You are not logged in.

#1 2017-11-05 10:21:42

kabads
Member
Registered: 2012-09-22
Posts: 271
Website

[Solved] Error with GPG keys during pacman -Syu

I'm trying

$ sudo pacman -Syu

and getting lots of these errors:

> error: celt: signature from "Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>" is unknown trust
> :: File /var/cache/pacman/pkg/celt-0.11.3-3-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
> Do you want to delete it? [Y/n] 

Even if I delete them, I get this:

error: failed to commit transaction (invalid or corrupted package (PGP signature))

I've also looked at this post [0] but I'm not sure if this applies to this particular problem.

Any advice gratefully received.
Adam

[0] https://bbs.archlinux.org/viewtopic.php?id=142798

Last edited by kabads (2017-11-05 21:58:37)

Offline

#2 2017-11-05 10:48:28

WorMzy
Forum Moderator
From: Scotland
Registered: 2010-06-16
Posts: 11,786
Website

Re: [Solved] Error with GPG keys during pacman -Syu


Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

#3 2017-11-05 11:34:53

kabads
Member
Registered: 2012-09-22
Posts: 271
Website

Re: [Solved] Error with GPG keys during pacman -Syu

Thanks - I tried both methods there and it still hasn't solved the problem:

$ sudo pacman --refresh-keys
...
25 signatures not checked due to missing keys
gpg: key 51E8B148A9999C34: "Evangelos Foutras <evangelos@foutrelis.com>" not changed
uid  Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
sig!         7F2D434B9741E8AC 2012-02-05  Pierre Schmitz <pierre@archlinux.de>
sig!3        A5E9288C4FA415FA 2011-08-25  [self-signature]
sig!3        A5E9288C4FA415FA 2011-11-16  [self-signature]
uid  Jan Alexander Steffens (heftig) <jan-alexander.steffens@smail.inf.h-brs.de>
sig!         7F2D434B9741E8AC 2012-02-05  Pierre Schmitz <pierre@archlinux.de>
sig!3        A5E9288C4FA415FA 2011-11-03  [self-signature]
uid  [jpeg image of size 3837]
sig!3        A5E9288C4FA415FA 2017-01-09  [self-signature]
uid  [jpeg image of size 3865]
sig!         7F2D434B9741E8AC 2012-02-05  Pierre Schmitz <pierre@archlinux.de>
sig!3        A5E9288C4FA415FA 2011-08-25  [self-signature]
sub  B8520A561151A394
sig!         A5E9288C4FA415FA 2011-08-25  [self-signature]
key A5E9288C4FA415FA:
10 duplicate signatures removed
222 signatures not checked due to missing keys
gpg: key A5E9288C4FA415FA: "Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>" not changed
gpg: Total number processed: 20
gpg:              unchanged: 20

$ sudo pacman -Sy archlinux-keyring && pacman -Su
...
Errors occurred, no packages were upgraded.
[adam@spark ~]$ sudo pacman -Sy archlinux-keyring && pacman -Su
:: Synchronising package databases...
 testing is up to date
 core is up to date
 extra is up to date
 community is up to date
 multilib-testing is up to date
 multilib is up to date
warning: archlinux-keyring-20171020-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (1) archlinux-keyring-20171020-1

Total Installed Size:  0.84 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n]
(1/1) checking keys in keyring                                                             [####################################################] 100%
(1/1) checking package integrity                                                           [####################################################] 100%
error: archlinux-keyring: signature from "Christian Hesse (Arch Linux Package Signing) <arch@eworm.de>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20171020-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
[adam@spark ~]

Offline

#4 2017-11-05 11:54:35

seth
Member
Registered: 2012-09-03
Posts: 49,975

Re: [Solved] Error with GPG keys during pacman -Syu

sudo pacman --refresh-keys

Ftr, it's "pacman-key"

Also notice that t he troubling signature changed.

pacman-key --list-keys | grep -EC3 '(eworm|heftig)'
cat /etc/pacman.d/gnupg/gpg.conf
# and a *complete* output of
pacman-key --refresh-keys

Offline

#5 2017-11-05 13:13:22

kabads
Member
Registered: 2012-09-22
Posts: 271
Website

Re: [Solved] Error with GPG keys during pacman -Syu

Hmm, a full output of that command is proving tricky for me, as I'm only running xterm and pressing PGUP doesn't take me further up the console (no scrollbar). I can't install a new terminal as pacman isn't working. I've tried piping with:

$ sudo pacman-key --refresh-keys > /tmp/key-log

but that file is empty after all the input is piped to xterm display.

