You are not logged in.
Or I have something strange in my system or go package has a bad signature
go-2:1.17.6-1-x86_64 downloading...
checking keyring...
checking package integrity...
error: go: signature from "Morten Linderud <morten@linderud.pw>" is marginal trust
:: File /var/cache/pacman/pkg/go-2:1.17.6-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
I'm working on a clean chroot so I think that's not my system problem.
Last edited by amhairghin (2022-01-14 09:42:08)
Offline
pacman -Sy archlinux-keyring; pacman -Su go
Offline
More info. If I ask to keyring it says that the key is marginal.
% pacman-key --list-keys E742683BA08CB2FF
gpg: Note: trustdb not writable
pub rsa4096 2014-09-05 [SC]
C100346676634E80C940FB9E9C02FF419FECBE16
uid [marginal] Morten Linderud <morten@linderud.pw>
uid [marginal] Morten Linderud <mcfoxax@gmail.com>
uid [marginal] Morten Linderud <foxboron@archlinux.org>
uid [marginal] Morten Linderud <morten.linderud@fribyte.uib.no>
uid [marginal] Morten Linderud <morten.linderud@student.uib.no>
sub rsa4096 2014-09-05 [E]
sub rsa4096 2018-11-13 [S]
sub rsa4096 2018-11-26 [A]
Offline
Allan: not an update issue. The 20220113-1 keyring lists Morten’s key as marginally trusted.
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
So... I completely deleted my keyring and populated from the 20220111-1 package:
allan@mando ~
> sudo rm -r /etc/pacman.d/gnupg/
[sudo] password for allan:
allan@mando ~
> sudo pacman-key --init
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: key 851A055CF9ACA827 marked as ultimately trusted
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/BE4416BDC26ADFA8AA1A1FDC851A055CF9ACA827.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
allan@mando ~
> sudo pacman-key --populate archlinux
\==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signed 6 keys.
==> Importing owner trust values...
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: inserting ownertrust of 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
==> Disabling revoked keys in keyring...
-> Disabled 45 keys.
==> Updating trust database...
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 6 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 6 signed: 96 trust: 0-, 0q, 0n, 6m, 0f, 0u
gpg: depth: 2 valid: 84 signed: 32 trust: 84-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2022-05-06
allan@mando ~
> pacman-key --list-keys E742683BA08CB2FF
gpg: Note: trustdb not writable
pub rsa4096 2014-09-05 [SC]
C100346676634E80C940FB9E9C02FF419FECBE16
uid [ full ] Morten Linderud <morten@linderud.pw>
uid [marginal] Morten Linderud <foxboron@archlinux.org>
uid [ full ] Morten Linderud <mcfoxax@gmail.com>
uid [marginal] Morten Linderud <morten.linderud@fribyte.uib.no>
uid [marginal] Morten Linderud <morten.linderud@student.uib.no>
sub rsa4096 2018-11-26 [A]
sub rsa4096 2014-09-05 [E]
sub rsa4096 2018-11-13 [S]
Looks entirely fine to me...
Offline
amhairghin: it’s being worked on. Wait patiently and update when the new keyring version is available.
— edit:
go 2:1.17.6-2 version has been released to address the keyring issue. Wait for it to propagate to your mirror. If you are very impatient you may use pacman -U to obtain it directly, but keep in mind that by doing this you will be ahead of your local sync database for some time — which strictly speaking is a partial upgrade (unsupported) and has some tiny chance of malfunctioning.
— edit:
archlinux-keyring 20220114-1 is currently in testing, fixing the issue.
Last edited by mpan (2022-01-14 10:00:39)
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
I'm working on a clean chroot that don't have any older package installed, but Allan, in my system:
% LANG=C pacman -Qi archlinux-keyring
Name : archlinux-keyring
Version : 20220113-1
Description : Arch Linux PGP keyring
Architecture : any
URL : https://gitlab.archlinux.org/archlinux/archlinux-keyring/
Licenses : GPL3
Groups : None
Provides : None
Depends On : None
Optional Deps : None
Required By : pacman
Optional For : None
Conflicts With : None
Replaces : None
Installed Size : 1455.98 KiB
Packager : Christian Hesse <arch@eworm.de>
Build Date : Thu Jan 13 22:53:54 2022
Install Date : Fri Jan 14 08:52:01 2022
Install Reason : Installed as a dependency for another package
Install Script : Yes
Validated By : Signature
<ogarcia@hell> [~]% sudo rm -r /etc/pacman.d/gnupg/
<ogarcia@hell> [~]% LANG=C sudo pacman-key --init
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: key 5D1AC21E7D7E3F50 marked as ultimately trusted
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/171B4F7547EF43C6834FC89B5D1AC21E7D7E3F50.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
<ogarcia@hell> [~]% LANG=C sudo pacman-key --populate archlinux
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signed 5 keys.
==> Importing owner trust values...
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: inserting ownertrust of 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
==> Disabling revoked keys in keyring...
-> Disabled 47 keys.
==> Updating trust database...
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 5 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 5 signed: 94 trust: 0-, 0q, 0n, 5m, 0f, 0u
gpg: depth: 2 valid: 84 signed: 34 trust: 84-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2022-05-06
<ogarcia@hell> [~]% LANG=C pacman-key --list-keys E742683BA08CB2FF
gpg: Note: trustdb not writable
pub rsa4096 2014-09-05 [SC]
C100346676634E80C940FB9E9C02FF419FECBE16
uid [marginal] Morten Linderud <morten@linderud.pw>
uid [marginal] Morten Linderud <foxboron@archlinux.org>
uid [marginal] Morten Linderud <mcfoxax@gmail.com>
uid [marginal] Morten Linderud <morten.linderud@fribyte.uib.no>
uid [marginal] Morten Linderud <morten.linderud@student.uib.no>
sub rsa4096 2018-11-26 [A]
sub rsa4096 2014-09-05 [E]
sub rsa4096 2018-11-13 [S]
Offline
package was just updated few minutes ago.
$ pacman-key --verify "go-2:1.17.6-2-x86_64.pkg.tar.zst.sig"
==> Checking go-2:1.17.6-2-x86_64.pkg.tar.zst.sig... (detached)
gpg: Signature made Fri 14 Jan 2022 10:25:22 AM CET
gpg: using EDDSA key 0429897DE5F3BDAC537A30696D42BDD116E0068F
gpg: Note: trustdb not writable
gpg: Good signature from "Christian Hesse <eworm@archlinux.org>" [full]
gpg: aka "Christian Hesse (Arch Linux Package Signing) <arch@eworm.de>" [full]
Offline
package was just updated few minutes ago.
Yes, it works now. I'll mark the thread as solved, but "Morten Linderud" key still have a marginal trust
Offline
Trust is fixed in archlinux-keyring 20220114-1.
ArchLinux - make it simple & lightweight
Offline
Trust is fixed in archlinux-keyring 20220114-1.
Perfect!
Offline