You are not logged in.
I'm currently unable to install anything from the AUR because every invocation of gpg --list-keys hangs with:
gpg: key 38DBBDC86092693E: no user ID for key signature packet of class 11
Any idea how I should fix this issue? I recognize this could be a problem I've caused in GPG, but I can't even figure out how to locate the faulty key or how to sign it. Thanks!
Offline
What is the output of
pacman -Qi gpg
Edit:
Also please post the command you are running with its full output.
The output you posted I would expect from `gpg --recv-keys` not `gpg --lists-keys`.
Last edited by loqs (2019-10-25 23:13:46)
Offline
The problem was a poisoned key in my keyring. I used the solution posted here to identify it:
https://dev.gnupg.org/T3972#127356
and then followed instructions from here to mitigate the problem:
https://tech.michaelaltfield.net/2019/0 … tificates/
GPG is (mostly) working now and I seem to be able to install just about everything.
Offline
I asked for version of gnupg your system was using as the current version of gnupg arch provides already has mitigation built in see https://bbs.archlinux.org/viewtopic.php … 1#p1868451
Offline
I asked for version of gnupg your system was using as the current version of gnupg arch provides already has mitigation built in see https://bbs.archlinux.org/viewtopic.php … 1#p1868451
I believe that mitigation is to prevent importing poisoned keys. I don't know if it will help if the keyring already contains such a key.
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
The update with the mitigation was pushed four months ago so I was working on the assumption quite possibly wrongly that the issue has occurred recently and with the current version of gnupg.
Edit:
Also has gnupg been updated to work with UID less keys which keys.openpgp.org may provide?
Last edited by loqs (2019-10-26 12:12:33)
Offline
Moving to AUR issues.
Offline
Thanks everyone and srry @loqs that I didn't answer your question properly -- I had just finished the update when I saw your post, so I wasn't sure how to tell you what the version *had been*. I just realized I could check the pacman log, which shows me that gnupg was upgraded on July 30:
2092381:[2019-07-30 13:14] [ALPM] upgraded gnupg (2.2.16-1 -> 2.2.17-2)
I guess I must have ingested the poisoned key before then, and somehow been able to upgrade from the package repositories, as I'be been doing regular pacman -Syus; but some how the AUR wasn't working. And a bunch of other stuff was broken as well, so it's nice to have this out of hte way...
Offline
pacman has a variable GPGDir default /etc/pacman.d/gnupg/ to locate its gpg settings meaning it has a separate keyring to that used by your user.
Offline
Edit:
Also has gnupg been updated to work with UID less keys which keys.openpgp.org may provide?
I do not believe so. https://dev.gnupg.org/T4393
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline