You are not logged in.
Hey everyone
I just tried doing a fresh install of Arch on my desktop (using archlinux-2018.02.01).
However after setting the basics up (including enabling ntp and verifying the correct system time) I tried to do pacstrap, which failed installing the packages.
Each of the packages failed with "signature from "XXX" is unknown trust".
I then set pacman's SigLevel to TrustAll and tried updating archlinux-keyring, still the same issue after removing TrustAll again.
I then tried the following:
rm -rf /etc/pacman.d/gnupg
pacman-key --init
pacman-key --populate
// tried pacstrap again, same issue
pacman-key --refresh-keys
// still same issue
To at least get Arch running i added TrustAll to pacman again and finished installing everything.
Got my installation working now, but the keys are still broken, pacman is not installing anything without TrustAll
SigLevel = Required DatabaseOptional TrustAll
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required
Here's a debug output of it (without TrustAll), as you can see it says the signature is valid but unknown trust. This happens with ALL packages I tried.
[root@arch ~]# pacman -S bash-completion --debug
debug: pacman v5.0.2 - libalpm v10.0.2
debug: config: attempting to read file /etc/pacman.conf
debug: config: new section 'options'
debug: config: HoldPkg: pacman
debug: config: HoldPkg: glibc
debug: config: arch: x86_64
debug: config: SigLevel: Required
debug: config: SigLevel: DatabaseOptional
debug: config: LocalFileSigLevel: Optional
debug: config: new section 'core'
debug: config file /etc/pacman.conf, line 76: including /etc/pacman.d/mirrorlist
debug: config: new section 'extra'
debug: config file /etc/pacman.conf, line 79: including /etc/pacman.d/mirrorlist
debug: config: new section 'community'
debug: config file /etc/pacman.conf, line 85: including /etc/pacman.d/mirrorlist
debug: config: finished parsing /etc/pacman.conf
debug: setup_libalpm called
debug: option 'logfile' = /var/log/pacman.log
debug: option 'gpgdir' = /etc/pacman.d/gnupg/
debug: option 'hookdir' = /etc/pacman.d/hooks/
debug: option 'cachedir' = /var/cache/pacman/pkg/
debug: registering sync database 'core'
debug: database path for tree core set to /var/lib/pacman/sync/core.db
debug: "/var/lib/pacman/sync/core.db.sig" is not readable: No such file or directory
debug: sig path /var/lib/pacman/sync/core.db.sig could not be opened
debug: missing optional signature
debug: setting usage of 15 for core repository
debug: adding new server URL to database 'core': http://mirror.f4st.host/archlinux/core/os/x86_64
debug: adding new server URL to database 'core': https://ftp.halifax.rwth-aachen.de/archlinux/core/os/x86_64
debug: adding new server URL to database 'core': https://mirror.f4st.host/archlinux/core/os/x86_64
debug: adding new server URL to database 'core': rsync://mirror.f4st.host/archlinux/core/os/x86_64
debug: adding new server URL to database 'core': rsync://ftp.halifax.rwth-aachen.de/archlinux/core/os/x86_64
debug: registering sync database 'extra'
debug: database path for tree extra set to /var/lib/pacman/sync/extra.db
debug: "/var/lib/pacman/sync/extra.db.sig" is not readable: No such file or directory
debug: sig path /var/lib/pacman/sync/extra.db.sig could not be opened
debug: missing optional signature
debug: setting usage of 15 for extra repository
debug: adding new server URL to database 'extra': http://mirror.f4st.host/archlinux/extra/os/x86_64
debug: adding new server URL to database 'extra': https://ftp.halifax.rwth-aachen.de/archlinux/extra/os/x86_64
debug: adding new server URL to database 'extra': https://mirror.f4st.host/archlinux/extra/os/x86_64
debug: adding new server URL to database 'extra': rsync://mirror.f4st.host/archlinux/extra/os/x86_64
debug: adding new server URL to database 'extra': rsync://ftp.halifax.rwth-aachen.de/archlinux/extra/os/x86_64
debug: registering sync database 'community'
debug: database path for tree community set to /var/lib/pacman/sync/community.db
debug: "/var/lib/pacman/sync/community.db.sig" is not readable: No such file or directory
debug: sig path /var/lib/pacman/sync/community.db.sig could not be opened
debug: missing optional signature
debug: setting usage of 15 for community repository
debug: adding new server URL to database 'community': http://mirror.f4st.host/archlinux/community/os/x86_64
debug: adding new server URL to database 'community': https://ftp.halifax.rwth-aachen.de/archlinux/community/os/x86_64
debug: adding new server URL to database 'community': https://mirror.f4st.host/archlinux/community/os/x86_64
debug: adding new server URL to database 'community': rsync://mirror.f4st.host/archlinux/community/os/x86_64
debug: adding new server URL to database 'community': rsync://ftp.halifax.rwth-aachen.de/archlinux/community/os/x86_64
debug: loading package cache for repository 'core'
debug: opening archive /var/lib/pacman/sync/core.db
debug: added 228 packages to package cache for db 'core'
debug: loading package cache for repository 'extra'
debug: opening archive /var/lib/pacman/sync/extra.db
debug: added 3014 packages to package cache for db 'extra'
debug: adding package 'bash-completion'
debug: loading package cache for repository 'local'
debug: added 597 packages to package cache for db 'local'
warning: bash-completion-2.7-2 is up to date -- reinstalling
debug: adding package bash-completion-2.7-2 to the transaction add list
resolving dependencies...
