You are not logged in.

#1 2019-03-15 23:00:34

diverdriver
Member
Registered: 2017-08-15
Posts: 10

[SOLVED] Invalid or Corrupted Package (PGP Signature)

I'm running into issues upgrading my system, I have two packages now (python-progress and vlc) that give an invalid or corrupted signature error. After searching around a bit, it appears to be a problem with gpg. Reinstalling archlinux-keyring, gnupg, refreshing pacman-key, and trying other servers doesn't help. I am seeing the following:

$ gpg --debug-level guru --search-keys abcdefghij
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /home/bfilarsky/.gnupg
gpg: DBG: chan_3 <- # Config: [none]
gpg: DBG: chan_3 <- OK Dirmngr 2.2.13 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.2.13
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- abcdefghij
gpg: DBG: chan_3 <- ERR 219 Server indicated a failure <Unspecified source>
gpg: error searching keyserver: Server indicated a failure
gpg: keyserver search failed: Server indicated a failure
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg:        build=0 update=0 insert=0 delete=0
gpg:        reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: rndjent stat: collector=0x0000000000000000 calls=0 bytes=0
gpg: secmem usage: 0/32768 bytes in 0 blocks

Last edited by diverdriver (2019-03-16 14:22:00)

Offline

#2 2019-03-15 23:12:16

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,466

Re: [SOLVED] Invalid or Corrupted Package (PGP Signature)

None of that matters.

Give us the actual problem, with exact errors.

Online

#3 2019-03-15 23:13:50

diverdriver
Member
Registered: 2017-08-15
Posts: 10

Re: [SOLVED] Invalid or Corrupted Package (PGP Signature)

:: Synchronizing package databases...
 core is up to date
 extra                                                           1700.4 KiB  1635K/s 00:01 [#####################################################] 100%
 community                                                          4.9 MiB  8.90M/s 00:01 [#####################################################] 100%
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (8) adwaita-icon-theme-3.31.91-1  evince-3.32.0-1  gnome-desktop-1:3.32.0-1  gsettings-desktop-schemas-3.32.0-1  python-progress-1.5-1
             vlc-3.0.6-9  vte-common-0.56.0-1  vte3-0.56.0-1

Total Download Size:    13.05 MiB
Total Installed Size:  102.41 MiB
Net Upgrade Size:       -0.28 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
 evince-3.32.0-1-x86_64                                             2.3 MiB  4.39M/s 00:01 [#####################################################] 100%
 vlc-3.0.6-9-x86_64                                                10.7 MiB  3.46M/s 00:03 [#####################################################] 100%
 python-progress-1.5-1-any                                         11.5 KiB  0.00B/s 00:00 [#####################################################] 100%
(8/8) checking keys in keyring                                                             [#####################################################] 100%
(8/8) checking package integrity                                                           [#####################################################] 100%
error: python-progress: signature from "Eli Schwartz <eschwartz@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/python-progress-1.5-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: vlc: signature from "Levente Polyak (anthraxx) <levente@leventepolyak.net>" is unknown trust
:: File /var/cache/pacman/pkg/vlc-3.0.6-9-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.

Offline

#4 2019-03-15 23:16:06

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,466

Re: [SOLVED] Invalid or Corrupted Package (PGP Signature)

So the issue is that those 2 keys aren't trusted in pacman's keyring. What does `pacman-key --list-sigs anthraxx` give you?

Online

#5 2019-03-15 23:17:02

diverdriver
Member
Registered: 2017-08-15
Posts: 10

Re: [SOLVED] Invalid or Corrupted Package (PGP Signature)

