You are not logged in.

#1 2019-01-28 06:12:34

rearden888
Member
Registered: 2017-07-31
Posts: 7

[SOLVED] ArchZFS Package key signing issue

I have the archzfs repository enabled on a couple of my machines that I use ZFS on. One of them, not both, has been exhibiting some weird behavior with receiving and locally signing the key. When I try to update the system after I have rebooted the machine, it doesn't seem to remember the local signature for that repo's signing key

error: archzfs: signature from "ArchZFS Bot <buildbot@archzfs.com>" is unknown trust
:: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
archzfs 19.2 KiB 111K/s 00:00 [#####################################################################################] 100%
archzfs.sig 310.0 B 0.00B/s 00:00 [#####################################################################################] 100%
error: archzfs: signature from "ArchZFS Bot <buildbot@archzfs.com>" is unknown trust
error: failed to update archzfs (invalid or corrupted database (PGP signature))
error: failed to synchronize all databases

When I go to grab the key, as I normally would, I get this:

rearden@avalon-ab ~> sudo pacman-key --recv F75D9D76
gpg: key 403BD972F75D9D76: "ArchZFS Bot <buildbot@archzfs.com>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
==> Updating trust database...
gpg: next trustdb check due at 2019-03-29
 rearden@avalon-ab ~> sudo pacman-key --lsign F75D9D76
gpg: key 06937B5F269AC1F1 was created 5856 seconds in the future (time warp or clock problem)
-> Locally signing key F75D9D76...
==> ERROR: F75D9D76 could not be locally signed.

It seems like there's some sort of time sync issue, but the date and time on the machine are correct, and NTP is enabled. Eventually, after the time it thinks is in the future has elapsed, everything goes back to working normally. Anyone have any ideas on what might be causing this? It's strange that it only seems to happen after I reboot the machine.

Last edited by rearden888 (2019-01-29 05:46:07)

Offline

#2 2019-01-28 11:03:39

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 6,675

Re: [SOLVED] ArchZFS Package key signing issue

Does this also happen if you poweroff the machine and start it again immediately ?

Arch linux has several ntp implementations, which one are you using ?


Multi-init booting with apg Openrc and systemd coexisting
Automounting : not needed, i prefer pmount
Aur helpers : makepkg + my own local repo === rarely need them

Offline

#3 2019-01-29 02:25:35

eschwartz
Trusted User/Bug Wrangler
Registered: 2014-08-08
Posts: 2,853

Re: [SOLVED] ArchZFS Package key signing issue

I'd assume that rather than the key being created in the present and your clock being in the past, the key was created while your clock was in the future, and then you fixed your clock -- thus invalidating the key.

Here's a better question: what is, in fact, the key 06937B5F269AC1F1 and when was it created and why? This is your pacman-key master key (pacman@localhost), right? Is there a reason it is being created 1 hour and 40 minutes into the future every single time you reboot? Is there a reason the key is being created for any reason at all, every single time you reboot?


Managing AUR repos The Right Way -- aurpublish (now a standalone tool)

Offline

#4 2019-01-29 05:45:49

rearden888
Member
Registered: 2017-07-31
Posts: 7

Re: [SOLVED] ArchZFS Package key signing issue

Well, i figured out what it was.  What you said about the key being created in the present and my clock being messed up got me thinking. I realized I had an old statement in my Openbox autostart that was starting a second copy of ntpd, interfering, somehow with the first and probably changing the clock during startup, but that I never noticed when the machine was already running.  I disabled that and everything seems to work fine now.  Anyway, thanks for your help, I'll mark this solved.

Offline

Board footer

Powered by FluxBB