You are not logged in.
Hello,
I am trying to struggle to get my pacman working as usual again. The error occured after trying to install fiji-bin from the AUR using aurutils. It complained about a missing PGP signature and I realized that I haven't created a PGP key yet. So I created a new pair of public and secret keys. After that, aur sync -s fiji-bin worked, however, pacman is now complaining about the unkown PGP key:
error: custom: key "ECE3666870CB582A46157DA785CB96D3CEAFE40D" is unknown
:: Import PGP key ECE3666870CB582A46157DA785CB96D3CEAFE40D? [Y/n] y
error: key "ECE3666870CB582A46157DA785CB96D3CEAFE40D" could not be looked up remotelyI tried to uninstall the package from the custom database using repo-remove and pacman -r, afterwards I cleared the pacman cache. I also repopulated the pacman keyring, deleted the .sig files, tried pacman -Syyu, but it always giving the same error that there are invalid or corrupted databases.
I think I might have panicked in some steps doing a stupid "troubleshooting" not really knowing what I am doing. If someone could guide me through it from the beginning I would appreciate that!
Last edited by plasmablast (2022-10-12 12:12:46)
Offline
Offline
The key cannot be looked up remotely and also receiving the key manually failed:
➜ ~ sudo pacman-key --recv-keys ECE3666870CB582A46157DA785CB96D3CEAFE40D
gpg: keyserver receive failed: No dataUnfortunately, I found no references while googling the key and also public lookup servers (e.g. https://pgp.mit.edu/) do not find that key.
Offline
Read the link again.
Offline
Well, you obviously linked chapter 2.3:
Adding unofficial keys
This method can be utilized to add a key to the pacman keyring, or to enable signed unofficial user repositories.
First, get the key ID (keyid) from its owner. Then add it to the keyring using one of the two methods:
If the key is found on a keyserver, import it with:
# pacman-key --recv-keys keyid
If otherwise a link to a keyfile is provided, download it and then run:
# pacman-key --add /path/to/downloaded/keyfile
It is recommended to verify the fingerprint, as with any master key or any other key you are going to sign:
$ pacman-key --finger keyid
Finally, you must locally sign the imported key:
# pacman-key --lsign-key keyid
You now trust this key to sign packages.How, when I cannot access the damn key? Or do you want me to read the whole wiki article? A little bit more elucidation on where to actually start the troubleshooting would be extremly helpful!
Offline
You said you created the key pair - so obviously it is not on a key server. You were linked to instructions that provided two alternatives, one for if the key was on a keyserver which yours obviously isn't, and the other for if you have the key file locally, which you obviously should as you just created it.
Why can you not "access the damn key"? Again, you created it. Why do you not have access to a file you created?
"UNIX is simple and coherent" - Dennis Ritchie; "GNU's Not Unix" - Richard Stallman
Offline
You said you created the key pair - so obviously it is not on a key server. You were linked to instructions that provided two alternatives, one for if the key was on a keyserver which yours obviously isn't, and the other for if you have the key file locally, which you obviously should as you just created it.
Why can you not "access the damn key"? Again, you created it. Why do you not have access to a file you created?
I created a personal key, not the key it was asked for. After I added my own personal pair of keys, aurutils proceeded to download and make fiji-bin, however, the pgp key connected to that package I do not own. Aurutils then failed building the package, so it is not installable via pacman -S fiji-bin. It failed during the build for the same reason, that the key cannot be found.
Last edited by plasmablast (2022-10-12 13:44:28)
Offline
Failure during the build has nothing to do with the key used for signing the final package. https://wiki.archlinux.org/title/Makepk … e_checking that's done by makepkg using your normal user's keyring.
Offline
The error you posted is NOT a failed build, it's a failure from pacman, which doesn't build packages.
Last edited by Scimmia (2022-10-12 14:10:00)
Offline
Ok, please let me rephrase and apologize for the mess of a thread I created here.
I have no error massage anymore what happened during the install process using aurutils and it was not a make dependent compiler error or something like that.
Still, I have now a (seemingly?) installed package which kinda bricked my pacman. I am sick of reinstalling Arch every time I run into a trouble 'too big' for me. I do not want to remove the whole custom repo and uninstall every package within it, but if that's my only shot, I will do it. I probably would need time to figure out which programs are actually missing though, as I cannot access the database anymore:
➜ ~ paclist custom
error: custom: key "ECE3666870CB582A46157DA785CB96D3CEAFE40D" is unknown
error: keyring is not writable
error: database 'custom' is not valid (invalid or corrupted database (PGP signature))Do you have any suggestions why pacman is giving me an error every time and how to fix my corrupted custom repo`? /var/log/pacman.log was not particular helpful either, as it has no events recorded that lead to that.
Last edited by plasmablast (2022-10-12 14:39:59)
Offline
The key in question is one that YOU created. YOU then signed the database with it. Pacman can't verify it, though, because it's not in pacman's keyring.
This was all covered in posts #2 and #6.
Offline
Seriously, I am so confused.
➜ ~ gpg --list-key
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2024-10-11
/home/lukas/.gnupg/pubring.kbx
------------------------------
pub dsa1024 2008-06-02 [SCA] [expired: 2022-05-12]
5AA3BC334FD7E3369E7C77B291C559DBE4C9123B
uid [ expired] xxx <xxx@xxx.com>
uid [ expired] xxx (personal) <xxx@xxx.org>
pub rsa3072 2022-10-12 [SC] [expires: 2024-10-11]
AFCC1B40DE9DC607C2006F075F74A2BC48E61320
uid [ultimate] xxx xxx <xxx@gmx.de>
sub rsa3072 2022-10-12 [E] [expires: 2024-10-11]I have not deleted a single key and AFCC1B40DE9DC607C2006F075F74A2BC48E61320 obviously does not match ECE3666870CB582A46157DA785CB96D3CEAFE40D.
Offline
I don't know what aurutils does here.
Backing up a step, though, why are you signing your local database?
Offline