$ pacman-key --list-sigs anthraxx
gpg: Note: trustdb not writable
pub   rsa4096 2011-11-07 [SC] [expires: 2019-12-30]
      E240B57E2C4630BA768E2F26FC1B547C8D8172C8
uid           [ unknown] Levente Polyak (anthraxx) <levente@leventepolyak.net>
sig          3348882F6AC6A4C2 2015-05-14  Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sig          5184252D824B18E8 2015-05-20  Thomas Bächler (Arch Linux Master Key) <thomas@master-key.archlinux.org>
sig          BA1DFB64FFF979E7 2015-04-22  Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig          D21461E3DFE2060D 2015-07-29  Christian Rebischke (Arch Linux Security Team-Member) <Chris.Rebischke@archlinux.org>
sig          A88E23E377514E00 2015-12-23  Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sig          9B729B06A680C281 2017-07-13  Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig 3        FC1B547C8D8172C8 2018-10-24  Levente Polyak (anthraxx) <levente@leventepolyak.net>
sig          39E4B877E62EB915 2018-12-28  Sven-Hendrik Haase <svenstaro@gmail.com>
sig          D6D055F927843F1C 2018-12-06  Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>
uid           [ unknown] Levente Polyak <Z3r0.0x00@gmail.com>
sig          D21461E3DFE2060D 2015-07-29  Christian Rebischke (Arch Linux Security Team-Member) <Chris.Rebischke@archlinux.org>
sig          A88E23E377514E00 2015-12-23  Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sig          9B729B06A680C281 2017-07-13  Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig 3        FC1B547C8D8172C8 2018-10-24  Levente Polyak (anthraxx) <levente@leventepolyak.net>
sig          39E4B877E62EB915 2018-12-28  Sven-Hendrik Haase <svenstaro@gmail.com>
sig          D6D055F927843F1C 2018-12-06  Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>
uid           [ unknown] Levente Polyak <anthraxx@archlinux.org>
sig          3348882F6AC6A4C2 2015-05-14  Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sig          5184252D824B18E8 2015-05-20  Thomas Bächler (Arch Linux Master Key) <thomas@master-key.archlinux.org>
sig          BA1DFB64FFF979E7 2015-04-22  Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig          D21461E3DFE2060D 2015-07-29  Christian Rebischke (Arch Linux Security Team-Member) <Chris.Rebischke@archlinux.org>
sig          A88E23E377514E00 2015-12-23  Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sig          9B729B06A680C281 2017-07-13  Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig 3        FC1B547C8D8172C8 2018-10-24  Levente Polyak (anthraxx) <levente@leventepolyak.net>
sig          39E4B877E62EB915 2018-12-28  Sven-Hendrik Haase <svenstaro@gmail.com>
sig          D6D055F927843F1C 2018-12-06  Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>
uid           [ unknown] Levente Polyak <anthraxx@hamburg.ccc.de>
sig          D21461E3DFE2060D 2015-07-29  Christian Rebischke (Arch Linux Security Team-Member) <Chris.Rebischke@archlinux.org>
sig          A88E23E377514E00 2015-12-23  Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sig          9B729B06A680C281 2017-07-13  Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig 3        FC1B547C8D8172C8 2018-10-24  Levente Polyak (anthraxx) <levente@leventepolyak.net>
sig          39E4B877E62EB915 2018-12-28  Sven-Hendrik Haase <svenstaro@gmail.com>
sig          D6D055F927843F1C 2018-12-06  Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>
uid           [ unknown] Levente Polyak <levente@leventepolyak.de>
sig          D21461E3DFE2060D 2015-07-29  Christian Rebischke (Arch Linux Security Team-Member) <Chris.Rebischke@archlinux.org>
sig          A88E23E377514E00 2015-12-23  Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sig          9B729B06A680C281 2017-07-13  Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig 3        FC1B547C8D8172C8 2018-10-24  Levente Polyak (anthraxx) <levente@leventepolyak.net>
sig          39E4B877E62EB915 2018-12-28  Sven-Hendrik Haase <svenstaro@gmail.com>
sig          D6D055F927843F1C 2018-12-06  Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>
uid           [ unknown] Levente Polyak (Jabber/XMPP only) <anthraxx@jabber.ccc.de>
sig          D21461E3DFE2060D 2015-07-29  Christian Rebischke (Arch Linux Security Team-Member) <Chris.Rebischke@archlinux.org>
sig          A88E23E377514E00 2015-12-23  Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sig          9B729B06A680C281 2017-07-13  Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig 3        FC1B547C8D8172C8 2018-10-24  Levente Polyak (anthraxx) <levente@leventepolyak.net>
sig          39E4B877E62EB915 2018-12-28  Sven-Hendrik Haase <svenstaro@gmail.com>
sub   rsa4096 2011-11-07 [E] [expires: 2019-12-30]
sig          FC1B547C8D8172C8 2018-10-24  Levente Polyak (anthraxx) <levente@leventepolyak.net>

pub   rsa4096 2018-11-08 [SC]
      D8AFDDA07A5B6EDFA7D8CCDAD6D055F927843F1C
uid           [  full  ] Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>
sig 3        D6D055F927843F1C 2018-11-08  Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>
sig   L      169264519F4345DD 2019-01-25  Pacman Keyring Master Key <pacman@localhost>
sub   rsa4096 2018-11-08 [E]
sig          D6D055F927843F1C 2018-11-08  Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>
sub   rsa4096 2018-11-08 [A]
sig          D6D055F927843F1C 2018-11-08  Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>

Offline

#6 2019-03-15 23:18:38

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,466

Re: [SOLVED] Invalid or Corrupted Package (PGP Signature)

So it's got the required sigs. How about `pacman-key --list-sigs master-key.archlinux.org`?