Offline

#6 2017-11-05 13:18:46

kabads
Member
Registered: 2012-09-22
Posts: 271
Website

Re: [Solved] Error with GPG keys during pacman -Syu

OK - I fixed it by logging using the xterm command. Here is the whole output of

$ sudo pacman-key --refresh-keys

[sudo] password for adam: 
gpg: refreshing 21 keys from hkp://pool.sks-keyservers.net
uid  Gaetan Bisson <bisson@gaati.org>
sig!         06096A6AD1CEDDAC 2017-09-18  Laurent Carlier <lordheavym@gmail.com>
sig!         AFF5D95098BC6FF5 2017-09-24  Maxime Gauduin <alucryd@alucryd.xyz>
uid  Gaetan Bisson <gaetan@fenua.org>
sig!         06096A6AD1CEDDAC 2017-09-18  Laurent Carlier <lordheavym@gmail.com>
sig!         AFF5D95098BC6FF5 2017-09-24  Maxime Gauduin <alucryd@alucryd.xyz>
uid  Gaetan Bisson <bisson@archlinux.org>
sig!         06096A6AD1CEDDAC 2017-09-18  Laurent Carlier <lordheavym@gmail.com>
sig!         AFF5D95098BC6FF5 2017-09-24  Maxime Gauduin <alucryd@alucryd.xyz>
sub  F4781C02544A42A1
sig!         EEEEE2EEEE2EEEEE 2017-08-27  [self-signature]
uid  Gaetan Bisson <bisson@gaati.org> (reordered signatures follow)
sig!3        EEEEE2EEEE2EEEEE 2017-08-27  [self-signature]
uid  Gaetan Bisson <bisson@archlinux.org> (reordered signatures follow)
sig!3        EEEEE2EEEE2EEEEE 2017-08-27  [self-signature]
uid  Gaetan Bisson <gaetan@fenua.org> (reordered signatures follow)
sig!3        EEEEE2EEEE2EEEEE 2017-08-27  [self-signature]
key EEEEE2EEEE2EEEEE:
10 duplicate signatures removed
31 signatures not checked due to missing keys
3 signatures reordered
gpg: key EEEEE2EEEE2EEEEE: "Gaetan Bisson <gaetan@fenua.org>" not changed
key C06086337C50773E:
11 signatures not checked due to missing keys
gpg: key C06086337C50773E: "Jelle van der Waa <jelle@vdwaa.nl>" not changed
key FCF3C8CB5CF9C8D4:
6 signatures not checked due to missing keys
gpg: key FCF3C8CB5CF9C8D4: "Alexander Rødseth <rodseth@gmail.com>" not changed
uid  Florian Pritz <f-p@gmx.at>
rev!         6D1655C14CE1C13E 2011-06-26  [revocation]
sig!3        6D1655C14CE1C13E 2008-08-01  [self-signature]
sig!3        6D1655C14CE1C13E 2011-04-28  [self-signature]
uid  Florian Pritz <flo@xinu.at>
sig!3        6D1655C14CE1C13E 2011-03-20  [self-signature]
sig!3        6D1655C14CE1C13E 2011-04-28  [self-signature]
sig!3        6D1655C14CE1C13E 2011-06-04  [self-signature]
uid  Florian Pritz <flo@xssn.at>
rev!         6D1655C14CE1C13E 2011-06-26  [revocation]
sig!3        6D1655C14CE1C13E 2009-03-31  [self-signature]
uid  Florian Pritz <admin@xssn.at>
rev!         6D1655C14CE1C13E 2011-06-26  [revocation]
sig!3        6D1655C14CE1C13E 2009-03-31  [self-signature]
uid  Florian Pritz <bluewind@xinu.at>
sig!3        6D1655C14CE1C13E 2010-08-29  [self-signature]
sig!3        6D1655C14CE1C13E 2011-06-04  [self-signature]
sig!3        6D1655C14CE1C13E 2011-06-04  [self-signature]
uid  Florian Pritz <bluewind@xssn.at>
rev!         6D1655C14CE1C13E 2011-06-26  [revocation]
sig!3        6D1655C14CE1C13E 2009-03-31  [self-signature]
uid  Florian Pritz <flo@server-speed.net>
rev!         6D1655C14CE1C13E 2011-06-26  [revocation]
sig!3        6D1655C14CE1C13E 2009-03-31  [self-signature]
uid  Florian Pritz <admin@server-speed.net>
rev!         6D1655C14CE1C13E 2011-06-26  [revocation]
sig!3        6D1655C14CE1C13E 2008-08-01  [self-signature]
uid  Florian Pritz <bluewind@jabber.ccc.de>
sig!3        6D1655C14CE1C13E 2009-04-07  [self-signature]
sig!3        6D1655C14CE1C13E 2011-06-04  [self-signature]
uid  Florian Pritz <bluewind@server-speed.net>
rev!         6D1655C14CE1C13E 2011-06-26  [revocation]
sig!3        6D1655C14CE1C13E 2008-12-02  [self-signature]
sig!3        6D1655C14CE1C13E 2009-04-07  [self-signature]
sig-3        6D1655C14CE1C13E 2009-04-07  Florian Pritz <bluewind@xinu.at>
