You are not logged in.

#1 2020-10-14 10:18:51

smit1208
Member
Registered: 2020-10-14
Posts: 8

Cannot update due to multiple invalid signatures

Update of ArchLinux system (pacman -Su) fails due to invalid signatures (installed in VirtualBox http://scicomp.web.unc.edu/scicompunc/)

Example message:

error: icu: signature from "Andreas Radke <andyrtr@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/icu-67.1-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).

Similar messages for all packages.

Notes:

1. Have tried pacman -Sy archlinux-keyring && pacman -Su
2. Have tried pacman -Sy archlinux-keyring && pacman-key --populate archlinux
3. Time seems accurate but ntpd not active (cannot install it due to above PGP signature errors)

This is a system provided for students in scientific computation, but I'm not a SysAdmin expert. Help resolving the update issue is most appreciated.

Last edited by smit1208 (2020-10-14 16:16:33)

Offline

#2 2020-10-14 10:24:20

loqs
Member
Registered: 2014-03-06
Posts: 17,192

Re: Cannot update due to multiple invalid signatures

What is the output of

pacman-key --list-keys ADC8A1FCC15E01D45310419E94657AB20F2A092B

Offline

#3 2020-10-14 10:25:50

smit1208
Member
Registered: 2020-10-14
Posts: 8

Re: Cannot update due to multiple invalid signatures

pacman-key --list-keys ADC8A1FCC15E01D45310419E94657AB20F2A092B
gpg: Note: trustdb not writable
pub   rsa2048 2011-05-14 [SC]
      ADC8A1FCC15E01D45310419E94657AB20F2A092B
uid           [  full  ] Andreas Radke <andyrtr@archlinux.org>
uid           [marginal] Andreas Radke <andyrtr@mailbox.org>
uid           [marginal] Andreas Radke <andreas.radke@mailbox.org>
sub   rsa2048 2011-05-14 [E]

Last edited by smit1208 (2020-10-14 16:17:00)

Offline

#4 2020-10-14 10:39:34

GeorgeRaven
Member
Registered: 2019-10-10
Posts: 6

Re: Cannot update due to multiple invalid signatures

https://wiki.archlinux.org/index.php/Pa … l_the_keys

I recently had this issue, it may be just as expedient to remove all the keys (/etc/pacman.d/gnupg) as per the above wiki section "Resetting all the keys", then re-init and populate the keys also in the instructions in that section.
However you could instead target the specific problematic keys.

Last edited by GeorgeRaven (2020-10-14 10:46:49)

Offline

#5 2020-10-14 10:49:13

smit1208
Member
Registered: 2020-10-14
Posts: 8

Re: Cannot update due to multiple invalid signatures

Removing /etc/pacman.d/gnupg followed by re-init and populate does not solve the problem. After pacman -Su

:: Proceed with installation? [Y/n] 
(1220/1220) checking keys in keyring                                               [###############################################] 100%
(1220/1220) checking package integrity                                             [###############################################] 100%
error: glibc: signature from "Bartlomiej Piotrowski <b@bpiotrowski.pl>" is invalid
:: File /var/cache/pacman/pkg/glibc-2.32-4-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: gcc-libs: signature from "Evangelos Foutras <evangelos@foutrelis.com>" is invalid
:: File /var/cache/pacman/pkg/gcc-libs-10.2.0-3-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]

Last edited by smit1208 (2020-10-14 16:17:22)

Offline

#6 2020-10-14 12:01:25

GeorgeRaven
Member
Registered: 2019-10-10
Posts: 6

Re: Cannot update due to multiple invalid signatures

Hmm then im not sure, in theory those should be fresh keys.
Outside of rebooting to ensure the system is in a good state, I dont know what to do outside of manually checking those invalid keys/ packages if they are indeed corrupt which I think will be unlikely but we may need to use y flag to refresh.
What is the result if you reboot and instead force a refresh and update with pacman -Syyuu ?

Offline

#7 2020-10-14 12:35:33

Mortimer Houghton
Member
Registered: 2014-09-28
Posts: 85

Re: Cannot update due to multiple invalid signatures

[Deleted]

Last edited by Mortimer Houghton (2020-10-14 12:40:32)

Offline

#8 2020-10-14 12:55:58

smit1208
Member
Registered: 2020-10-14
Posts: 8

Re: Cannot update due to multiple invalid signatures

Upon reboot, key reinit, and pacman -Syyuu the behavior is the same, invalid PGP key.

If anyone has the time/inclination, the virtual machine is downloadable from http://scicomp.web.unc.edu/mathunc/. Thanks.

Offline

#9 2020-10-14 13:59:14

seth
Member
Registered: 2012-09-03
Posts: 49,951

Re: Cannot update due to multiple invalid signatures

pacman-key --list-sigs Master

Offline

#10 2020-10-14 14:00:27

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,461

Re: Cannot update due to multiple invalid signatures

You either are actually getting corrupt packages, or you're running into a bug in VirtualBox on Windows.

Edit: For everyone trying to help, look at the actual error! This isn't unknown trust. This isn't missing keys.

Last edited by Scimmia (2020-10-14 14:05:43)

Offline

#11 2020-10-14 14:20:16

seth
Member
Registered: 2012-09-03
Posts: 49,951

Re: Cannot update due to multiple invalid signatures

Indeed, but then the most likely reason is still that

3. Time seems accurate but ntpd not active (cannot install it due to above PGP signature errors)

"seems" is far too close to "should"

date --utc
stat /var/cache/pacman/pkg/glibc-2.32-4-x86_64.pkg.tar.zst
md5sum /var/cache/pacman/pkg/glibc-2.32-4-x86_64.pkg.tar.zst

Offline

#12 2020-10-14 15:34:24

smit1208
Member
Registered: 2020-10-14
Posts: 8

Re: Cannot update due to multiple invalid signatures

pacman-key --list-sigs Master


gpg: Note: trustdb not writable
pub   rsa2048 2020-03-05 [SC]
      393A6C51E405F6D4E5F71DEA5542D4548F04E95E
uid           [ultimate] Pacman Keyring Master Key <pacman@localhost>
sig 3        5542D4548F04E95E 2020-03-05  Pacman Keyring Master Key <pacman@localhost>

pub   rsa4096 2011-11-29 [SC]
      AB19265E5D7D20687D303246BA1DFB64FFF979E7
uid           [  full  ] Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig 3        BA1DFB64FFF979E7 2011-11-29  Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig          F99FFE0FEAE999BD 2011-11-30  Allan McRae <me@allanmcrae.com>
sig          06096A6AD1CEDDAC 2011-11-30  Laurent Carlier <lordheavym@gmail.com>
sig   L      5542D4548F04E95E 2020-03-05  Pacman Keyring Master Key <pacman@localhost>

pub   rsa4096 2018-11-08 [SC]
      D8AFDDA07A5B6EDFA7D8CCDAD6D055F927843F1C
uid           [  full  ] Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>
sig 3        D6D055F927843F1C 2018-11-08  Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>
sig          39E4B877E62EB915 2018-12-28  Sven-Hendrik Haase <svenstaro@gmail.com>
sig          FC1B547C8D8172C8 2018-11-12  Levente Polyak (anthraxx) <levente@leventepolyak.net>
sig   L      5542D4548F04E95E 2020-03-05  Pacman Keyring Master Key <pacman@localhost>
sub   rsa4096 2018-11-08 [E]
sig          D6D055F927843F1C 2018-11-08  Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>
sub   rsa4096 2018-11-08 [A]
sig          D6D055F927843F1C 2018-11-08  Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>

pub   rsa4096 2017-05-15 [SC]
      DDB867B92AA789C165EEFA799B729B06A680C281
uid           [  full  ] Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig 3        9B729B06A680C281 2017-05-15  Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sig          BBE43771487328A9 2017-05-15  Bartlomiej Piotrowski <b@bpiotrowski.pl>
sig   L      5542D4548F04E95E 2020-03-05  Pacman Keyring Master Key <pacman@localhost>
sub   rsa4096 2017-05-15 [E]
sig          9B729B06A680C281 2017-05-15  Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>

pub   rsa4096 2015-12-17 [SC]
      91FFE0700E80619CEB73235CA88E23E377514E00
uid           [  full  ] Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sig 3        A88E23E377514E00 2015-12-17  Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sig          6D1655C14CE1C13E 2015-12-17  Florian Pritz <bluewind@xinu.at>
sig   L      5542D4548F04E95E 2020-03-05  Pacman Keyring Master Key <pacman@localhost>
sub   rsa4096 2015-12-17 [E]
sig          A88E23E377514E00 2015-12-17  Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>

pub   rsa3072 2011-11-18 [SC]
      0E8B644079F599DFC1DDC3973348882F6AC6A4C2
uid           [  full  ] Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sig 3        3348882F6AC6A4C2 2011-11-18  Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sig          7F2D434B9741E8AC 2011-11-18  Pierre Schmitz <pierre@archlinux.de>
sig   L      5542D4548F04E95E 2020-03-05  Pacman Keyring Master Key <pacman@localhost>
sub   rsa1024 2011-11-18 [E]
sig          3348882F6AC6A4C2 2011-11-18  Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sub   rsa3072 2011-11-18 [A]
sig          3348882F6AC6A4C2 2011-11-18  Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>

pub   rsa3072 2011-11-29 [SC] [revoked: 2011-11-29]
      27FFC4769E19F096D41D9265A04F9397CDFD6BB0
rev          A04F9397CDFD6BB0 2011-11-29  Dan McGee (Arch Linux Master Key) <dan@master-key.archlinux.org>
      reason for revocation: No reason specified
         revocation comment: Revocation certificate held by another developer
uid           [ revoked] Dan McGee (Arch Linux Master Key) <dan@master-key.archlinux.org>
sig 3        A04F9397CDFD6BB0 2011-11-29  Dan McGee (Arch Linux Master Key) <dan@master-key.archlinux.org>
sig          5C2E46A0F53A76ED 2011-11-29  Dan McGee <dpmcgee@gmail.com>
sig          06096A6AD1CEDDAC 2011-11-30  Laurent Carlier <lordheavym@gmail.com>

pub   rsa3072 2011-11-25 [SC] [revoked: 2011-11-25]
      44D4A033AC140143927397D47EFD567D4C7EA887
rev          7EFD567D4C7EA887 2011-11-25  Ionut Biru (Arch Linux Master Key) <ionut@master-key.archlinux.org>
      reason for revocation: No reason specified
         revocation comment: Something bad happened
uid           [ revoked] Ionut Biru (Arch Linux Master Key) <ionut@master-key.archlinux.org>
sig 3        7EFD567D4C7EA887 2011-11-25  Ionut Biru (Arch Linux Master Key) <ionut@master-key.archlinux.org>
sig          E8F18BA1615137BC 2011-11-25  Ionut Biru <ibiru@archlinux.org>

pub   rsa3072 2011-11-19 [SC] [revoked: 2011-11-20]
      684148BB25B49E986A4944C55184252D824B18E8
rev          5184252D824B18E8 2011-11-20  Thomas Bächler (Arch Linux Master Key) <thomas@master-key.archlinux.org>
      reason for revocation: No reason specified
         revocation comment: Master Key revoked by Revocation Certificate holder Tobias Powalowski.
uid           [ revoked] Thomas Bächler (Arch Linux Master Key) <thomas@master-key.archlinux.org>
sig 3        5184252D824B18E8 2011-11-19  Thomas Bächler (Arch Linux Master Key) <thomas@master-key.archlinux.org>
sig          284FC34C8E4B1A25 2011-11-19  Thomas Bächler <thomas@bchlr.de>

Last edited by smit1208 (2020-10-14 16:16:12)

Offline

#13 2020-10-14 15:46:10

smit1208
Member
Registered: 2020-10-14
Posts: 8

Re: Cannot update due to multiple invalid signatures

sudo pacman -Sy firefox
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
resolving dependencies...
looking for conflicting packages...

