[SOLVED] archlinux-keyring Fails PGP Signature Check

tony5429 · 2019-01-26 17:55:54

I occasionally have packages that fail the PGP signature check and won't update; no big deal - I just make sure I have the latest archlinux-keyring installed and run pacman-key --refresh-keys. But, what if archlinux-keyring itself fails the PGP signature check? Guess I could check the md5sum after downloading, and disable the PGP check in pacman before installing, but I'm guessing there's a more preferred solution...

[root@linux ~]# pacman -Sy archlinux-keyring
:: Synchronising package databases...
 core is up to date
 extra is up to date
 community is up to date
resolving dependencies...
looking for conflicting packages...

Packages (1) archlinux-keyring-20190122-1

Total Download Size:   0.64 MiB
Total Installed Size:  0.90 MiB
Net Upgrade Size:      0.01 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
error: failed retrieving file 'archlinux-keyring-20190122-1-any.pkg.tar.xz' from mirrors.evowise.com : The requested URL returned error: 404
error: failed retrieving file 'archlinux-keyring-20190122-1-any.pkg.tar.xz' from mirrors.kernel.org : The requested URL returned error: 404
error: failed retrieving file 'archlinux-keyring-20190122-1-any.pkg.tar.xz' from mirrors.xtom.com : The requested URL returned error: 404
error: failed retrieving file 'archlinux-keyring-20190122-1-any.pkg.tar.xz' from mirror.lty.me : The requested URL returned error: 404
error: failed retrieving file 'archlinux-keyring-20190122-1-any.pkg.tar.xz' from mirrors.kernel.org : The requested URL returned error: 404
error: failed retrieving file 'archlinux-keyring-20190122-1-any.pkg.tar.xz' from ca.us.mirror.archlinux-br.org : The requested URL returned error: 404
error: failed retrieving file 'archlinux-keyring-20190122-1-any.pkg.tar.xz' from ftp.osuosl.org : The requested URL returned error: 404
error: failed retrieving file 'archlinux-keyring-20190122-1-any.pkg.tar.xz' from mirror.lty.me : The requested URL returned error: 404
(1/1) checking keys in keyring                                                                                      [#####################################################################] 100%
(1/1) checking package integrity                                                                                    [#####################################################################] 100%
error: archlinux-keyring: signature from "Christian Hesse (Arch Linux Package Signing) <arch@eworm.de>" is invalid
:: File /var/cache/pacman/pkg/archlinux-keyring-20190122-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]

Last edited by tony5429 (2019-01-26 18:01:21)

tony5429 · 2019-01-26 18:01:04

The latest version from the Arch Linux Archive (20190123) installed just fine... Odd that pacman was instead trying to give me the 4-day-old 20190122 version of the package...

loqs · 2019-01-26 18:03:40

Have you checked the synchronization status of the system's primary mirror?

eschwartz · 2019-01-27 02:23:27

Have you verified the precise cause of the error by either:

1) using the --debug flag to pacman, or
2) (assuming you deleted the cached package by pressing "y") printing the remote filename using pacman -Sddp archlinux-keyring, and then downloading that file and the *.sig file from the server, and verifying the signature status using pacman-key --verify ${file}.sig ?

Arch Linux

#1 2019-01-26 17:55:54

[SOLVED] archlinux-keyring Fails PGP Signature Check

#2 2019-01-26 18:01:04

Re: [SOLVED] archlinux-keyring Fails PGP Signature Check

#3 2019-01-26 18:03:40

Re: [SOLVED] archlinux-keyring Fails PGP Signature Check

#4 2019-01-27 02:23:27

Re: [SOLVED] archlinux-keyring Fails PGP Signature Check

Board footer