sub  89B75E070965A73B
sig!         6D1655C14CE1C13E 2008-08-01  [self-signature]
uid  Florian Pritz <bluewind@archlinux.org> (reordered signatures follow)
sig!3        6D1655C14CE1C13E 2016-07-25  [self-signature]
key 6D1655C14CE1C13E:
1 duplicate signature removed
92 signatures not checked due to missing keys
1 bad signature
1 signature reordered
gpg: key 6D1655C14CE1C13E: "Florian Pritz <bluewind@xinu.at>" not changed
key 332C9C40F40D2072:
14 signatures not checked due to missing keys
gpg: key 332C9C40F40D2072: "Jonathan Steel <mail@jsteel.org>" not changed
key 771DF6627EDF681F:
21 signatures not checked due to missing keys
gpg: key 771DF6627EDF681F: "Tobias Powalowski <tobias.powalowski@googlemail.com>" not changed
key 7F2D434B9741E8AC:
27 signatures not checked due to missing keys
gpg: key 7F2D434B9741E8AC: "Pierre Schmitz <pierre@archlinux.de>" not changed
key 06096A6AD1CEDDAC:
12 signatures not checked due to missing keys
gpg: key 06096A6AD1CEDDAC: "Laurent Carlier <lordheavym@gmail.com>" not changed
key FC1B547C8D8172C8:
102 signatures not checked due to missing keys
gpg: key FC1B547C8D8172C8: "Levente Polyak (anthraxx) <levente@leventepolyak.net>" not changed
key BBE43771487328A9:
31 signatures not checked due to missing keys
gpg: key BBE43771487328A9: "Bartlomiej Piotrowski <b@bpiotrowski.pl>" not changed
key A6234074498E9CEE:
71 signatures not checked due to missing keys
gpg: key A6234074498E9CEE: "Christian Hesse (Arch Linux Package Signing) <arch@eworm.de>" not changed
key AFF5D95098BC6FF5:
14 signatures not checked due to missing keys
gpg: key AFF5D95098BC6FF5: "Maxime Gauduin <alucryd@alucryd.xyz>" not changed
key 39E4B877E62EB915:
9 signatures not checked due to missing keys
gpg: key 39E4B877E62EB915: "Sven-Hendrik Haase <svenstaro@gmail.com>" not changed
key 4AC5588F941C2A25:
18 signatures not checked due to missing keys
gpg: key 4AC5588F941C2A25: "Antonio Rojas <arojas@archlinux.org>" not changed
key A91764759326B440:
34 signatures not checked due to missing keys
gpg: key A91764759326B440: "Lukas Fleischer <lfleischer@lfos.de>" not changed
key 50FB9B273A9D0BB5:
11 signatures not checked due to missing keys
gpg: key 50FB9B273A9D0BB5: "Johannes Löthberg <johannes@kyriasis.com>" not changed
key 786C63F330D7CB92:
380 signatures not checked due to missing keys
gpg: key 786C63F330D7CB92: "Felix Yan <felixonmars@archlinux.org>" not changed
key 1EB2638FF56C0C53:
26 signatures not checked due to missing keys
gpg: key 1EB2638FF56C0C53: "Dave Reisner <d@falconindy.com>" not changed
key 51E8B148A9999C34:
25 signatures not checked due to missing keys
gpg: key 51E8B148A9999C34: "Evangelos Foutras <evangelos@foutrelis.com>" not changed
uid  Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
sig!         7F2D434B9741E8AC 2012-02-05  Pierre Schmitz <pierre@archlinux.de>
sig!3        A5E9288C4FA415FA 2011-08-25  [self-signature]
sig!3        A5E9288C4FA415FA 2011-11-16  [self-signature]
uid  Jan Alexander Steffens (heftig) <jan-alexander.steffens@smail.inf.h-brs.de>
sig!         7F2D434B9741E8AC 2012-02-05  Pierre Schmitz <pierre@archlinux.de>
sig!3        A5E9288C4FA415FA 2011-11-03  [self-signature]
uid  [jpeg image of size 3837]
sig!3        A5E9288C4FA415FA 2017-01-09  [self-signature]
uid  [jpeg image of size 3865]
sig!         7F2D434B9741E8AC 2012-02-05  Pierre Schmitz <pierre@archlinux.de>
sig!3        A5E9288C4FA415FA 2011-08-25  [self-signature]
sub  B8520A561151A394
sig!         A5E9288C4FA415FA 2011-08-25  [self-signature]
key A5E9288C4FA415FA:
10 duplicate signatures removed
222 signatures not checked due to missing keys
gpg: key A5E9288C4FA415FA: "Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>" not changed
gpg: Total number processed: 20
gpg:              unchanged: 20

Offline

#7 2017-11-05 13:20:20

seth
Member
Registered: 2012-09-03
Posts: 49,975

Re: [Solved] Error with GPG keys during pacman -Syu

sudo pacman-key --refresh-keys > /tmp/key-log 2>&1

Offline

#8 2017-11-05 13:21:56

kabads
Member
Registered: 2012-09-22
Posts: 271
Website

Re: [Solved] Error with GPG keys during pacman -Syu

... and gpg.conf

# Options for GnuPG
# Copyright 1998-2003, 2010 Free Software Foundation, Inc.
# Copyright 1998-2003, 2010 Werner Koch
#
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
# modifications, as long as this notice is preserved.
#
# This file is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# Unless you specify which option file to use (with the command line
# option "--options filename"), GnuPG uses the file ~/.gnupg/gpg.conf
# by default.
#
# An options file can contain any long options which are available in
# GnuPG. If the first non white space character of a line is a '#',
# this line is ignored.  Empty lines are also ignored.
#
# See the gpg man page for a list of options.


# If you have more than 1 secret key in your keyring, you may want to
# uncomment the following option and set your preferred keyid.

#default-key 621CC013


# If you do not pass a recipient to gpg, it will ask for one.  Using
# this option you can encrypt to a default key.  Key validation will
# not be done in this case.  The second form uses the default key as
# default recipient.

#default-recipient some-user-id
#default-recipient-self


# Group names may be defined like this:
#   group mynames = paige 0x12345678 joe patti
#
# Any time "mynames" is a recipient (-r or --recipient), it will be
# expanded to the names "paige", "joe", and "patti", and the key ID
# "0x12345678".  Note there is only one level of expansion - you
# cannot make an group that points to another group.  Note also that
# if there are spaces in the recipient name, this will appear as two
# recipients.  In these cases it is better to use the key ID.

#group mynames = paige 0x12345678 joe patti


# GnuPG can automatically locate and retrieve keys as needed using
# this option.  This happens when encrypting to an email address (in
# the "user@@example.com" form) and there are no keys matching
# "user@example.com" in the local keyring.  This option takes any
# number mechanisms which are tried in the given order.  The default
# is "--auto-key-locate local" to search for keys only in the local
# key database.  Uncomment the next line to locate a missing key using
# two DNS based mechanisms.

#auto-key-locate local,pka,dane


# Common options for keyserver functions:
# (Note that the --keyserver option has been moved to dirmngr.conf)
#
# include-disabled = when searching, include keys marked as "disabled"
#                    on the keyserver (not all keyservers support this).
#
# no-include-revoked = when searching, do not include keys marked as
#                      "revoked" on the keyserver.
#
# verbose = show more information as the keys are fetched.
#           Can be used more than once to increase the amount
#           of information shown.
#
# auto-key-retrieve = automatically fetch keys as needed from the keyserver
#                     when verifying signatures or when importing keys that
#                     have been revoked by a revocation key that is not
#                     present on the keyring.
#
# no-include-attributes = do not include attribute IDs (aka "photo IDs")
#                         when sending keys to the keyserver.

#keyserver-options auto-key-retrieve


# Uncomment this line to display photo user IDs in key listings and
# when a signature from a key with a photo is verified.

#show-photos


# Use this program to display photo user IDs
#
# %i is expanded to a temporary file that contains the photo.
# %I is the same as %i, but the file isn't deleted afterwards by GnuPG.
# %k is expanded to the key ID of the key.
# %K is expanded to the long OpenPGP key ID of the key.
# %t is expanded to the extension of the image (e.g. "jpg").
# %T is expanded to the MIME type of the image (e.g. "image/jpeg").
# %f is expanded to the fingerprint of the key.
# %% is %, of course.
#
# If %i or %I are not present, then the photo is supplied to the
# viewer on standard input.  If your platform supports it, standard
# input is the best way to do this as it avoids the time and effort in
# generating and then cleaning up a secure temp file.
#
# The default program is "xloadimage -fork -quiet -title 'KeyID 0x%k' stdin"
# On Mac OS X and Windows, the default is to use your regular JPEG image
# viewer.
#
# Some other viewers:
# photo-viewer "qiv %i"
# photo-viewer "ee %i"
# photo-viewer "display -title 'KeyID 0x%k'"
#
# This one saves a copy of the photo ID in your home directory:
# photo-viewer "cat > ~/photoid-for-key-%k.%t"
#
# Use your MIME handler to view photos:
# photo-viewer "metamail -q -d -b -c %T -s 'KeyID 0x%k' -f GnuPG"


# Because some mailers change lines starting with "From " to ">From "
# it is good to handle such lines in a special way when creating
# cleartext signatures; all other PGP versions do it this way too.
# To enable full OpenPGP compliance you may want to use this option.

#no-escape-from-lines


# Uncomment the following option to get rid of the copyright notice

#no-greeting

Offline

#9 2017-11-05 13:26:50

seth
Member
Registered: 2012-09-03
Posts: 49,975

Re: [Solved] Error with GPG keys during pacman -Syu

That's not /etc/pacman.d/gnupg/gpg.conf, is it?
Also missing the keys that are read by --list-keys

Offline

#10 2017-11-05 13:38:53

kabads
Member
Registered: 2012-09-22
Posts: 271
Website

Re: [Solved] Error with GPG keys during pacman -Syu

Apologies
gpg.conf

no-greeting
no-permission-warning
lock-never
keyserver hkp://pool.sks-keyservers.net
keyserver-options timeout=10

and --list-keys

/etc/pacman.d/gnupg/pubring.kbx
-------------------------------
pub   rsa2048 2017-11-03 [SC]
      8D378A6F302823F525AC98CF7C52DE2378CD475B
uid           [ultimate] Pacman Keyring Master Key <pacman@localhost>

pub   rsa2048 2011-08-25 [SC]
      8218F88849AAC522E94CF470A5E9288C4FA415FA
uid           [ unknown] Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
uid           [ unknown] Jan Alexander Steffens (heftig) <jan-alexander.steffens@smail.inf.h-brs.de>
uid           [ unknown] [jpeg image of size 3837]
uid           [ unknown] [jpeg image of size 3865]
sub   rsa2048 2011-08-25 [E]

pub   rsa2048 2010-11-12 [SC]
      86CFFCA918CF3AF47147588051E8B148A9999C34
uid           [ unknown] Evangelos Foutras <evangelos@foutrelis.com>
uid           [ unknown] Evangelos Foutras <foutrelis@gmail.com>
uid           [ unknown] Evangelos Foutras <foutrelis@archlinux.org>
sub   rsa2048 2010-11-12 [E]

pub   rsa2048 2011-06-25 [SC]
      487EACC08557AD082088DABA1EB2638FF56C0C53
uid           [ unknown] Dave Reisner <d@falconindy.com>
uid           [ unknown] Dave Reisner <dreisner@archlinux.org>
sub   rsa2048 2011-06-25 [E]

pub   rsa4096 2012-01-20 [SC]
      B5971F2C5C10A9A08C60030F786C63F330D7CB92
uid           [ unknown] Felix Yan <felixonmars@archlinux.org>
uid           [ unknown] Felix Yan <i@felixc.at>
uid           [ unknown] Felix Yan <yanran@deepin.com>
uid           [ unknown] Felix Yan <felixonmars@163.com>
uid           [ unknown] Felix Yan <felixonmars@nyaa.cat>
uid           [ unknown] Felix Yan <felixonmars@gmail.com>
uid           [ unknown] Felix Yan <felixonmars@hust.edu.cn>
uid           [ unknown] Felix Yan <felixyan@bbtechgroup.com>
uid           [ unknown] Felix Yan <felixonmars@archlinuxcn.org>
uid           [ unknown] keybase.io/felixonmars <felixonmars@keybase.io>
uid           [ unknown] Yan, Ran (Name on Passport) <felixonmars@gmail.com>
sub   rsa4096 2012-01-20 [E]

pub   rsa8192 2014-01-14 [SC] [expires: 2019-07-10]
      5134EF9EAF65F95B6BB1608E50FB9B273A9D0BB5
uid           [ unknown] Johannes Löthberg <johannes@kyriasis.com>
sub   rsa8192 2014-01-14 [E] [expires: 2019-07-10]
sub   rsa8192 2014-09-21 [S] [expires: 2019-07-10]

pub   rsa4096 2011-10-12 [SC]
      2E36D8620221482FC45CB7F2A91764759326B440
uid           [ unknown] Lukas Fleischer <lfleischer@lfos.de>
uid           [ unknown] Lukas Fleischer (calcurse) <lfleischer@calcurse.org>
uid           [ unknown] Lukas Fleischer (Arch Linux) <lfleischer@archlinux.org>
sub   rsa4096 2011-10-12 [E]

pub   rsa4096 2014-10-21 [SC]
      9D74DF6F91B7BDABD5815CA84AC5588F941C2A25
uid           [ unknown] Antonio Rojas <arojas@archlinux.org>
uid           [ unknown] Antonio Rojas <arojas@us.es>
uid           [ unknown] Antonio Rojas <nqn1976@gmail.com>
uid           [ unknown] Antonio Rojas <nqn76sw@gmail.com>
sub   rsa2048 2014-11-07 [S]
sub   rsa2048 2014-11-07 [E]

pub   rsa4096 2011-09-10 [SC]
      8FC15A064950A99DD1BD14DD39E4B877E62EB915
uid           [ unknown] Sven-Hendrik Haase <svenstaro@gmail.com>
uid           [ unknown] Sven-Hendrik Haase <sh@lutzhaase.com>
sub   rsa4096 2011-09-10 [E]

pub   rsa2048 2013-01-21 [SC]
      9437DD3815A7A9169E3D3946AFF5D95098BC6FF5
uid           [ unknown] Maxime Gauduin <alucryd@alucryd.xyz>
uid           [ unknown] Maxime Gauduin <alucryd@gmail.com>
uid           [ unknown] Maxime Gauduin <alucryd@archlinux.org>
sub   rsa2048 2013-01-21 [E]

pub   rsa2048 2011-08-12 [SC]
      02FD1C7A934E614545849F19A6234074498E9CEE
uid           [ unknown] Christian Hesse (Arch Linux Package Signing) <arch@eworm.de>
sub   rsa2048 2011-08-12 [E]

pub   rsa2048 2011-10-10 [SC]
      F3691687D867B81B51CE07D9BBE43771487328A9
uid           [ unknown] Bartlomiej Piotrowski <b@bpiotrowski.pl>
uid           [ unknown] Bartłomiej Piotrowski <b@bpiotrowski.pl>
uid           [ unknown] Bartłomiej Piotrowski <bpiotrowski@archlinux.org>
uid           [ unknown] Bartlomiej Piotrowski (Barthalion) <barthalion@gmail.com>
uid           [ unknown] Bartłomiej Piotrowski (Barthalion) <barthalion@gmail.com>
sub   rsa2048 2011-10-10 [E]

pub   rsa4096 2011-11-07 [SC] [expires: 2018-12-31]
      E240B57E2C4630BA768E2F26FC1B547C8D8172C8
uid           [ unknown] Levente Polyak (anthraxx) <levente@leventepolyak.net>
uid           [ unknown] Levente Polyak <Z3r0.0x00@gmail.com>
uid           [ unknown] Levente Polyak <anthraxx@archlinux.org>
uid           [ unknown] Levente Polyak <anthraxx@hamburg.ccc.de>
uid           [ unknown] Levente Polyak <levente@leventepolyak.de>
uid           [ unknown] Levente Polyak (Jabber/XMPP only) <anthraxx@jabber.ccc.de>
sub   rsa4096 2011-11-07 [E] [expires: 2018-12-31]

