synced with windows.

jriz · 2014-07-13 20:19:25

anatolik wrote:

One thing that comes to my mind is that repo directories have *.sig files next to the packages, see file structure here http://mirrors.kernel.org/archlinux/testing/os/x86_64/
But cache directory /var/cache/pacman/pkg/ does not have these sign files and it is why pacman complains. Where to find the sign files locally? I do not know the recommended way, but I see that /var/lib/pacman/sync/$REPO.db contains signature information, so you can write a script that extracts it.
Or you can use `repo-add --sign` and sign packages with your key, but it is not very secure.

PS Instead of using repo-add you might want just use repo files from /var/lib/pacman/sync/

I will try the above and report.
but it shouldn't be necessary according to https://wiki.archlinux.org/index.php/Pacman_tips

jriz · 2014-07-14 12:04:44

I tried doing it with --sign and it gave me a :

warning: failed to sign package databse

so maybe there's a bigger underlying cause

jriz · 2014-07-14 12:13:57

a google search for this(--sign) yielded absolutely no useful results.seems like no one's ever had this problem before

Last edited by jriz (2014-07-14 12:14:21)

jriz · 2014-07-14 20:01:48

Also when I use the verify option, it gives me this:

warning: no existing signature found.skipping verification

surprisingly I get this error on both of my systems.So maybe I've missed something with key generation, but can't find what it is.

anatolik · 2014-07-14 20:10:35

jriz wrote:

I tried doing it with --sign and it gave me a :
warning: failed to sign package databse
so maybe there's a bigger underlying cause

I think it tries to tell you don't have your own private key. What gpg says `gpg -b $SOMEFILE`?

But let's make a step back. Are you trying to share your cache between several machines? There are several existing solutions for this. Check https://wiki.archlinux.org/index.php/Ne … cman_cache and https://wiki.archlinux.org/index.php/Pacserve

jriz · 2014-07-14 20:14:03

I looked at the code for repo-add and understood this: like Anatolik said there have to be *.sig files present( I'm not sure if it's packagename.sig or reponame.sig, maybe both), and pacman doesn't save those files .so how should I get these .sig files?

p.s:I remember getting a "failed to commit transaction" error from pacman -S, when somehow there were reponame.db.sig files in /var/lib/pacman/sync and removing those files fixed the problem.so something seems off here

karol · 2014-07-14 20:31:45

I lost track what are we talking about.
Official repos don 't have signed dbs, so unless some mirror was overeager and tried to "fix" this, there should be no reponame.db.sig for the official repos.

jriz · 2014-07-14 20:38:46

karol wrote:

I lost track what are we talking about.
Official repos don 't have signed dbs, so unless some mirror was overeager and tried to "fix" this, there should be no reponame.db.sig for the official repos.

I think that's why it was causing problems.

right now i've narrowed the problem down to fetching the packagename.pkg.sig.tar.xz along with the packagename.pkg.tar.xz.but I can't find a way to do that automatically.at least I can't find a way using

pacman

karol · 2014-07-14 20:54:20

https://bugs.archlinux.org/task/33091 ?

Is your clock working?

progandy · 2014-07-14 21:11:58

If you trust your local repository, then you can configure the repository to work without signatures, e.g.

[local]
SigLevel = Optional
Server = file:///some/dir/

jriz · 2014-07-14 22:13:32

karol wrote:

https://bugs.archlinux.org/task/33091 ?
Is your clock working?

yes, and it's UTC

jriz · 2014-07-14 22:24:32

progandy wrote:

If you trust your local repository, then you can configure the repository to work without signatures, e.g.
[local]
SigLevel = Optional
Server = file:///some/dir/

I know. but in the wiki at https://wiki.archlinux.org/index.php/Pacman_tips in the usb stick section, it uses PackageRequired, so i thought it should work

Arch Linux

#1 2014-07-13 18:25:46

Can't install packages from local repository created with repo-add

#2 2014-07-13 18:33:23

Re: Can't install packages from local repository created with repo-add

#3 2014-07-13 18:43:31

Re: Can't install packages from local repository created with repo-add

#4 2014-07-13 19:34:02

Re: Can't install packages from local repository created with repo-add

#5 2014-07-13 19:37:53

Re: Can't install packages from local repository created with repo-add

#6 2014-07-13 19:47:22

Re: Can't install packages from local repository created with repo-add

#7 2014-07-13 20:09:02

Re: Can't install packages from local repository created with repo-add

#8 2014-07-13 20:17:58

Re: Can't install packages from local repository created with repo-add

#9 2014-07-13 20:19:25

Re: Can't install packages from local repository created with repo-add

#10 2014-07-14 12:04:44

Re: Can't install packages from local repository created with repo-add

#11 2014-07-14 12:13:57

Re: Can't install packages from local repository created with repo-add

#12 2014-07-14 20:01:48

Re: Can't install packages from local repository created with repo-add

#13 2014-07-14 20:10:35

Re: Can't install packages from local repository created with repo-add

#14 2014-07-14 20:14:03

Re: Can't install packages from local repository created with repo-add

#15 2014-07-14 20:31:45

Re: Can't install packages from local repository created with repo-add

#16 2014-07-14 20:38:46

Re: Can't install packages from local repository created with repo-add

#17 2014-07-14 20:54:20

Re: Can't install packages from local repository created with repo-add

#18 2014-07-14 21:11:58

Re: Can't install packages from local repository created with repo-add

#19 2014-07-14 22:13:32

Re: Can't install packages from local repository created with repo-add

#20 2014-07-14 22:24:32

Re: Can't install packages from local repository created with repo-add

Board footer