You are not logged in.
Doing a system upgrade.
$ sudo pacman -Syu
Then I get the following error message:
error: mit-scheme: key "Alad Wenter <alad@archlinux.org>" is disabled
:: File /var/cache/pacman/pkg/mit-scheme-10.1.3-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Alad's key in pacman-key:
$ pacman-key --list-sigs | grep alad
gpg: Note: trustdb not writable
uid [ full ] Alad Wenter <alad@archlinux.org>
sig 3 6BC26A17B9B7018A 2018-03-29 Alad Wenter <alad@archlinux.org>
sig 6BC26A17B9B7018A 2018-03-29 Alad Wenter <alad@archlinux.org>
I did re-install the package archlinux-keyring and also downloaded the mit-scheme package anew, but the system upgrade runs into the same error.
Pointers to solve this are appreciated.
Last edited by lquidfire (2019-01-07 13:01:21)
Offline
What is the output of
pacman-key --list-sigs alad # no grep
pacman -Q archlinux-keyring
The key you are having issues with was fixed months ago: https://bbs.archlinux.org/viewtopic.php?id=241313
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline
I've seen that post and therefore re-installed the archlinux-keyring package.
$ pacman-key --list-sigs alad
gpg: Note: trustdb not writable
pub ed25519 2017-09-07 [SC] [expires: 2019-03-29]
DBE7D3DD8C81D58D0A13D0E76BC26A17B9B7018A
uid [ full ] Alad Wenter <alad@archlinux.org>
sig 3 6BC26A17B9B7018A 2018-03-29 Alad Wenter <alad@archlinux.org>
sig 3348882F6AC6A4C2 2018-10-03 Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sig BA1DFB64FFF979E7 2018-10-04 Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig 9B729B06A680C281 2018-09-12 Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig A88E23E377514E00 2018-08-13 Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sub cv25519 2017-09-07 [E] [expires: 2019-03-29]
sig 6BC26A17B9B7018A 2018-03-29 Alad Wenter <alad@archlinux.org>
$ pacman -Q archlinux-keyring
archlinux-keyring 20181218-1
Last edited by lquidfire (2019-01-07 12:21:56)
Offline
Reinstalling the keyring won't do anything, how did you initially upgrade though?
The key was supposed to receive a one-time re-enable if you're upgrading *from* a version older than 20181018, but obviously that did not happen for you. Did you somehow mess up that update?
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline
Not that I was aware of. I update pretty much daily. Is there any way I could find out?
Was not using this computer for the last 2 weeks, so today a bigger upgrade. From a glance at Alad's packages I don't think I have any other packages signed by him.
Do I have to re-initialize the Arch keyrings, or where do I go from here?
Offline
The only things I can think of which would mess up the update are using pacman -S --noscriptlet or updating the database with -S --dbonly. Neither one will execute the post-upgrade script, but they will still increment the currently installed version.
$ pacman-key --edit-key alad
gpg> enable
gpg> save
Deleting /etc/pacman.d/gnupg and reinitializing would work too -- you'd delete the disabled key and readd the enabled version, along with all other keys.
Or just run the command from the install script yourself. (pacscripts $pkgname to print the contents of an install script.)
Last edited by eschwartz (2019-01-07 12:55:27)
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline
Splendid! Your gpg commands did the trick
I certainly did not run pacman with such options...
Will plough through the install script as well, sounds like a fun adventure!
Cheers for your help!
Offline
Same issue
error: elinks: key "Alad Wenter <alad@archlinux.org>" is disabled
:: File /var/cache/pacman/pkg/elinks-0.13-21-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
this did not seem to resolve it :
pacman-key --refresh-keys
# pacman-key --list-sigs | grep alad
uid [ full ] Alad Wenter <alad@archlinux.org>
sig 3 6BC26A17B9B7018A 2018-03-29 Alad Wenter <alad@archlinux.org>
sig 3 6BC26A17B9B7018A 2017-10-12 Alad Wenter <alad@archlinux.org>
sig 3 6BC26A17B9B7018A 2018-03-29 Alad Wenter <alad@archlinux.org>
sig 3 6BC26A17B9B7018A 2017-09-07 Alad Wenter <alad@archlinux.org>
sig 6BC26A17B9B7018A 2018-03-29 Alad Wenter <alad@archlinux.org>
# pacman-key --edit-key 6BC26A17B9B7018A
pub ed25519/6BC26A17B9B7018A
created: 2017-09-07 expires: 2019-03-29 usage: SC
trust: unknown validity: full
*** This key has been disabled
sub cv25519/56BC98A0ED1781EB
created: 2017-09-07 expires: 2019-03-29 usage: E
[ full ] (1). Alad Wenter <alad@archlinux.org>
[ revoked] (2) Alad Wenter <alad@mailbox.org>
[ revoked] (3) Alad Wenter <alad@archlinux.info>
[marginal] (4) [jpeg image of size 23265]
I mean am I ok just to renable this?
Oddly from another arch machine here I don't seem to have any issue installing elinks, even after
pacman -S archlinux-keyring
on both.
The non-working machine was a new install from around 3 weeks ago, the working machine has been running for years.
Last edited by primeheretic (2019-01-07 13:35:08)
Offline
FWIW I fixed by removing and fixing ` /etc/pacman.d/gnupg`.
I had some issues doing this but retrusting the main (6?) archlinux keys got me back up and running with a working `pacman` and a successful `elinks` install.
Offline
I mean am I ok just to renable this?
yes, the command from the post-upgrade script in the package would do the same using the scripted interface to gpg.
Oddly from another arch machine here I don't seem to have any issue installing elinks, even after
pacman -S archlinux-keyring
on both.
The non-working machine was a new install from around 3 weeks ago, the working machine has been running for years.
That's an interesting point. Mind if I ask whether you used an old ISO to do the install? If so, you'd end up with the keys from the ISO (with the disabled key) copied to the new install, and possibly you could end up without the post-install script running to re-enable it.
Last edited by eschwartz (2019-01-07 17:47:08)
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline
That's an interesting point. Mind if I ask whether you used an old ISO to do the install? If so, you'd end up with the keys from the ISO (with the disabled key) copied to the new install, and possibly you could end up without the post-install script running to re-enable it.
I think you're on to something there.
Can't remember specifics of what I did but the install is something I've been meaning to do for a while, and didn't get round to till the xmas break.
I can't find the USB drive I used so can't verify, but the iso image sitting in the downloads folder on my desktop is `archlinux-2018.11.01-x86_64.iso`. I think there's a good chance that's what was used.
So start of Nov ISO installed over xmas? Would this fit the timing?
Last edited by primeheretic (2019-01-07 18:24:01)
Offline