You are not logged in.

#1 2018-12-17 03:58:48

clever
Member
Registered: 2015-06-18
Posts: 43

Invalid or Corrupted package (PGP signature)

When I tried to upgrade my system i got

error: python-pytoml: signature from "Eli Schwartz <eschwartz@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/python-pytoml-0.1.20-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).

then i tried

sudo rm -R /etc/pacman.d/gnupg/
sudo rm -R /root/.gnupg/ 
sudo gpg --refresh-keys
sudo pacman-key --init 
sudo pacman-key --populate archlinux
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signing key DDB867B92AA789C165EEFA799B729B06A680C281...
  -> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
  -> Locally signing key 91FFE0700E80619CEB73235CA88E23E377514E00...
  -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
  -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
==> Importing owner trust values...
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: inserting ownertrust of 4
gpg: setting ownertrust to 4
==> Disabling revoked keys in keyring...
  -> Disabling key 7FA647CD89891DEDC060287BB9113D1ED21E1A55...
  -> Disabling key D4DE5ABDE2A7287644EAC7E36D1A9E70E19DAA50...
  -> Disabling key 40440DC037C05620984379A6761FAD69BA06C6A9...
  -> Disabling key B1F2C889CB2CCB2ADA36D963097D629E437520BD...
  -> Disabling key 5357F3B111688D88C1D88119FCF2CB179205AC90...
  -> Disabling key 5559BC1A32B8F76B3FCCD9555FA5E5544F010D48...
  -> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
  -> Disabling key 63F395DE2D6398BBE458F281F2DBB4931985A992...
  -> Disabling key 8F76BEEA0289F9E1D3E229C05F946DED983D4366...
  -> Disabling key 4FCF887689C41B09506BE8D5F3E1D5C5D30DB0AD...
  -> Disabling key FB871F0131FEA4FB5A9192B4C8880A6406361833...
  -> Disabling key 81D7F8241DB38BC759C80FCE3A726C6170E80477...
  -> Disabling key 5E7585ADFF106BFFBBA319DC654B877A0864983E...
  -> Disabling key 50F33E2E5B0C3D900424ABE89BDCF497A4BBCC7F...
  -> Disabling key E7210A59715F6940CF9A4E36A001876699AD6E84...
  -> Disabling key 65EEFE022108E2B708CBFCF7F9E712E59AF5F22A...
  -> Disabling key F5A361A3A13554B85E57DDDAAF7EF7873CFD4BB6...
  -> Disabling key 40776A5221EF5AD468A4906D42A1DB15EC133BAD...
  -> Disabling key 8CF934E339CAD8ABF342E822E711306E3C4F88BC...
  -> Disabling key 5696C003B0854206450C8E5BE613C09CB4440678...
  -> Disabling key 5A2257D19FF7E1E0E415968CE62F853100F0D0F0...
  -> Disabling key 9515D8A8EAB88E49BB65EDBCE6B456CAF15447D5...
  -> Disabling key 4A8B17E20B88ACA61860009B5CED81B7C2E5C0D2...
  -> Disabling key 0B20CA1931F5DA3A70D0F8D2EA6836E1AB441196...
  -> Disabling key 34C5D94FE7E7913E86DC427E7FB1A3800C84C0A5...
  -> Disabling key 39F880E50E49A4D11341E8F939E4F17F295AFBF4...
  -> Disabling key 66BD74A036D522F51DD70A3C7F2A16726521E06D...
  -> Disabling key 07DFD3A0BC213FA12EDC217559B3122E2FA915EC...
  -> Disabling key 44D4A033AC140143927397D47EFD567D4C7EA887...
  -> Disabling key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
  -> Disabling key 8840BD07FC24CB7CE394A07CCF7037A4F27FB7DA...
==> Updating trust database...
gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: bad data signature from key 20E8A9C77716EB4F: Wrong key usage (0x19, 0x2)
gpg: depth: 0  valid:   1  signed:   5  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: bad data signature from key 20E8A9C77716EB4F: Wrong key usage (0x19, 0x2)
gpg: depth: 1  valid:   5  signed:  68  trust: 0-, 0q, 0n, 5m, 0f, 0u
gpg: depth: 2  valid:  68  signed:   8  trust: 68-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2018-12-31

then

pacman -S archlinux-keyring

then

sudo pacman-key --refresh-keys
gpg: refreshing 110 keys from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: Server indicated a failure
==> ERROR: A specified local key could not be updated from a keyserver.

i cant reach keyserver with any dns or vpn

Offline

#2 2018-12-17 04:53:02

clever
Member
Registered: 2015-06-18
Posts: 43

Re: Invalid or Corrupted package (PGP signature)

Solved it By Disabling Tor

But how does gnupg automatically use tor when enabled?

Offline

#3 2018-12-17 06:18:57

eschwartz
Fellow
Registered: 2014-08-08
Posts: 4,097

Re: Invalid or Corrupted package (PGP signature)

clever wrote:

Solved it By Disabling Tor

But how does gnupg automatically use tor when enabled?

It autodetects whether Tor is running, if you have a .onion url as one of your keyservers.

...

Also my key was updated in the archlinux-keyring package on 2018-10-31 which was 45 days before it was scheduled to expire. I guess it's been longer than that since you last updated. wink


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#4 2018-12-19 20:21:33

wvxvw
Member
Registered: 2018-12-19
Posts: 2

Re: Invalid or Corrupted package (PGP signature)

I had a similar problem, after repeatedly re-downloading and refreshing the keys, they wouldn't get trusted.  I had to trust all the 26 keys manually... Thank god for there being only 26, I guess...  but, really what was the actual issue here? I believe that keys must have been updated or something like that, but why would pacman not import them as trusted?

Offline

#5 2018-12-19 20:31:00

eschwartz
Fellow
Registered: 2014-08-08
Posts: 4,097

Re: Invalid or Corrupted package (PGP signature)

There are a lot more than 26 keys. tongue

There are only 5 keys which need to be signed, and those are the master keys from /usr/share/pacman/keyrings/archlinux-trusted

If `sudo pacman-key --populate archlinux` did not successfully sign those five keys, then your pacman-key master key is broken. What is the validity of the key "pacman@localhost"?


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#6 2018-12-22 12:18:33

wvxvw
Member
Registered: 2018-12-19
Posts: 2

Re: Invalid or Corrupted package (PGP signature)

It says that the trust is "ultimate", but I might have set it myself.

It's strange that you say there should be more.  When I run pacman-key --list-keys this is how many I get.

Offline

#7 2018-12-22 12:53:56

loqs
Member
Registered: 2014-03-06
Posts: 17,196

Re: Invalid or Corrupted package (PGP signature)

Offline

Board footer

Powered by FluxBB