You are not logged in.
Greetings and long time no see.
I have arch installed on a box and it's been offline for ~3 years while I was out of the country.
I started it up today and took a nice fresh breath of air -- and then I went to install some package and discovered that the `archlinux-keyring` needed to be updated. After the keyring file is fetched, it fails on the signature validation:
pacman -Syu
:: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
multilib is up to date
:: Some packages should be upgraded first...
resolving dependencies...
looking for conflicting packages...
Package (1) Old Version New Version Net Change
core/archlinux-keyring 20190123-2 20211028-1 0.42 MiB
Total Installed Size: 1.36 MiB
Net Upgrade Size: 0.42 MiB
:: Proceed with installation? [Y/n]
(1/1) checking keys in keyring [##########################################] 100%
downloading required keys...
error: key "6D42BDD116E0068F" could not be looked up remotely
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
:: Starting full system upgrade...
:: Replace bind-tools with extra/bind? [Y/n]
Letting the `-Syu` complete the 3gb download results in the same `6D42BDD116E0068F` key not found/added error.
That `6D42BDD116E0068F` key appears to no longer be valid. I've already tried fetching it manually with no luck.
I've tried every single `pacman-keys` and `gpg` command, including flushing both `/root/gnupg` and `etc/paman.d/gnupg` ad infinitum as well as every other recommendation from this forum and other sites. Every other thread that has a similar issue is resolved by things that do not work for me since the key I'm trying to fetch is old/expired and no longer served/provided -- or when someone replies to the thread they're told to stop replying to a closed thread.
Does anybody know how I can get past this key blocking me? Maybe someone can send me that key securely so I can add it in myself.
The keyserver fetch fails:
pacman-key --keyserver hkp://pool.sks-keyservers.net --refresh-keys
gpg: refreshing 137 keys from hkp://pool.sks-keyservers.net
gpg: keyserver refresh failed: Server indicated a failure
==> ERROR: A specified local key could not be updated from a keyserver.
I've tried hkp and hkps, and tried every server I could find from mit, and other hackerly looking ones. Nothing seems to allow me to fetch that `6D42BDD116E0068F` key and I'm stuck 3 years in the past.
Thanks and best.
Last edited by arx (2022-01-10 16:03:58)
Offline
If it was unused for 3 years, your best bet is to make a fresh installation. Otherwise it will be a painstaking process of replaying step by step updates from ALA, possibly with software that has been replaced a long time ago, accepting packages with long expired signatures. And all that may still end in a failure.
If you really want to continue through that horror: sks-keyservers is dead for a year or so. MIT is malfunctioning for so long I can’t even tell since when exactly. The currently used keyserver is <hkp://keyserver.ubuntu.com>. The keyring may need a fresh initialization anyway.
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
Thanks mpan, I just followed this section: https://wiki.archlinux.org/title/Pacman … mport_keys
It also suggests trying the ubuntu sks server, but I get the same issue from there.
I also cloned down archlinux-keyring and ran `make dist`, signed with my key -- but I am having issues adding my gpg key to pacman.
Last edited by arx (2022-01-10 13:41:13)
Offline
sudo pacman-key --refresh-keys
gpg: refreshing 137 keys from hkp://keyserver.ubuntu.com
gpg: keyserver refresh failed: Server indicated a failure
==> ERROR: A specified local key could not be updated from a keyserver.
It's things like this that are so irritating w/ arch
Offline
I've gotten past the sks bad key issue, by following this:
https://forum.manjaro.org/t/cant-update … ng/72390/5
Next steps:
1. let -Syyu complete
2. undo that sks server url (set back to ubuntu)
3. flush and repull keys.
Fingers crossed. I'm fine manually fixing dependencies btw, will update this thread later when/if the upgrade completes entirely.
Offline
Make sure you read any relevant news items from the last few years, for example...
https://archlinux.org/news/moving-to-zs … kinitcpio/
IIRC there are other upgrade blockers in the news feed.
Offline
Thanks Slithery, I'm familiar with that change because I have a laptop I was running arch on the whole time as well I appreciate the reminder though!
Offline
All green:
pacman -Syu
:: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
multilib is up to date
:: Starting full system upgrade...
there is nothing to do
Thanks for the pointers, frens
Offline