Packages (1) firefox-81.0.2-1

Total Installed Size:  206.77 MiB
Net Upgrade Size:       20.00 MiB

:: Proceed with installation? [Y/n] 
(1/1) checking keys in keyring                                                                            [###############################################################] 100%
(1/1) checking package integrity                                                                          [###############################################################] 100%
error: firefox: signature from "Jan Alexander Steffens (heftig) <heftig@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/firefox-81.0.2-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
@scicomp:~>date --utc
Wed 14 Oct 2020 03:45:36 PM UTC
@scicomp:~>stat /var/cache/pacman/pkg/firefox-81.0.2-1-x86_64.pkg.tar.zst 
  File: /var/cache/pacman/pkg/firefox-81.0.2-1-x86_64.pkg.tar.zst
  Size: 60494828  	Blocks: 118160     IO Block: 4096   regular file
Device: 803h/2051d	Inode: 4325498     Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2020-10-14 11:43:16.961151032 -0400
Modify: 2020-10-12 18:15:59.000000000 -0400
Change: 2020-10-14 11:43:16.791236033 -0400
 Birth: 2020-10-14 11:43:14.972146035 -0400
@scicomp:~>md5sum /var/cache/pacman/pkg/firefox-81.0.2-1-x86_64.pkg.tar.zst 
73cdbd9c943a17a996ebf3606536805a  /var/cache/pacman/pkg/firefox-81.0.2-1-x86_64.pkg.tar.zst

Last edited by smit1208 (2020-10-14 16:15:50)

Offline

#14 2020-10-14 15:53:07

seth
Member
Registered: 2012-09-03
Posts: 49,951

Re: Cannot update due to multiple invalid signatures

Please edit your posts and wrap the output in code tags, https://bbs.archlinux.org/help.php#bbcode

Dates and md5sum are ok, though.

Offline

#15 2020-10-14 15:54:13

smit1208
Member
Registered: 2020-10-14
Posts: 8

Re: Cannot update due to multiple invalid signatures

Will do. Thanks.

Offline

#16 2020-10-14 15:54:52

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,461

Re: Cannot update due to multiple invalid signatures

I'm guessing you're on an old version of VirtualBox, right?

Offline

#17 2020-10-14 16:02:35

smit1208
Member
Registered: 2020-10-14
Posts: 8

Re: Cannot update due to multiple invalid signatures

No, it's VirtualBox 6.1.14 r140239, most recent version.

Offline

#18 2020-10-14 16:28:34

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,461

Re: Cannot update due to multiple invalid signatures

Bad signature calculations has been in issue in VirtualBox since they released their hyper-v backend. A couple of people reported that it was fixed in 6.1.14, but maybe not completely.

Offline

#19 2020-10-14 17:20:48

progandy
Member
Registered: 2012-05-17
Posts: 5,184

Re: Cannot update due to multiple invalid signatures

Here are some things you can try out, e.g. changing clocksource, disable rdtscp, change gnupg hardware features, ...
https://bbs.archlinux.org/viewtopic.php … 3#p1923583


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#20 2020-10-26 09:51:50

ikciwor
Member
Registered: 2016-03-14
Posts: 7

Re: Cannot update due to multiple invalid signatures

I encounter the same problem but outside of VBox

Offline

#21 2020-10-30 22:21:16

giantGumbo
Member
Registered: 2020-10-30
Posts: 1

Re: Cannot update due to multiple invalid signatures

I was having this problem (virtualbox on windows) and I found upgrading to 6.1.16 fixed the issue.

Offline

Board footer

Powered by FluxBB