You are not logged in.
Pages: 1
Hello!
This is both a documentary of my findings, and a question.
TL;DR: at least I can't install packages from archive.archlinux.org because of corrupted keys (I guess) in outdated keyrings (pacman, and krb5 as examples)
I had yet another "arch is unstable and will break if was not upgraded for 1 second!" argument, and decided to take matters into my own hands.
The first thing was to find an old linux image, and thankfully I had Arch Linux Live ISO packed 2020.04.04 lying around; so I jumped on it right away.
And love and behold, simple
pacman -Sy archlinux-keyring && pacstrap /mnt linux linux-firmware base
did the trick!
But there was a reasonable argument that this is not an update, this is an installation. So I run
pacman -Syu
on live system itself, and it also worked!
Until it did not.
Firstly I met a strange issue of size mismatch for received packets, hanging pacman. I did not understand what happened, but I recognized that it was a size issue, the one I was expecting, so the second run was with cache directory on HDD. That did help, but now one of .so files existed in system already as a symlink, so I needed to remove it (It really needs to be a simple y/N question...).
Anyway, it succeeded too, so I wrote poweroff with wictory in hands... Only to be met with kernel panic.
# Finally to the point
At this point I finally understood that a live system is not the test ground I needed, and, after some back&forth, I decided to try to install an old Arch to a hardware, using archive.archlinux.org as a repository.
So, again, I booted up an 2020.04.04 image, wrote
Server = https://archive.archlinux.org/repos/2020/04/04/$repo/os/$arch
in /etc/pacman.d/mirrorlist instead of everything there was;
ran
pacman -Sy archlinux-keyring
which was reinstalled as it was not outdated; and launched
pacstrap /mnt linux linux-firmware base
.
I was expecting a smooth ride, and it even was that way at first, but when validating packages it found a bunch of just downloaded packets corrupted.
I ran it again, I reinstalled arch-keyring, I even tested it on later 2020 releases (tested ~5 in total), but in the end, every time packets from group base where corrupted. Pacman himself, krb5 and vim are the ones I remember (a bit lazy to gather a full list), adding group KDE considerably expands the list of "corrupted" packets.
The question is, why? Or what did I do wrong?
More importantly, I feel like this is more systematic and widespread issue, but I lack time and bandwidth to test my theory. Because of that I'm asking you, my fellow archers, to repeat this experiment yourself and write about your findings.
So, this is that, I found a strange thing and wanted to share it. Feel free to ask anything in comments, as english is not my first language and I'm not confident that I wrote everything clear.
Last edited by Karakurt (2022-09-29 18:52:31)
Offline
All of that with no actual error messages.
Offline
All of that with no actual error messages.
My hardware is too weak for VM, and capturing anything from LiveUSB is kind of difficult.
I can try, if this is absolutely necessary, but I was intending this to be more of a guide for your own testing.
Offline
...and capturing anything from LiveUSB is kind of difficult.
Offline
I found a way
https://asciinema.org/a/nY6ZdiA5qnFwtCM0H3iIr01kF
Offline
You're installing a 2+ year old version of archlinux, pin that version, run an update and get into unknown trust issues because probably a whole bunch of keys have expired.
Idk what you're trying to achieve or prove, but at least check the keyserver config, https://wiki.archlinux.org/title/Pacman … _keyserver and run "pacman-key --refresh-keys"
Ideally update the archlinux-keyring package to the latest version.
Offline
This is why the actual error is important, it tells us the error is with the keyring, not the packages, and that it's anthraxx's key you're having an issue with.
Check it with pacman-key --list-keys levente@leventepolyak.net, but I'd bet seth is right, it's expired.
Offline
Pages: 1