debug: resolving target's dependencies
debug: started resolving dependencies
debug: checkdeps: package bash-completion-2.7-2
debug: finished resolving dependencies
looking for conflicting packages...
debug: looking for conflicts
debug: check targets vs targets
debug: check targets vs targets
debug: check targets vs db and db vs targets
debug: check targets vs db
debug: check db vs targets
debug: checking dependencies
debug: checkdeps: package bash-completion-2.7-2
debug: setting download size 186344 for pkg bash-completion
debug: sorting by dependencies
debug: started sorting dependencies
debug: sorting dependencies finished
Packages (1) bash-completion-2.7-2
Total Download Size: 0,18 MiB
Total Installed Size: 0,80 MiB
Net Upgrade Size: 0,00 MiB
:: Proceed with installation? [Y/n]
debug: using cachedir: /var/cache/pacman/pkg/
debug: checking available disk space for download
debug: discovered mountpoint: /tmp
debug: discovered mountpoint: /sys/kernel/security
debug: discovered mountpoint: /sys/kernel/debug
debug: discovered mountpoint: /sys/kernel/config
debug: discovered mountpoint: /sys/fs/pstore
debug: discovered mountpoint: /sys/fs/cgroup/unified
debug: discovered mountpoint: /sys/fs/cgroup/systemd
debug: discovered mountpoint: /sys/fs/cgroup/rdma
debug: discovered mountpoint: /sys/fs/cgroup/pids
debug: discovered mountpoint: /sys/fs/cgroup/perf_event
debug: discovered mountpoint: /sys/fs/cgroup/net_cls,net_prio
debug: discovered mountpoint: /sys/fs/cgroup/memory
debug: discovered mountpoint: /sys/fs/cgroup/hugetlb
debug: discovered mountpoint: /sys/fs/cgroup/freezer
debug: discovered mountpoint: /sys/fs/cgroup/devices
debug: discovered mountpoint: /sys/fs/cgroup/cpuset
debug: discovered mountpoint: /sys/fs/cgroup/cpu,cpuacct
debug: discovered mountpoint: /sys/fs/cgroup/blkio
debug: discovered mountpoint: /sys/fs/cgroup
debug: discovered mountpoint: /sys/firmware/efi/efivars
debug: discovered mountpoint: /sys
debug: discovered mountpoint: /run/user/1000
debug: discovered mountpoint: /run
debug: discovered mountpoint: /proc/sys/fs/binfmt_misc
debug: discovered mountpoint: /proc
debug: discovered mountpoint: /dev/shm
debug: discovered mountpoint: /dev/pts
debug: discovered mountpoint: /dev/mqueue
debug: discovered mountpoint: /dev/hugepages
debug: discovered mountpoint: /dev
debug: discovered mountpoint: /boot
debug: discovered mountpoint: /
debug: loading fsinfo for /
debug: partition /, needed 46, cushion 5121, free 53332755
:: Retrieving packages...
debug: url: http://mirror.f4st.host/archlinux/extra/os/x86_64/bash-completion-2.7-2-any.pkg.tar.xz
debug: maxsize: 186344
debug: opened tempfile for download: /var/cache/pacman/pkg/bash-completion-2.7-2-any.pkg.tar.xz.part (wb)
downloading bash-completion-2.7-2-any.pkg.tar.xz...
