You are not logged in.
I occasionally have packages that fail the PGP signature check and won't update; no big deal - I just make sure I have the latest archlinux-keyring installed and run pacman-key --refresh-keys. But, what if archlinux-keyring itself fails the PGP signature check? Guess I could check the md5sum after downloading, and disable the PGP check in pacman before installing, but I'm guessing there's a more preferred solution...
[root@linux ~]# pacman -Sy archlinux-keyring
:: Synchronising package databases...
core is up to date
extra is up to date
community is up to date
resolving dependencies...
looking for conflicting packages...
Packages (1) archlinux-keyring-20190122-1
Total Download Size: 0.64 MiB
Total Installed Size: 0.90 MiB
Net Upgrade Size: 0.01 MiB
:: Proceed with installation? [Y/n]
:: Retrieving packages...
error: failed retrieving file 'archlinux-keyring-20190122-1-any.pkg.tar.xz' from mirrors.evowise.com : The requested URL returned error: 404
error: failed retrieving file 'archlinux-keyring-20190122-1-any.pkg.tar.xz' from mirrors.kernel.org : The requested URL returned error: 404
error: failed retrieving file 'archlinux-keyring-20190122-1-any.pkg.tar.xz' from mirrors.xtom.com : The requested URL returned error: 404
error: failed retrieving file 'archlinux-keyring-20190122-1-any.pkg.tar.xz' from mirror.lty.me : The requested URL returned error: 404
error: failed retrieving file 'archlinux-keyring-20190122-1-any.pkg.tar.xz' from mirrors.kernel.org : The requested URL returned error: 404
error: failed retrieving file 'archlinux-keyring-20190122-1-any.pkg.tar.xz' from ca.us.mirror.archlinux-br.org : The requested URL returned error: 404
error: failed retrieving file 'archlinux-keyring-20190122-1-any.pkg.tar.xz' from ftp.osuosl.org : The requested URL returned error: 404
error: failed retrieving file 'archlinux-keyring-20190122-1-any.pkg.tar.xz' from mirror.lty.me : The requested URL returned error: 404
(1/1) checking keys in keyring [#####################################################################] 100%
(1/1) checking package integrity [#####################################################################] 100%
error: archlinux-keyring: signature from "Christian Hesse (Arch Linux Package Signing) <arch@eworm.de>" is invalid
:: File /var/cache/pacman/pkg/archlinux-keyring-20190122-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
Last edited by tony5429 (2019-01-26 18:01:21)
Offline
The latest version from the Arch Linux Archive (20190123) installed just fine... Odd that pacman was instead trying to give me the 4-day-old 20190122 version of the package...
Offline
Have you checked the synchronization status of the system's primary mirror?
Offline
Have you verified the precise cause of the error by either:
1) using the --debug flag to pacman, or
2) (assuming you deleted the cached package by pressing "y") printing the remote filename using pacman -Sddp archlinux-keyring, and then downloading that file and the *.sig file from the server, and verifying the signature status using pacman-key --verify ${file}.sig ?
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline