"pacman-key --populate archlinux" fails to complete

Bronze · 2017-09-17 16:15:12

Hi,

"pacman-key --populate archlinux" fails to complete. When "Locally signing trusted keys in keyring" the command seems to hang at the second key. I also notice many times in the output "X signatures not checked due to missing keys". I installed "archlinux-bootstrap-2017.09.01-x86_64.tar.gz".

My question:
- is there a log file with more info or "verbose" option?

I tried "pacman-key --refresh-keys", to no avail.

pacman-key --populate archlinux
==> Appending keys from archlinux.gpg...
key AFF5D95098BC6FF5:
4 signatures not checked due to missing keys
...
==> Locally signing trusted keys in keyring...
  -> Locally signing key DDB867B92AA789C165EEFA799B729B06A680C281...
  -> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...

The prior executed "pacman-key --init" seems to complete successfully?

pacman-key --init
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
gpg: Generating pacman keyring master key...
gpg: key 7C4F99202EF51C4C marked as ultimately trusted
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/E8EABA13F0E86073A7307BE17C4F99202EF51C4C.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u

Tried:
- a new keyserver: " pacman-key --keyserver hkp://pgp.mit.edu:11371 --populate archlinux". I ended up with more signatures not checked due to missing key. Locally signing the second key still stalled/failed.

Tried:
- indeed, I tried to install arch on wsl. I found the following work around: use "archlinux-bootstrap-2017.04.01-x86_64.tar.gz" instead, the ISO image from April (https://archive.archlinux.org/iso/2017.04.01/). I chose April because it should not require manual intervention to upgrade to ca-certificates-utils 20170307-1. I now could proceed to the next step "pacman -Syyu base base-devel". However, I got:

:: Synchronizing package databases...
 core                                           124.5 KiB   528K/s 00:00 [########################################] 100%
 extra                                         1650.4 KiB  2.26M/s 00:01 [########################################] 100%
 community                                        4.0 MiB  2.52M/s 00:02 [########################################] 100%
:: There are 50 members in group base:

[..]

 guile-2.2.2-1-x86_64                             5.6 MiB  1549K/s 00:04 [########################################] 100%
(123/123) checking keys in keyring                                       [########################################] 100%
downloading required keys...
:: Import PGP key 4096R/B81B051F2D7FC867AAFF35A58DBD63B82072D77A, "Seblu <seblu@seblu.net>", created: 2011-11-11? [Y/n]
(123/123) checking package integrity                                     [########################################] 100%
error: libcap-ng: signature from "Anatol Pomozov <anatol.pomozov@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/libcap-ng-0.7.8-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: libaio: signature from "Anatol Pomozov <anatol.pomozov@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/libaio-0.3.110-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.

Tried:
- setting the timezone "cp /usr/share/zoneinfo/America/Chicago /etc/localtime" didn't help ...

Tried:
https://bbs.archlinux.org/viewtopic.php?id=195139

This got me a some progress, but "pacman -Syyu base base-devel" hung with:

( 90/123) upgrading pacman-mirrorlist                                    [########################################] 100%
warning: /etc/pacman.d/mirrorlist installed as /etc/pacman.d/mirrorlist.pacnew
( 91/123) upgrading archlinux-keyring                                    [########################################] 100%
==> Appending keys from archlinux.gpg...
gpg: WARNING: server 'gpg-agent' is older than us (2.1.19 < 2.2.0)
key A5E9288C4FA415FA:
5 signatures not checked due to missing keys
==> Locally signing trusted keys in keyring...
  -> Locally signing key DDB867B92AA789C165EEFA799B729B06A680C281...
  -> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...

Last edited by Bronze (2017-09-18 20:54:58)

Scimmia · 2017-09-17 16:19:12

I've seen this when using the bootstrap image on WSL. Usually just try it a few times and it goes through.

Bronze · 2017-09-17 16:28:49

Hi, so all these "5 signatures not checked due to missing keys" etc are not a problem?

Scimmia · 2017-09-17 16:48:02

Nope, that's not a problem

Andadroid · 2017-09-19 13:10:36

Hi, the problem is simple , pacman-key uses GPG and GPG uses entropy to sign keys(as far as I know...).
Windows on the other side isolates the WSL nearly completely(seems also true for entropy generated by CPU, which is good i.m.o.), thus there is no entropy... or very, very, very, little...
So this procedure takes a long long time(maybe three days or more...). I wasn't able to complete this yet(patches, crashes, ... restart required ).
I've tried many things, perl one liners, cat urandom, ls -R /, etc...
And I didn't find a solution...

Arch Linux

#1 2017-09-17 16:15:12

"pacman-key --populate archlinux" fails to complete

#2 2017-09-17 16:19:12

Re: "pacman-key --populate archlinux" fails to complete

#3 2017-09-17 16:28:49

Re: "pacman-key --populate archlinux" fails to complete

#4 2017-09-17 16:48:02

Re: "pacman-key --populate archlinux" fails to complete

#5 2017-09-19 13:10:36

Re: "pacman-key --populate archlinux" fails to complete

Board footer