You are not logged in.
Signatures were missing in my local Pacman database, so the .sig files weren't under /var/lib/pacman/sync.
I "fixed" this by switching to Optional signatures in the global Pacman config, so setting from
SigLevel = Required DatabaseOptional
to
SigLevel = Optional DatabaseOptional
My gut tells me this "fix" is a bit of a workaround and less secure So what actually happened? And what's a better fix?
BTW: the original Pacman error that got me poking around for a fix was very misleading. It sounded like a networking issue, which is was not:
Operation too slow. Less than 1 bytes/sec transferred the last 10 seconds
After the above reconfig -- and NO networking changes (I remained on the same network, did not reboot any network gear or reconfigure anything like name resolution or firewalls, and my router logs say the ISP was always up) -- that error went away and Pacman went about it's merry way. Seems odd ... like a catchall error being thrown.
Last edited by vap0rtranz (2019-11-24 15:36:45)
Offline
The error you're taking about *is* a network error, it has nothing at all to do with signatures.
Offline
As the databases are not signed the absence of sig files in /var/lib/pacman/sync is expected.
Offline
Offline
(as you have done there)
I totally agree, and do not recall reconfiguring pacman to NOT have signatures before this date. Perhaps folks are speed reading my post ... Because I clearly say that I re-configured AFTER seeing this error.
I had just re-configured pacman to work around the error when posting, not re-configured and then sync'd pacman; so it's the other way around, aka. the error presented itself, I noticed no .sig files in the sync database, and so re-configured to not use them as a "bandaid". This is NOT a configuration that I ever wanted, and I did NOT delete the .sig files, nor do I have a job that prunes files on my system, so I posted here to get ideas for what happened to pacman's sync database.
My post is two-fold: what happened to those signature files? And what is the permanent fix? Do I have to initialize the database keys again? Is there a known process that removes signatures? So I can avoid it, like an inadvertent alteration to pacman's database? Or any known process that removes .sig files?
Offline
Perhaps folks are speed reading my post ...
Possibly. Then again, the posts are wildly jumping around, the chronology is not very clear (at least to me), and so it's difficult to interpret things correctly.
From this:
Signatures were missing in my local Pacman database, so the .sig files weren't under /var/lib/pacman/sync.
I "fixed" this by switching to Optional signatures in the global Pacman config, so setting from
SigLevel = Required DatabaseOptional
to
SigLevel = Optional DatabaseOptional
… I assume that your current pacman.conf now says this:
SigLevel = Optional DatabaseOptional
That first `Optional` there means that pacman will happily carry on if a package is not signed, which is a bad idea.
As for database signing, as already mentioned in post #3, Arch Linux does not sign its package databases (so you won't see any .sig files under /var/lib/pacma/sync), hence the default is to put `DatabaseOptional`.
Offline
… I assume that your current pacman.conf now says this:
SigLevel = Optional DatabaseOptional
Right, like I said in the OP, I had switched to that.
That first `Optional` there means that pacman will happily carry on if a package is not signed, which is a bad idea.
As for database signing, as already mentioned in post #3, Arch Linux does not sign its package databases (so you won't see any .sig files under /var/lib/pacma/sync), hence the default is to put `DatabaseOptional`.
Ah, Arch doesn't sign package databases. Interesting. I swore other forum members show .sig files under their /var/lib/pacman/sync, whereas my install has no .sig files. Missed that detail. Ty.
So my re-config of pacman's package signing verification was happenstance and not related to the networking error. Maybe so. I verified my gpg keys, based on the Wiki's pacman troubleshooting steps, and all that looks good too, but I did notice this comment in the Wiki:
If you have IPv6 disabled, gpg will fail when it found some IPv6 address.
That ^ isn't proper English but I assume it means that if IPv6 is blocked on my network, which it is, there would be issues with keyserver communication, and my networking error would make more sense. I'll keep poking around.
Last edited by vap0rtranz (2019-11-25 13:37:22)
Offline