pub   rsa2048 2011-10-30 [SC]
      535F8C0339450F054A4D282706096A6AD1CEDDAC
uid           [ unknown] Laurent Carlier <lordheavym@gmail.com>
sub   rsa2048 2011-10-30 [E]

pub   rsa2048 2011-04-10 [SC]
      4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC
uid           [ unknown] Pierre Schmitz <pierre@archlinux.de>
sub   rsa2048 2011-04-10 [E]

pub   rsa2048 2011-07-18 [SC]
      5B7E3FB71B7F10329A1C03AB771DF6627EDF681F
uid           [ unknown] Tobias Powalowski <tobias.powalowski@googlemail.com>
uid           [ unknown] Tobias Powalowski <tpowa@archlinux.org>
sub   rsa2048 2011-07-18 [E]

pub   rsa2048 2012-08-12 [SC]
      8742F7535E7B394A1B048163332C9C40F40D2072
uid           [ unknown] Jonathan Steel <mail@jsteel.org>
uid           [ unknown] Jonathan Steel <jsteel@archlinux.org>
uid           [ unknown] Jonathan Steel <jsteel@aur.archlinux.org>
sub   rsa2048 2012-08-12 [E]

pub   rsa4096 2008-08-01 [SCA]
      CFA6AF15E5C74149FC1D8C086D1655C14CE1C13E
uid           [ unknown] Florian Pritz <bluewind@xinu.at>
uid           [ unknown] Florian Pritz <flo@xinu.at>
uid           [ unknown] Florian Pritz <bluewind@archlinux.org>
uid           [ unknown] Florian Pritz <bluewind@jabber.ccc.de>
sub   rsa4096 2008-08-01 [E]

pub   rsa2048 2011-09-29 [SC]
      962855F072C7A01846405864FCF3C8CB5CF9C8D4
uid           [ unknown] Alexander Rødseth <rodseth@gmail.com>
sub   rsa2048 2011-09-29 [E]

pub   rsa2048 2011-10-08 [SC]
      E499C79F53C96A54E572FEE1C06086337C50773E
uid           [ unknown] Jelle van der Waa <jelle@vdwaa.nl>
uid           [ unknown] Jelle van der Waa <jelle@archlinux.org>
sub   rsa2048 2011-10-08 [E]

pub   ed25519 1998-03-24 [SCA]
      1A60DC44245D06FEF90623D6EEEEE2EEEE2EEEEE
uid           [ unknown] Gaetan Bisson <gaetan@fenua.org>
uid           [ unknown] Gaetan Bisson <bisson@gaati.org>
uid           [ unknown] Gaetan Bisson <bisson@archlinux.org>
sub   cv25519 2017-08-27 [E]

Offline

#11 2017-11-05 14:02:01

seth
Member
Registered: 2012-09-03
Posts: 49,975

Re: [Solved] Error with GPG keys during pacman -Syu

That's an impressively short keyring and the Pacman master key doesn't match mine.

See https://bbs.archlinux.org/viewtopic.php … 9#p1501589 but if you're not using Arch-archlinux but Manjaro-archlinux or antergos-archlinux or something, *now* is the time to confess before you screw up things.

Offline

#12 2017-11-05 14:39:04

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: [Solved] Error with GPG keys during pacman -Syu

seth wrote:

That's an impressively short keyring and the Pacman master key doesn't match mine.

The Pacman Master Key is the local key created during pacman-key --init, so each installation should have a different one.

Maybe you can try to import the archlinux keyring again:

pacman-key --populate archlinux

Last edited by progandy (2017-11-05 14:44:40)


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#13 2017-11-05 15:00:41

seth
Member
Registered: 2012-09-03
Posts: 49,975

Re: [Solved] Error with GPG keys during pacman -Syu

Ok, thanks  for the info.

So that's settled, but the suspicious lack of "@master-key.archlinux.org" keys is likely what keeps all others untrusted.
Maybe just forgot population?

Edit: Next time I better post *before* fetching coffee ;-)

Last edited by seth (2017-11-05 15:01:33)

Offline

#14 2017-11-05 18:23:30

kabads
Member
Registered: 2012-09-22
Posts: 271
Website

Re: [Solved] Error with GPG keys during pacman -Syu

This is a pure arch Linux install but I'm away from the machine at the moment. I'll try the populate command.