debug: curl returned error 0 from transfer
debug: response code: 200
debug: using cachedir: /var/cache/pacman/pkg/
checking keyring...
debug: GPGME version: 1.10.0
debug: GPGME engine info: file=/usr/bin/gpg, home=/etc/pacman.d/gnupg/
debug: looking up key 1EB2638FF56C0C53 locally
debug: key lookup success, key exists
checking package integrity...
debug: found cached pkg: /var/cache/pacman/pkg/bash-completion-2.7-2-any.pkg.tar.xz
debug: sig data: iQEzBAABCAAdFiEESH6swIVXrQggiNq6HrJjj/VsDFMFAlnovksACgkQHrJjj/VsDFPzVAgAj3QcsP2RVCqgJQCmPIm4JdU8ko2goljlvs2jMZ2Y4yWyzra5OhSvwd+spURO0GKCjlBkwtDwm+Inv/VQ1MKwIXpqWBxZlMMJhlsRbW9zDktMhhBV8j3D4XGg1RcsdzfPI90FS+NGKorHxFfIlHUKw1cZSMZYMW9DSYL/FFadQVkNOIFEcgOxnB9EXr7LuDptbrw1F44mv8M6XFLjK6kmNUpjgqS8TPhpPlC1Yy0C96wSwubY3Ikgh7m09tnMbcDERNyHcl9mvNaPsQa7RAPY8vfQOpFdsUxgv/EDbhJ7QZ6UQA2F1kk2Z+y74S9VekfJRWmhcPyhEzMVa2vcdDqKIQ==
debug: checking signature for /var/cache/pacman/pkg/bash-completion-2.7-2-any.pkg.tar.xz
debug: 1 signatures returned
debug: fingerprint: 487EACC08557AD082088DABA1EB2638FF56C0C53
debug: summary: (empty)
debug: status: Success
debug: timestamp: 1508425291
debug: exp_timestamp: 0
debug: validity: unknown; reason: Success
debug: key: 487EACC08557AD082088DABA1EB2638FF56C0C53, Dave Reisner <d@falconindy.com>, owner_trust unknown, disabled 0
debug: signature is valid
debug: signature is unknown trust
error: bash-completion: signature from "Dave Reisner <d@falconindy.com>" is unknown trust
:: File /var/cache/pacman/pkg/bash-completion-2.7-2-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
debug: unregistering database 'local'
debug: freeing package cache for repository 'local'
debug: unregistering database 'core'
debug: freeing package cache for repository 'core'
debug: unregistering database 'extra'
debug: freeing package cache for repository 'extra'
debug: unregistering database 'community'
[root@arch ~]# pacman-key --list-keys d@falconindy.com
pub rsa2048 2011-06-25 [SC]
487EACC08557AD082088DABA1EB2638FF56C0C53
uid [ unknown] Dave Reisner <d@falconindy.com>
uid [ unknown] Dave Reisner <dreisner@archlinux.org>
sub rsa2048 2011-06-25 [E]
Last edited by Kaeltis (2018-02-08 15:32:12)
Offline
Let's see `pacman-key --list-sigs Master`
Offline
[root@arch ~]# pacman-key --list-sigs Master
pub rsa2048 2018-02-08 [SC]
252086ED9B16824428B4F5EE0D6F9560475D65A2
uid [ultimate] Pacman Keyring Master Key <pacman@localhost>
sig 3 0D6F9560475D65A2 2018-02-08 Pacman Keyring Master Key <pacman@localhost>
pub rsa4096 2011-11-29 [SC]
AB19265E5D7D20687D303246BA1DFB64FFF979E7
uid [ unknown] Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig 3 BA1DFB64FFF979E7 2011-11-29 Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig 3EC72E5826BD94C2 2012-02-05 [User ID not found]
rev 3EC72E5826BD94C2 2012-02-05 [User ID not found]
sig 1BB89C0602367449 2018-01-16 [User ID not found]
sig F99FFE0FEAE999BD 2011-11-30 Allan McRae <me@allanmcrae.com>
sig 06096A6AD1CEDDAC 2011-11-30 Laurent Carlier <lordheavym@gmail.com>
sig B773EB82DABACDA8 2013-08-16 [User ID not found]
sig 7ACFA647C5B3322D 2014-05-27 [User ID not found]
sig C3918344475A229F 2015-09-23 [User ID not found]
sig 872E6714EAF5EC44 2014-04-09 [User ID not found]
sig 80394F9187983512 2016-11-14 [User ID not found]
sig A9358D7DDD12F986 2012-02-29 [User ID not found]
sig 5F03C767C247A4D5 2017-08-17 [User ID not found]
