You are not logged in.
Pages: 1
Today I tried to do update with
sudo pacman -Syu
then is says...
Packages (6) argon2-20171227-3 blender-17:2.79-9 jansson-2.10-3 krita-3.3.3-1 mpfi-1.5.2-1 pari-2.9.4-1
Total Installed Size: 361.00 MiB
Net Upgrade Size: -1.24 MiB
:: Proceed with installation? [Y/n] y
(6/6) checking keys in keyring [##########################################################] 100%
downloading required keys...
:: Import PGP key 4096R/BD27B07A5EF45C2ADAF70E0484818A6819AF4A9B, "Eli Schwartz <eschwartz93@gmail.com>", created: 2016-05-04? [Y/n]
Would it be okay to press Y in here?
How do I find out which PGP key can be trusted and which are not?
Last edited by qkrruddnjs12 (2018-01-09 02:37:41)
Offline
I'm telling you that that key can be trusted.
But seriously, this happens every time a new Trusted User is added.
Importing a PGP key does not designate it as a "trusted" key, the fact that that key has been signed by three or more of the Arch Linux Master Keys to form a PGP web of trust is what designates it as trusted.
Your other option is to first install the new archlinux-keyring package from the testing repository.
P.S. The forums do not accept arbitrary HTML, so instead you should use BBCode and specifically:
[code]This is some code.[/code]
Last edited by eschwartz (2018-01-09 02:14:06)
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline
https://wiki.archlinux.org/index.php/Pa … g_PGP_keys
https://www.archlinux.org/master-keys/
Also see https://bbs.archlinux.org/help.php#bbcode
(edit: too slow on all counts. But really would you trust eschwartz answering you that eschwartz could be trusted?! )
Last edited by Trilby (2018-01-09 02:16:12)
"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" - Richard Stallman
Offline
(edit: too slow on all counts. But really would you trust eschwartz answering you that eschwartz could be trusted?! )
It certainly makes my life easier...
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline
Thanks you for replies!
I'll make sure to use BBCode next time
Offline
Don't forget to mark this thread as solved as directed in the code of conduct.
aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies
Offline
Related?: https://bbs.archlinux.org/viewtopic.php … 3#p1759903
Trilby wrote:(edit: too slow on all counts. But really would you trust eschwartz answering you that eschwartz could be trusted?! )
It certainly makes my life easier...
As long as you stay on IRC, apparently.
Last edited by c00ter (2018-01-09 04:38:16)
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn
Offline
Hello, Eli Schwartz. I am having trouble with your key having marginal trust:
error: opendkim: signature from "Eli Schwartz <eschwartz@archlinux.org>" is marginal trust
:: File /var/cache/pacman/pkg/opendkim-2.10.3-5-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
I also get the same error message when trying to install dovecot-2.3.0-2-x86_64.pkg.tar.xz.
What's going on? I tried to enable the 'testing' repository but and the latest version of the archlinux-keyring package I can install is 20180108-1. What version has your keys in it?
Here is a shell session (with the testing repo disabled) showing how I updated archlinux-keyring but I still have errors checking your signature on the opendkim package:
https://gist.github.com/DavidEGrayson/4 … 82aaca6f7f
So what commands am I supposed to run to get your key trusted? Thanks!
--David
Last edited by DavidEGrayson (2018-01-27 04:54:27)
Offline
Marginal trust has nothing to do with this thread. Read https://bbs.archlinux.org/viewtopic.php?id=233480 and https://bbs.archlinux.org/viewtopic.php?id=233710, then start your own thread if you can't figure it out.
Online
Hello, Eli Schwartz. I am having trouble with your key having marginal trust when checking the signature:
error: opendkim: signature from "Eli Schwartz <eschwartz@archlinux.org>" is marginal trust :: File /var/cache/pacman/pkg/opendkim-2.10.3-5-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
What's going on? I tried to enable the 'testing' repository but and the latest version of the archlinux-keyring package I can install is 20180108-1. What version has your keys in it?
Here is a shell session (with the testing repo disabled) showing how I updated archlinux-keyring but I still have errors checking your signature on the opendkim package:
https://gist.github.com/DavidEGrayson/4 … 82aaca6f7f
So what commands am I supposed to run to get your key trusted?
--David
You should delete the cached package in /var first in case the download was actually corrupted. After that try to update again which will redownload the package. If that fails then continue other steps.
Offline
You should delete the cached package in /var first in case the download was actually corrupted. After that try to update again which will redownload the package. If that fails then continue other steps.
No. Read the actual error, it has nothing to do with the download.
Online
headkase wrote:You should delete the cached package in /var first in case the download was actually corrupted. After that try to update again which will redownload the package. If that fails then continue other steps.
No. Read the actual error, it has nothing to do with the download.
I defer to an actual bug wrangler.
Offline
Wow, thanks for the fast response! The two commands posted here by zpg443 in the thread you linked to did the trick for me: https://bbs.archlinux.org/viewtopic.php … 6#p1760826
--David
Offline
Pages: 1