Offline

#15 2017-11-05 21:07:26

kabads
Member
Registered: 2012-09-22
Posts: 271
Website

Re: [Solved] Error with GPG keys during pacman -Syu

There's still a problem as I'm now getting this from the --populate

Sorry, try again.
Sorry, try again.
==> Appending keys from archlinux.gpg...
key EEEEE2EEEE2EEEEE:
13 signatures not checked due to missing keys
key 6D1655C14CE1C13E:
1 signature not checked due to a missing key
key 9C02FF419FECBE16:
4 signatures not checked due to missing keys
key A5E9288C4FA415FA:
5 signatures not checked due to missing keys
==> Locally signing trusted keys in keyring...
  -> Locally signing key DDB867B92AA789C165EEFA799B729B06A680C281...
  -> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
  -> Locally signing key 91FFE0700E80619CEB73235CA88E23E377514E00...
  -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
  -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
  -> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887...
==> Importing owner trust values...
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
==> Disabling revoked keys in keyring...
  -> Disabling key 7FA647CD89891DEDC060287BB9113D1ED21E1A55...
  -> Disabling key D4DE5ABDE2A7287644EAC7E36D1A9E70E19DAA50...
  -> Disabling key 40440DC037C05620984379A6761FAD69BA06C6A9...
  -> Disabling key B1F2C889CB2CCB2ADA36D963097D629E437520BD...
  -> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
  -> Disabling key 63F395DE2D6398BBE458F281F2DBB4931985A992...
  -> Disabling key 8F76BEEA0289F9E1D3E229C05F946DED983D4366...
  -> Disabling key 4FCF887689C41B09506BE8D5F3E1D5C5D30DB0AD...
  -> Disabling key 81D7F8241DB38BC759C80FCE3A726C6170E80477...
  -> Disabling key 5E7585ADFF106BFFBBA319DC654B877A0864983E...
  -> Disabling key E7210A59715F6940CF9A4E36A001876699AD6E84...
  -> Disabling key F5A361A3A13554B85E57DDDAAF7EF7873CFD4BB6...
  -> Disabling key 8CF934E339CAD8ABF342E822E711306E3C4F88BC...
  -> Disabling key 5696C003B0854206450C8E5BE613C09CB4440678...
  -> Disabling key 9515D8A8EAB88E49BB65EDBCE6B456CAF15447D5...
  -> Disabling key 4A8B17E20B88ACA61860009B5CED81B7C2E5C0D2...
  -> Disabling key 0B20CA1931F5DA3A70D0F8D2EA6836E1AB441196...
  -> Disabling key 34C5D94FE7E7913E86DC427E7FB1A3800C84C0A5...
  -> Disabling key 39F880E50E49A4D11341E8F939E4F17F295AFBF4...
  -> Disabling key 66BD74A036D522F51DD70A3C7F2A16726521E06D...
  -> Disabling key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
==> Updating trust database...
gpg: public key of ultimately trusted key 9191359E150E6AA7 not found
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   2  signed:   6  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: depth: 1  valid:   6  signed:  69  trust: 0-, 0q, 0n, 6m, 0f, 0u
gpg: depth: 2  valid:  69  signed:   9  trust: 69-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2018-06-25
==> ERROR: Trust database could not be updated.

Offline

#16 2017-11-05 21:29:55

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,463

Re: [Solved] Error with GPG keys during pacman -Syu

Something is seriously wrong with your keyring. How old is this installation and when was it last fully updated?

Offline

#17 2017-11-05 21:38:49

kabads
Member
Registered: 2012-09-22
Posts: 271
Website

Re: [Solved] Error with GPG keys during pacman -Syu

Probably about a month ago - the install went fine back then. I probably installed this 4+ years ago (perhaps more). I really don't use this as my regular machine, but a fallback.

Offline

#18 2017-11-05 21:43:19

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,463

Re: [Solved] Error with GPG keys during pacman -Syu

hmm, up to date a month ago and you shouldn't be having these problems. Anyway, simplest solution would be to blow away the pacman keyring and redo it. Get rid of /etc/pacman.d/gnupg/, initialize the new keyring with pacman-key --init, then populate it with the archlinux keys again.

Offline

#19 2017-11-05 21:58:11

kabads
Member
Registered: 2012-09-22
Posts: 271
Website

Re: [Solved] Error with GPG keys during pacman -Syu

@Scimmia - thanks- that worked. Deleting the whole /etc/pacman.d./gnupg dir and then renewing as per https://bbs.archlinux.org/viewtopic.php … 9#p1501589

Offline

Board footer

Powered by FluxBB