Corrupted archives

Karakurt · 2022-09-29 18:50:36

Hello!
This is both a documentary of my findings, and a question.

TL;DR: at least I can't install packages from archive.archlinux.org because of corrupted keys (I guess) in outdated keyrings (pacman, and krb5 as examples)

I had yet another "arch is unstable and will break if was not upgraded for 1 second!" argument, and decided to take matters into my own hands.
The first thing was to find an old linux image, and thankfully I had Arch Linux Live ISO packed 2020.04.04 lying around; so I jumped on it right away.
And love and behold, simple

 pacman -Sy archlinux-keyring && pacstrap /mnt linux linux-firmware base

did the trick!

But there was a reasonable argument that this is not an update, this is an installation. So I run

 pacman -Syu

on live system itself, and it also worked!
Until it did not.
Firstly I met a strange issue of size mismatch for received packets, hanging pacman. I did not understand what happened, but I recognized that it was a size issue, the one I was expecting, so the second run was with cache directory on HDD. That did help, but now one of .so files existed in system already as a symlink, so I needed to remove it (It really needs to be a simple y/N question...).
Anyway, it succeeded too, so I wrote poweroff with wictory in hands... Only to be met with kernel panic.

# Finally to the point
At this point I finally understood that a live system is not the test ground I needed, and, after some back&forth, I decided to try to install an old Arch to a hardware, using archive.archlinux.org as a repository.
So, again, I booted up an 2020.04.04 image, wrote

 Server = https://archive.archlinux.org/repos/2020/04/04/$repo/os/$arch

in /etc/pacman.d/mirrorlist instead of everything there was;
ran

pacman -Sy archlinux-keyring

which was reinstalled as it was not outdated; and launched

 pacstrap /mnt linux linux-firmware base

.
I was expecting a smooth ride, and it even was that way at first, but when validating packages it found a bunch of just downloaded packets corrupted.
I ran it again, I reinstalled arch-keyring, I even tested it on later 2020 releases (tested ~5 in total), but in the end, every time packets from group base where corrupted. Pacman himself, krb5 and vim are the ones I remember (a bit lazy to gather a full list), adding group KDE considerably expands the list of "corrupted" packets.

The question is, why? Or what did I do wrong?
More importantly, I feel like this is more systematic and widespread issue, but I lack time and bandwidth to test my theory. Because of that I'm asking you, my fellow archers, to repeat this experiment yourself and write about your findings.

So, this is that, I found a strange thing and wanted to share it. Feel free to ask anything in comments, as english is not my first language and I'm not confident that I wrote everything clear.

Last edited by Karakurt (2022-09-29 18:52:31)

Scimmia · 2022-09-29 18:59:03

All of that with no actual error messages.

Karakurt · 2022-09-29 20:16:19

Scimmia wrote:

All of that with no actual error messages.

My hardware is too weak for VM, and capturing anything from LiveUSB is kind of difficult.
I can try, if this is absolutely necessary, but I was intending this to be more of a guide for your own testing.

Slithery · 2022-09-29 20:53:15

Karakurt wrote:

...and capturing anything from LiveUSB is kind of difficult.

Why?
https://wiki.archlinux.org/title/List_o … n_services

Karakurt · 2022-09-29 21:21:27

I found a way
https://asciinema.org/a/nY6ZdiA5qnFwtCM0H3iIr01kF

seth · 2022-09-29 22:02:37

You're installing a 2+ year old version of archlinux, pin that version, run an update and get into unknown trust issues because probably a whole bunch of keys have expired.

Idk what you're trying to achieve or prove, but at least check the keyserver config, https://wiki.archlinux.org/title/Pacman … _keyserver and run "pacman-key --refresh-keys"
Ideally update the archlinux-keyring package to the latest version.

Scimmia · 2022-09-29 22:51:10

This is why the actual error is important, it tells us the error is with the keyring, not the packages, and that it's anthraxx's key you're having an issue with.

Check it with pacman-key --list-keys levente@leventepolyak.net, but I'd bet seth is right, it's expired.

Arch Linux

#1 2022-09-29 18:50:36

Corrupted archives

#2 2022-09-29 18:59:03

Re: Corrupted archives

#3 2022-09-29 20:16:19

Re: Corrupted archives

#4 2022-09-29 20:53:15

Re: Corrupted archives

#5 2022-09-29 21:21:27

Re: Corrupted archives

#6 2022-09-29 22:02:37

Re: Corrupted archives

#7 2022-09-29 22:51:10

Re: Corrupted archives

Board footer