sig 2 P 09B69B615AD10C8E 2015-12-01 [User ID not found]
sig 1 P 8508252F9B301536 2017-03-23 [User ID not found]
pub rsa4096 2017-05-15 [SC]
DDB867B92AA789C165EEFA799B729B06A680C281
uid [ unknown] Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig 3 9B729B06A680C281 2017-05-15 Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig 1BB89C0602367449 2018-01-16 [User ID not found]
sig 1 P 2 AA14E96200F5E006 2017-09-14 [User ID not found]
sig B6002D906D137D09 2017-09-03 [User ID not found]
sig BBE43771487328A9 2017-05-15 Bartlomiej Piotrowski <b@bpiotrowski.pl>
sig 2 5F03C767C247A4D5 2017-08-17 [User ID not found]
sub rsa4096 2017-05-15 [E]
sig 9B729B06A680C281 2017-05-15 Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
pub rsa4096 2015-12-17 [SC]
91FFE0700E80619CEB73235CA88E23E377514E00
uid [ unknown] Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sig 3 A88E23E377514E00 2015-12-17 Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sig 1BB89C0602367449 2018-01-16 [User ID not found]
sig 1 P 2 AA14E96200F5E006 2017-09-14 [User ID not found]
sig 80394F9187983512 2016-11-14 [User ID not found]
sig 6D1655C14CE1C13E 2015-12-17 Florian Pritz <bluewind@xinu.at>
sig 2 5F03C767C247A4D5 2017-08-17 [User ID not found]
sig 1 P 8508252F9B301536 2017-03-23 [User ID not found]
sub rsa4096 2015-12-17 [E]
sig A88E23E377514E00 2015-12-17 Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
pub rsa3072 2011-11-18 [SC]
0E8B644079F599DFC1DDC3973348882F6AC6A4C2
uid [ unknown] Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sig 3 3348882F6AC6A4C2 2011-11-18 Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sig 1BB89C0602367449 2018-01-16 [User ID not found]
sig 1 P 2 AA14E96200F5E006 2017-09-14 [User ID not found]
sig 7F2D434B9741E8AC 2011-11-18 Pierre Schmitz <pierre@archlinux.de>
sig 7ACFA647C5B3322D 2014-05-27 [User ID not found]
sig 872E6714EAF5EC44 2014-04-09 [User ID not found]
sig 80394F9187983512 2016-11-14 [User ID not found]
sig A9358D7DDD12F986 2012-02-29 [User ID not found]
sig 3 AD94BA169DBB5BF2 2016-10-12 [User ID not found]
sig 2 5F03C767C247A4D5 2017-08-17 [User ID not found]
sig 1 P 8508252F9B301536 2017-03-23 [User ID not found]
sub rsa1024 2011-11-18 [E]
sig 3348882F6AC6A4C2 2011-11-18 Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sub rsa3072 2011-11-18 [A]
sig 3348882F6AC6A4C2 2011-11-18 Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
pub rsa3072 2011-11-19 [SC]
684148BB25B49E986A4944C55184252D824B18E8
uid [ unknown] Thomas Bächler (Arch Linux Master Key) <thomas@master-key.archlinux.org>
sig 3 5184252D824B18E8 2011-11-19 Thomas Bächler (Arch Linux Master Key) <thomas@master-key.archlinux.org>
sig 1BB89C0602367449 2018-01-16 [User ID not found]
sig 1 P 2 AA14E96200F5E006 2017-09-14 [User ID not found]
sig 7ACFA647C5B3322D 2014-05-27 [User ID not found]
sig 284FC34C8E4B1A25 2011-11-19 Thomas Bächler <thomas@bchlr.de>
sig 872E6714EAF5EC44 2014-04-09 [User ID not found]
sig 80394F9187983512 2016-11-14 [User ID not found]
sig A9358D7DDD12F986 2012-02-29 [User ID not found]
sig 1 P 8508252F9B301536 2017-03-23 [User ID not found]
pub rsa3072 2011-11-29 [SC] [revoked: 2011-11-29]
27FFC4769E19F096D41D9265A04F9397CDFD6BB0
rev A04F9397CDFD6BB0 2011-11-29 Dan McGee (Arch Linux Master Key) <dan@master-key.archlinux.org>
uid [ revoked] Dan McGee (Arch Linux Master Key) <dan@master-key.archlinux.org>
