Signature is unknown trust [SOLVED]

chf2117 · 2016-01-23 14:55:07

I seem to be having the same problem as this topic but the solution offered did not work for me. The problem and solution is also described here.

I'm trying to install i3 but get this error:

:: Proceed with installation? [Y/n] error: i3-wm: signature from "Thorsten Töpper <atsutane@freethoughts.de>" is unknown trust
:: File /var/cache/pacman/pkg/i3-wm-4.11-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] error: failed to commit transaction (invalid or corrupted package (PGP signature))

I've tried cleaning out the cache with "pacman -Sc && rm /var/lib/pacman/sync/*", refreshing signatures with "pacman-key --refresh-keys" and reinstalling, but that did not work.

I also tried resetting all the keys and upgrading archlinux-keyring per the wiki to no avail.

Last edited by chf2117 (2016-01-24 17:10:15)

ewaller · 2016-01-23 15:32:51

Try the following commands and see If you get the same results

ewaller@turing ~ 1004 %ls -l /var/cache/pacman/pkg/i3-wm-4.11-1-x86_64.pkg.tar.xz 
-rw-r--r-- 1 root root 253152 Oct 13 11:10 /var/cache/pacman/pkg/i3-wm-4.11-1-x86_64.pkg.tar.xz
ewaller@turing ~ 1005 %md5sum /var/cache/pacman/pkg/i3-wm-4.11-1-x86_64.pkg.tar.xz 
7d8408a9222dcaeff6e059b53ab4028a  /var/cache/pacman/pkg/i3-wm-4.11-1-x86_64.pkg.tar.xz
ewaller@turing ~ 1006 %

Edit: Fixed first command because I had used ll as an alias for ls -l

Last edited by ewaller (2016-01-23 15:34:39)

bernarcher · 2016-01-23 16:08:28

ewaller wrote:

Edit: Fixed first command because I had used ll as an alias for ls -l

Good to know I am not alone with this abbreviation.

chf2117 · 2016-01-23 16:10:30

$ls -l /var/cache/pacman/pkg/i3-wm-4.11-1-x86_64.pkg.tar.xz
-rw-r--r-- 1 root root 253152 Oct 13 18:10 /var/cache/pacman/pkg/i3-wm-4.11-1-x86_64.pkg.tar.xz
$md5sum /var/cache/pacman/pkg/i3-wm-4.11-1-x86_64.pkg.tar.xz
7d8408a9222dcaeff6e059b53ab4028a  /var/cache/pacman/pkg/i3-wm-4.11-1-x86_64.pkg.tar.xz

It looks the same except for the date from ll

ewaller · 2016-01-23 16:17:50

Okay, the package is not corrupt.

I just tried looking at his key on my system and it expired yesterday.

ewaller@turing ~ [2]1003 %gpg --list-key Thorsten
pub   dsa2048/295AFBF4 2009-02-20 [expired: 2016-01-22]
uid         [ expired] Thorsten Töpper <atsutane@freethoughts.de>
uid         [ expired] Thorsten Töpper <t.toepper@gmx.de>
uid         [ expired] Thorsten Toepper (Atsutane) <atsutane@freethoughts.de>

ewaller@turing ~ 1004 %

Check that on your system

ewaller · 2016-01-23 16:27:29

... And I just did a gpg --refresh-keys and he has a new key that expires 2017-09-08

If his key on your system is stale, do a refresh keys and try again.

chf2117 · 2016-01-23 16:37:53

list-key gives me:
gpg: error reading key: No public key

refresh-keys and trying again gave the same result

jbaig77 · 2016-01-23 18:27:09

I have this same issue as well. refreshing the keys does not do anything

ewaller · 2016-01-24 07:40:34

I have been away all day. I think that a pacman -Syu from a fully synced mirror should solve this. I see the Arch keyring has been updated today.

basxto · 2016-01-24 13:40:14

chf2117 wrote:

list-key gives me:
gpg: error reading key: No public key
refresh-keys and trying again gave the same result

Pacman has his own keyring by default.

sudo pacman-key -l Thorsten
pub   dsa2048/295AFBF4 2009-02-20 [verfallen: 2016-01-22]
uid      [  verfallen] Thorsten Töpper <atsutane@freethoughts.de>
uid      [  verfallen] Thorsten Töpper <t.toepper@gmx.de>
uid      [  verfallen] Thorsten Toepper (Atsutane) <atsutane@freethoughts.de>

sudo pacman-key --refresh-keys

This fixed it for me.

chf2117 · 2016-01-24 17:09:58

All is well. pacman -Syu && pacman-key --refresh-keys got it done this time.

To make sure I understand what happened:
Thorsten recently got a new key pair and updated his private key on the package but did not publish his public key. This caused my earlier attempts at installation and refreshing keys to fail. Today his public key was updated, allowing the installation to proceed smoothly. Is this correct?

ewaller · 2016-01-24 17:16:22

Pretty much. I think the magic happened when arch-keyring was upgraded and had time to propagate to the servers.
I started with checking the package itself as that is the purpose of this whole infrastructure. I'd have hated to try to chase down cryptography problems only to find out that things were working as they were supposed to.
From my pacman logs:

[2016-01-23 23:07] [ALPM] upgraded archlinux-keyring (20151220-1 -> 20160123-1)
[2016-01-23 23:07] [ALPM-SCRIPTLET] ==> Appending keys from archlinux.gpg...
[2016-01-23 23:07] [ALPM-SCRIPTLET] gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
[2016-01-23 23:07] [ALPM-SCRIPTLET] gpg: depth: 0  valid:   1  signed:   6  trust: 0-, 0q, 0n, 0m, 0f, 1u
[2016-01-23 23:07] [ALPM-SCRIPTLET] gpg: depth: 1  valid:   6  signed:  66  trust: 1-, 0q, 0n, 5m, 0f, 0u
[2016-01-23 23:07] [ALPM-SCRIPTLET] gpg: depth: 2  valid:  66  signed:   6  trust: 66-, 0q, 0n, 0m, 0f, 0u
[2016-01-23 23:07] [ALPM-SCRIPTLET] gpg: next trustdb check due at 2016-06-03
[2016-01-23 23:07] [ALPM-SCRIPTLET] ==> Locally signing trusted keys in keyring...
[2016-01-23 23:07] [ALPM-SCRIPTLET]   -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
[2016-01-23 23:07] [ALPM-SCRIPTLET]   -> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
[2016-01-23 23:07] [ALPM-SCRIPTLET]   -> Locally signing key 91FFE0700E80619CEB73235CA88E23E377514E00...
[2016-01-23 23:07] [ALPM-SCRIPTLET]   -> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887...
[2016-01-23 23:07] [ALPM-SCRIPTLET]   -> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
[2016-01-23 23:07] [ALPM-SCRIPTLET]   -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
[2016-01-23 23:07] [ALPM-SCRIPTLET] ==> Importing owner trust values...
[2016-01-23 23:07] [ALPM-SCRIPTLET] gpg: setting ownertrust to 4
[2016-01-23 23:07] [ALPM-SCRIPTLET] ==> Disabling revoked keys in keyring...
[2016-01-23 23:07] [ALPM-SCRIPTLET]   -> Disabling key F5A361A3A13554B85E57DDDAAF7EF7873CFD4BB6...
[2016-01-23 23:07] [ALPM-SCRIPTLET]   -> Disabling key 7FA647CD89891DEDC060287BB9113D1ED21E1A55...
[2016-01-23 23:07] [ALPM-SCRIPTLET]   -> Disabling key D4DE5ABDE2A7287644EAC7E36D1A9E70E19DAA50...
[2016-01-23 23:07] [ALPM-SCRIPTLET]   -> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
[2016-01-23 23:07] [ALPM-SCRIPTLET]   -> Disabling key 9515D8A8EAB88E49BB65EDBCE6B456CAF15447D5...
[2016-01-23 23:07] [ALPM-SCRIPTLET]   -> Disabling key 4A8B17E20B88ACA61860009B5CED81B7C2E5C0D2...
[2016-01-23 23:07] [ALPM-SCRIPTLET]   -> Disabling key 63F395DE2D6398BBE458F281F2DBB4931985A992...
[2016-01-23 23:07] [ALPM-SCRIPTLET]   -> Disabling key 0B20CA1931F5DA3A70D0F8D2EA6836E1AB441196...
[2016-01-23 23:07] [ALPM-SCRIPTLET]   -> Disabling key 8F76BEEA0289F9E1D3E229C05F946DED983D4366...
[2016-01-23 23:07] [ALPM-SCRIPTLET]   -> Disabling key 66BD74A036D522F51DD70A3C7F2A16726521E06D...
[2016-01-23 23:07] [ALPM-SCRIPTLET]   -> Disabling key 81D7F8241DB38BC759C80FCE3A726C6170E80477...
[2016-01-23 23:07] [ALPM-SCRIPTLET]   -> Disabling key E7210A59715F6940CF9A4E36A001876699AD6E84...
[2016-01-23 23:07] [ALPM-SCRIPTLET] ==> Updating trust database...
[2016-01-23 23:07] [ALPM-SCRIPTLET] gpg: next trustdb check due at 2016-06-03

eschwartz · 2016-01-24 21:33:07

The new archlinux-keyring package is still lingering in testing, having fun there I guess.
So it doesn't do a lot of good (yet) to the majority of people who don't enable testing.

`pacman-key --refresh-keys`, on the other hand, works perfectly, right now, since the maintainer's new key has been pushed to the public keyservers.

LyCC · 2016-01-24 22:42:36

Eschwartz wrote:

pacman-key --refresh-keys

Thanks
it solved the issue.

Arch Linux

#1 2016-01-23 14:55:07

Signature is unknown trust [SOLVED]

#2 2016-01-23 15:32:51

Re: Signature is unknown trust [SOLVED]

#3 2016-01-23 16:08:28

Re: Signature is unknown trust [SOLVED]

#4 2016-01-23 16:10:30

Re: Signature is unknown trust [SOLVED]

#5 2016-01-23 16:17:50

Re: Signature is unknown trust [SOLVED]

#6 2016-01-23 16:27:29

Re: Signature is unknown trust [SOLVED]

#7 2016-01-23 16:37:53

Re: Signature is unknown trust [SOLVED]

#8 2016-01-23 18:27:09

Re: Signature is unknown trust [SOLVED]

#9 2016-01-24 07:40:34

Re: Signature is unknown trust [SOLVED]

#10 2016-01-24 13:40:14

Re: Signature is unknown trust [SOLVED]

#11 2016-01-24 17:09:58

Re: Signature is unknown trust [SOLVED]

#12 2016-01-24 17:16:22

Re: Signature is unknown trust [SOLVED]

#13 2016-01-24 21:33:07

Re: Signature is unknown trust [SOLVED]

#14 2016-01-24 22:42:36

Re: Signature is unknown trust [SOLVED]

Board footer