Online

#7 2019-03-15 23:21:37

diverdriver
Member
Registered: 2017-08-15
Posts: 10

Re: [SOLVED] Invalid or Corrupted Package (PGP Signature)

$ pacman-key --list-sigs master-key.archlinux.org
gpg: Note: trustdb not writable
pub   rsa4096 2011-11-29 [SC]
      AB19265E5D7D20687D303246BA1DFB64FFF979E7
uid           [  full  ] Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig 3        BA1DFB64FFF979E7 2011-11-29  Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig   L      169264519F4345DD 2019-01-24  Pacman Keyring Master Key <pacman@localhost>

pub   rsa4096 2017-05-15 [SC]
      DDB867B92AA789C165EEFA799B729B06A680C281
uid           [  full  ] Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig 3        9B729B06A680C281 2017-05-15  Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig   L      169264519F4345DD 2019-01-24  Pacman Keyring Master Key <pacman@localhost>
sub   rsa4096 2017-05-15 [E]
sig          1BB89C0602367449 2018-01-16  [User ID not found]
sig 2        F43D25535101A2C4 2018-05-10  [User ID not found]
sig 1   P  2 AA14E96200F5E006 2017-09-14  [User ID not found]
sig          9B729B06A680C281 2017-05-15  Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>

pub   rsa4096 2015-12-17 [SC]
      91FFE0700E80619CEB73235CA88E23E377514E00
uid           [  full  ] Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sig 3        A88E23E377514E00 2015-12-17  Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sig   L      169264519F4345DD 2019-01-24  Pacman Keyring Master Key <pacman@localhost>
sub   rsa4096 2015-12-17 [E]
sig          1BB89C0602367449 2018-01-16  [User ID not found]
sig 2        F43D25535101A2C4 2018-05-10  [User ID not found]
sig 1   P  2 AA14E96200F5E006 2017-09-14  [User ID not found]
sig          A88E23E377514E00 2015-12-17  Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>

pub   rsa3072 2011-11-18 [SC]
      0E8B644079F599DFC1DDC3973348882F6AC6A4C2
uid           [  full  ] Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sig 3        3348882F6AC6A4C2 2011-11-18  Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sig   L      169264519F4345DD 2019-01-24  Pacman Keyring Master Key <pacman@localhost>
sub   rsa1024 2011-11-18 [E]
sig          3348882F6AC6A4C2 2011-11-18  Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sub   rsa3072 2011-11-18 [A]
sig          1BB89C0602367449 2018-01-16  [User ID not found]
sig 2        F43D25535101A2C4 2018-05-10  [User ID not found]
sig 1   P  2 AA14E96200F5E006 2017-09-14  [User ID not found]
sig          3348882F6AC6A4C2 2011-11-18  Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>

pub   rsa3072 2011-11-19 [SC]
      684148BB25B49E986A4944C55184252D824B18E8
uid           [  full  ] Thomas Bächler (Arch Linux Master Key) <thomas@master-key.archlinux.org>
sig 3        5184252D824B18E8 2011-11-19  Thomas Bächler (Arch Linux Master Key) <thomas@master-key.archlinux.org>
sig   L      169264519F4345DD 2019-01-24  Pacman Keyring Master Key <pacman@localhost>

pub   rsa3072 2011-11-29 [SC] [revoked: 2011-11-29]
      27FFC4769E19F096D41D9265A04F9397CDFD6BB0
rev          A04F9397CDFD6BB0 2011-11-29  Dan McGee (Arch Linux Master Key) <dan@master-key.archlinux.org>
      reason for revocation: No reason specified
         revocation comment: Revocation certificate held by another developer
uid           [ revoked] Dan McGee (Arch Linux Master Key) <dan@master-key.archlinux.org>
sig 3        A04F9397CDFD6BB0 2011-11-29  Dan McGee (Arch Linux Master Key) <dan@master-key.archlinux.org>

pub   rsa3072 2011-11-25 [SC] [revoked: 2011-11-25]
      44D4A033AC140143927397D47EFD567D4C7EA887
rev          7EFD567D4C7EA887 2011-11-25  Ionut Biru (Arch Linux Master Key) <ionut@master-key.archlinux.org>
      reason for revocation: No reason specified
         revocation comment: Something bad happened
uid           [ revoked] Ionut Biru (Arch Linux Master Key) <ionut@master-key.archlinux.org>
sig 3        7EFD567D4C7EA887 2011-11-25  Ionut Biru (Arch Linux Master Key) <ionut@master-key.archlinux.org>