sig 3 A04F9397CDFD6BB0 2011-11-29 Dan McGee (Arch Linux Master Key) <dan@master-key.archlinux.org>
sig 5C2E46A0F53A76ED 2011-11-29 Dan McGee <dpmcgee@gmail.com>
sig 06096A6AD1CEDDAC 2011-11-30 Laurent Carlier <lordheavym@gmail.com>
sig 7ACFA647C5B3322D 2014-05-27 [User ID not found]
sig 872E6714EAF5EC44 2014-04-09 [User ID not found]
sig 80394F9187983512 2016-11-14 [User ID not found]
sig A9358D7DDD12F986 2012-02-29 [User ID not found]
sig 2 P 09B69B615AD10C8E 2015-12-01 [User ID not found]
pub rsa3072 2011-11-25 [SC] [revoked: 2011-11-25]
44D4A033AC140143927397D47EFD567D4C7EA887
rev 7EFD567D4C7EA887 2011-11-25 Ionut Biru (Arch Linux Master Key) <ionut@master-key.archlinux.org>
uid [ revoked] Ionut Biru (Arch Linux Master Key) <ionut@master-key.archlinux.org>
sig 3 7EFD567D4C7EA887 2011-11-25 Ionut Biru (Arch Linux Master Key) <ionut@master-key.archlinux.org>
sig E8F18BA1615137BC 2011-11-25 Ionut Biru <ibiru@archlinux.org>
sig 872E6714EAF5EC44 2014-04-09 [User ID not found]
sig 80394F9187983512 2016-11-14 [User ID not found]
sig A9358D7DDD12F986 2012-02-29 [User ID not found]
sig 2 5F03C767C247A4D5 2017-08-17 [User ID not found]
sig 1 P 8508252F9B301536 2017-03-23 [User ID not found]
sig 1 P 2 AA14E96200F5E006 2017-09-14 [User ID not found]
Offline
So none of the Arch master keys got signed by the local master key for some reason. Try it manually or just use `pacman-key --populate archlinux`
Last edited by Scimmia (2018-02-08 15:13:24)
Offline
Seems something is off there:
[root@arch ~]# pacman-key --populate archlinux
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signing key DDB867B92AA789C165EEFA799B729B06A680C281...
==> ERROR: DDB867B92AA789C165EEFA799B729B06A680C281 could not be locally signed.
-> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
==> ERROR: 684148BB25B49E986A4944C55184252D824B18E8 could not be locally signed.
-> Locally signing key 91FFE0700E80619CEB73235CA88E23E377514E00...
==> ERROR: 91FFE0700E80619CEB73235CA88E23E377514E00 could not be locally signed.
-> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
==> ERROR: AB19265E5D7D20687D303246BA1DFB64FFF979E7 could not be locally signed.
-> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
==> ERROR: 0E8B644079F599DFC1DDC3973348882F6AC6A4C2 could not be locally signed.
[root@arch ~]# pacman-key --lsign-key DDB867B92AA789C165EEFA799B729B06A680C281
-> Locally signing key DDB867B92AA789C165EEFA799B729B06A680C281...
==> ERROR: DDB867B92AA789C165EEFA799B729B06A680C281 could not be locally signed.
Trying directly with gpg (according to https://wiki.archlinux.org/index.php/Pa … _with_gpg)
[root@arch ~]# gpg --homedir /etc/pacman.d/gnupg --lsign-key DDB867B92AA789C165EEFA799B729B06A680C281
gpg: WARNING: unsafe permissions on homedir '/etc/pacman.d/gnupg'
pub rsa4096/9B729B06A680C281
created: 2017-05-15 expires: never usage: SC
trust: unknown validity: unknown
sub rsa4096/67BFC124BD9FAD4C
created: 2017-05-15 expires: never usage: E
[ unknown] (1). Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
gpg: no default secret key: No public key
Key not changed so no update needed.
EDIT:
well, I've found it - it was my yubikeys fault: https://wiki.archlinux.org/index.php/Gn … public_key
Thanks for pointing me in the right direction!
Last edited by Kaeltis (2018-02-08 15:45:39)
Offline