pub   rsa4096 2018-11-08 [SC]
      D8AFDDA07A5B6EDFA7D8CCDAD6D055F927843F1C
uid           [  full  ] Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>
sig 3        D6D055F927843F1C 2018-11-08  Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>
sig   L      169264519F4345DD 2019-01-25  Pacman Keyring Master Key <pacman@localhost>
sub   rsa4096 2018-11-08 [E]
sig          D6D055F927843F1C 2018-11-08  Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>
sub   rsa4096 2018-11-08 [A]
sig          D6D055F927843F1C 2018-11-08  Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>

Offline

#8 2019-03-15 23:26:57

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,466

Re: [SOLVED] Invalid or Corrupted Package (PGP Signature)

Well that's odd, everything is fine with the master keys, they've signed the dev keys in question, but the dev keys still aren't being trusted. I know GPG basics, but this might take someone with deeper knowledge.

Online

#9 2019-03-15 23:36:27

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,466

Re: [SOLVED] Invalid or Corrupted Package (PGP Signature)

If you don't care about what's wrong or why, the heavy handed approach would be to wipe out the keyring all together and redo it. Instructions are in the wiki.

Online

#10 2019-03-15 23:38:04

diverdriver
Member
Registered: 2017-08-15
Posts: 10

Re: [SOLVED] Invalid or Corrupted Package (PGP Signature)

Ok, thanks. I am interested in figuring out what's going on, if nobody else has ideas I'll give that a try.

Offline

#11 2019-03-16 02:10:33

diverdriver
Member
Registered: 2017-08-15
Posts: 10

Re: [SOLVED] Invalid or Corrupted Package (PGP Signature)

Ok, I tried the following:

# rm -R /etc/pacman.d/gnupg/
# rm -R /root/.gnupg/ 
# gpg --refresh-keys
# pacman-key --init && pacman-key --populate archlinux
# pacman-key --refresh-keys

All of the steps seem to work fine until the last one, where I get:

gpg: refreshing 113 keys from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: Server indicated a failure
==> ERROR: A specified local key could not be updated from a keyserver.

Offline

#12 2019-03-16 02:49:22

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,466

Re: [SOLVED] Invalid or Corrupted Package (PGP Signature)

The last step is totally unnecessary

Online

#13 2019-03-16 14:20:40

diverdriver
Member
Registered: 2017-08-15
Posts: 10

Re: [SOLVED] Invalid or Corrupted Package (PGP Signature)

Pacman wasn't working last night after I tried that, but this morning when I booted up it was. It seems to be fixed now!

Offline

#14 2019-03-18 07:36:56

tsmjay
Member
Registered: 2018-12-19
Posts: 9

Re: [SOLVED] Invalid or Corrupted Package (PGP Signature)

A quick

pacman -S archlinux-keyring

should do it too. roll

Offline

#15 2019-03-18 13:48:59

diverdriver
Member
Registered: 2017-08-15
Posts: 10

Re: [SOLVED] Invalid or Corrupted Package (PGP Signature)

As mentioned in the OP, I had tried that with no luck

Offline

#16 2019-03-18 14:38:30

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,466

Re: [SOLVED] Invalid or Corrupted Package (PGP Signature)

tsmjay wrote:

A quick

pacman -S archlinux-keyring

should do it too. roll

No, it shouldn't.

Online

#17 2019-12-05 03:59:50

steadybright
Member
Registered: 2014-03-11
Posts: 17

Re: [SOLVED] Invalid or Corrupted Package (PGP Signature)

tsmjay wrote:

A quick

pacman -S archlinux-keyring

should do it too. roll

Thank you, tsmjay.  That fixed it for me.  I could have done without having to read through all the pompous, self-righteous bloviating above, but glad I eventually made it to your helpful post.

Last edited by steadybright (2019-12-05 04:00:21)

Offline

#18 2019-12-05 05:08:10

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: [SOLVED] Invalid or Corrupted Package (PGP Signature)

steadybright wrote:

I could have done without having to read through all the pompous, self-righteous bloviating above, but glad I eventually made it to your helpful post.

Unnecessary sharing your opinion through necrobumping is not required here.
https://wiki.archlinux.org/index.php/Co … bumping.22
https://wiki.archlinux.org/index.php/Co … mpty_posts

Closing.

Offline

Board footer

Powered by FluxBB