You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2023-01-05 17:24:38
- thoth
- Member
- Registered: 2010-01-10
- Posts: 93
archlinux-keyring abuse
I am used to the normal updating of the keyring every so often where you have to update archlinux-keyring, but I've noticed lately that even if you update the keyring immediately before updating and as a separate command preceding the update command, pacman will still fail:
sudo pacman -Sy archlinux-keyring && sudo pacman -SuThe only method that seems to work is to violently abuse pacman:
punishPacman.sh
#!/bin/bash
# This script will take pacman behind the barn and repeatedly shove keyrings in his nose
for i in {1..9}; do sudo pacman -Sy archlinux-keyring --noconfirm; done
echo 'Now that pacman should be puking keyrings an update will work'
sudo pacman -SuHelp me stop beating pacman like a rented mule, what is the proper way to maintain this keyring?
Here is an example of it failing just after updating the keyring:
sudo pacman -Sy archlinux-keyring --noconfirm && sudo pacman -Su --noconfirm
:: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
multilib is up to date
xyne-any is up to date
xyne-x86_64 is up to date
archrepo is up to date
warning: archlinux-keyring-20221220-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...
Packages (1) archlinux-keyring-20221220-1
Total Installed Size: 1.60 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n]
(1/1) checking keys in keyring [#############################################################################################################################################] 100%
(1/1) checking package integrity [#############################################################################################################################################] 100%
(1/1) loading package files [#############################################################################################################################################] 100%
(1/1) checking for file conflicts [#############################################################################################################################################] 100%
(1/1) checking available disk space [#############################################################################################################################################] 100%
:: Processing package changes...
(1/1) reinstalling archlinux-keyring [#############################################################################################################################################] 100%
==> Appending keys from archlinux.gpg...
==> Updating trust database...
gpg: next trustdb check due at 2023-04-21
==> Updating trust database...
gpg: next trustdb check due at 2023-04-21
:: Running post-transaction hooks...
(1/2) Reloading system manager configuration...
(2/2) Arming ConditionNeedsUpdate...
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...
warning: dependency cycle detected:
warning: openshadinglanguage will be installed before its openimageio dependency
....lots of packages
(366/366) checking keys in keyring [###################################################################] 100%
(366/366) checking package integrity [###################################################################] 100%
error: emacs: signature from "Felix Yan <felixonmars@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/emacs-28.2-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: vigra: signature from "Evangelos Foutras <evangelos@foutrelis.com>" is invalid
:: File /var/cache/pacman/pkg/vigra-1.11.1.r67+g093d57d1-5-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: gimp: signature from "Felix Yan <felixonmars@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/gimp-2.10.32-3-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: wxwidgets-common: signature from "Evangelos Foutras <evangelos@foutrelis.com>" is invalid
:: File /var/cache/pacman/pkg/wxwidgets-common-3.2.1-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: wxwidgets-gtk3: signature from "Evangelos Foutras <evangelos@foutrelis.com>" is invalid
:: File /var/cache/pacman/pkg/wxwidgets-gtk3-3.2.1-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: linux: signature from "Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>" is invalid
:: File /var/cache/pacman/pkg/linux-6.1.3.arch1-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: opera: signature from "Ike Devolder <ike.devolder@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/opera-94.0.4606.54-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: python-pillow: signature from "Evangelos Foutras <evangelos@foutrelis.com>" is invalid
:: File /var/cache/pacman/pkg/python-pillow-9.4.0-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: sdl2_image: signature from "Felix Yan <felixonmars@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/sdl2_image-2.6.2-3-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: shellcheck: signature from "Felix Yan <felixonmars@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/shellcheck-0.9.0-5-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: xsane: signature from "Felix Yan <felixonmars@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/xsane-0.999-6-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: yakuake: signature from "Antonio Rojas <arojas@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/yakuake-22.12.1-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.Last edited by thoth (2023-01-05 18:18:04)
Offline
#2 2023-01-05 17:43:03
- Head_on_a_Stick
- Member
- From: The Wirral
- Registered: 2014-02-20
- Posts: 8,842
- Website
Re: archlinux-keyring abuse
Is the system clock correct?
Otherwise perhaps try https://wiki.archlinux.org/title/Pacman … l_the_keys.
Jin, Jîyan, Azadî
Offline
#3 2023-01-05 17:46:34
- mpan
- Member
- Registered: 2012-08-01
- Posts: 1,396
- Website
Re: archlinux-keyring abuse
Manually updating archlinux-keyring should not be needed on each update. That’s an emergency procedure, which may be needed for systems that were left unmaintained for a long time.⁽¹⁾ Having to do this is an exceptional situation.
Almost always doing simple `sudo pacman -Syu` should work flawlessly.
The log you provided also indicates your keyring is up to date and reinstalling it does not introduce any chances. So the presence of corrupted packages seem to indicate that… the packages are actually corrupted.
Did you try using a different mirror? Are you using HTTPS only mirrors?
Recently archlinux-keyring-wkd-sync.{timer,service} has been introduced and there were reported various trouble caused by that. You may check that too, but only after eliminating the much more likely causes given above.
____
⁽¹⁾ Last year there was a sequence of frequent archlinux-keyring updates, which indeed yielded some trouble even to people who update often enough (for some definition of “often enough”). But that’s a rare occurrence.
Last edited by mpan (2023-01-05 17:50:10)
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
#4 2023-01-05 18:14:41
- thoth
- Member
- Registered: 2010-01-10
- Posts: 93
Re: archlinux-keyring abuse
Is the system clock correct?
synchronized:
timedatectl status
Local time: Thu 2023-01-05 12:03:04 CST
Universal time: Thu 2023-01-05 18:03:04 UTC
RTC time: Thu 2023-01-05 18:03:04
Time zone: America/Rainy_River (CST, -0600)
System clock synchronized: yes
NTP service: active
RTC in local TZ: noDid you try using a different mirror? Are you using HTTPS only mirrors?
I regularly update my mirror list with reflector, and only accept https protocol mirrors:
sudo reflector \
--threads 10 \
--verbose \
--save "/etc/pacman.d/mirrorlist" \
--protocol https \
--sort rate \
--age 24 \
--score 100 \
--fastest 100 \
--latest 100Recently archlinux-keyring-wkd-sync.{timer,service} has been introduced and there were reported various trouble caused by that. You may check that too, but only after eliminating the much more likely causes given above.
is that service supposed to be enabled by default? looked dead here:
systemctl status archlinux-keyring-wkd-sync.service
○ archlinux-keyring-wkd-sync.service - Refresh existing keys of archlinux-keyring
Loaded: loaded (/usr/lib/systemd/system/archlinux-keyring-wkd-sync.service; static)
Active: inactive (dead)
TriggeredBy: ● archlinux-keyring-wkd-sync.timerBut enabling it looks kind of ugly:
sudo systemctl enable --now archlinux-keyring-wkd-sync.service
The unit files have no installation config (WantedBy=, RequiredBy=, Also=,
Alias= settings in the [Install] section, and DefaultInstance= for template
units). This means they are not meant to be enabled using systemctl.
Possible reasons for having this kind of units are:
• A unit may be statically enabled by being symlinked from another unit's
.wants/ or .requires/ directory.
• A unit's purpose may be to act as a helper for some other unit which has
a requirement dependency on it.
• A unit may be started when needed via activation (socket, path, timer,
D-Bus, udev, scripted systemctl call, ...).
• In case of template units, the unit is meant to be enabled with some
instance name specified.nonetheless it does appear to be running now:
systemctl status archlinux-keyring-wkd-sync.service
● archlinux-keyring-wkd-sync.service - Refresh existing keys of archlinux-keyring
Loaded: loaded (/usr/lib/systemd/system/archlinux-keyring-wkd-sync.service; static)
Active: active (running) since Thu 2023-01-05 12:10:06 CST; 12s ago
TriggeredBy: ● archlinux-keyring-wkd-sync.timer
Main PID: 5552 (archlinux-keyri)
Tasks: 4 (limit: 96226)
Memory: 18.7M
CPU: 583ms
CGroup: /system.slice/archlinux-keyring-wkd-sync.service
├─5552 /usr/bin/bash /usr/bin/archlinux-keyring-wkd-sync
├─5563 dirmngr --daemon --homedir /etc/pacman.d/gnupg
└─5601 gpg --homedir /etc/pacman.d/gnupg/ --quiet --no-permission-warning --auto-key-locate clear,nodefault,wkd --locate-external-keys coderobe@archlinux.orgLast edited by thoth (2023-01-05 19:05:06)
Offline
#5 2023-01-05 18:18:31
- ua4000
- Member
- Registered: 2015-10-14
- Posts: 508
Re: archlinux-keyring abuse
So the presence of corrupted packages seem to indicate that… the packages are actually corrupted.
check if you can download other things correctly, e.g. by checking the md5...
Files can get corrupted during download or from a faulty hdd/ssd.
for i in {1..9}; do sudo pacman -Sy archlinux-keyring --noconfirm; done
This is of course nonsense and will not solve anything, only hiding the real root cause of the problem.
Offline
#6 2023-01-05 18:22:59
- thoth
- Member
- Registered: 2010-01-10
- Posts: 93
Re: archlinux-keyring abuse
This is of course nonsense and will not solve anything, only hiding the real root cause of the problem.
Of course, it is nonesense! That's why I'm here asking why that "works", it should not, and yet it does, indeed. Which is the question, why? Something is broken.
And I can, indeed, go through the process and manually answer 'n' to this:
Do you want to delete it? [Y/n]Subsequently run that ridiculous for loop and the next update passes on those same exact packages.
Last edited by thoth (2023-01-05 18:27:16)
Offline
#7 2023-01-05 18:27:37
- Head_on_a_Stick
- Member
- From: The Wirral
- Registered: 2014-02-20
- Posts: 8,842
- Website
Re: archlinux-keyring abuse
is that service supposed to be enabled by default?
That service is called by a timer so it's not supposed to be enabled or started directly:
systemctl list-timers archlinux-keyring-wkd-syncDid you try resetting the keyring, as per my link?
Jin, Jîyan, Azadî
Offline
#8 2023-01-05 18:50:18
- thoth
- Member
- Registered: 2010-01-10
- Posts: 93
Re: archlinux-keyring abuse
Did you try resetting the keyring, as per my link?
Not yet, but as soon as I encounter this issue again I will give that a shot before I hit the ridiculous for loop button.
systemctl list-timers archlinux-keyring-wkd-sync
NEXT LEFT LAST PASSED UNIT ACTIVATES
Thu 2023-01-12 00:15:23 CST 6 days left Thu 2023-01-05 11:01:13 CST 1h 48min ago archlinux-keyring-wkd-sync.timer archlinux-keyring-wkd-sync.service
1 timers listed.Offline
#9 2023-01-05 19:15:11
- mpan
- Member
- Registered: 2012-08-01
- Posts: 1,396
- Website
Re: archlinux-keyring abuse
I regularly update my mirror list with reflector,
That’s not what I asked for. I do not ask, how are you choosing the mirror, but if you tested a different mirror.
Using or not using reflector is not playing any role here.
Last edited by mpan (2023-01-05 19:17:06)
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
#10 2023-01-05 20:09:49
- thoth
- Member
- Registered: 2010-01-10
- Posts: 93
Re: archlinux-keyring abuse
Using or not using reflector is not playing any role here.
Point taken. Next time before i go reseting the keyring or hitting the ridiculous loop, I will certainly reduce my mirrorlist to a single mirror and do a bit of testing on the package signatures etc.
Offline
#11 2023-01-05 20:32:32
- mpan
- Member
- Registered: 2012-08-01
- Posts: 1,396
- Website
Re: archlinux-keyring abuse
Normally pacman uses only a single mirror, the first on the list.⁽¹⁾ So whatever there is after that single line is not important here. Just change the mirror to something else and see if the problem persists.
It may also be worth sharing, which mirror you are currently using. If other people can reproduce the situation, its maintainers should be notified about the situation.
____
⁽¹⁾ Following mirrors will only be used if the former one produces an error during download. Not the case here.
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
#12 2023-01-05 21:29:45
- seth
- Member
- Registered: 2012-09-03
- Posts: 63,442
Re: archlinux-keyring abuse
When it fails and succeeds run and post
pacman-key -l felixonmars@archlinux.orgSubsequently run that ridiculous for loop and the next update passes on those same exact packages.
If the packages aren't corrupt themselves and reinstalling the same archlinux-keyring package over and over again resolves it (and is required, ie. just waiting - time issue still - doesn't resolve it), I'd start to worry about the drive.
https://wiki.archlinux.org/title/SMART and check the journal for IO errors.
Maybe it's also just a FS problem?
ext4 or btrfs? Or maybe ZFS?
Offline
#13 2023-01-05 22:33:14
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 12,652
Re: archlinux-keyring abuse
Just to be clear here, "signature from whoever is invalid" errors are not a keyring problem. Reinstlaling the keyring package, resetting the keys, refreshing the keys, etc, WILL NOT WORK. The problem is that the package files themselves or the signature files are actually corrupt.
Offline
#14 2023-01-06 21:15:49
- cfr
- Member
- From: Cymru
- Registered: 2011-11-27
- Posts: 7,167
Re: archlinux-keyring abuse
Just to be clear here, "signature from whoever is invalid" errors are not a keyring problem. Reinstlaling the keyring package, resetting the keys, refreshing the keys, etc, WILL NOT WORK. The problem is that the package files themselves or the signature files are actually corrupt.
The wiki suggests resetting keys for this error. Maybe this should be amended?
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline
#15 2023-01-07 07:44:29
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 12,652
Re: archlinux-keyring abuse
Hmm, maybe it should. AFAIK, keyring problems will be about missing keys or trust issues. The sig being invalid means it has everything to check it, the check just failed.
Offline
#16 2023-01-07 14:09:26
- Allan
- Pacman
- From: Brisbane, AU
- Registered: 2007-06-09
- Posts: 11,521
- Website
Re: archlinux-keyring abuse
pacman is very crap and does not distinguish those cases in the error message...
Offline
#17 2023-01-07 14:10:23
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 12,652
Re: archlinux-keyring abuse
That part of the error comes from gpgme, though, doesn't it?
Offline
#18 2023-01-07 23:09:26
- Allan
- Pacman
- From: Brisbane, AU
- Registered: 2007-06-09
- Posts: 11,521
- Website
Re: archlinux-keyring abuse
Nope - from pacman. This definitely could be improved!
Offline
#19 2023-01-09 19:05:41
- thoth
- Member
- Registered: 2010-01-10
- Posts: 93
Re: archlinux-keyring abuse
Just to be clear here, "signature from whoever is invalid" errors are not a keyring problem. Reinstlaling the keyring package, resetting the keys, refreshing the keys, etc, WILL NOT WORK. The problem is that the package files themselves or the signature files are actually corrupt.
Again, I'm well aware this is not supposed to work, and that is the very reason I have made this post. Stating that it WILL NOT work is not helping.
I suspect that there is some error with a specific mirror, and my usage of reflector is randomly pointing me to some bad mirror that is either lagging on updates and/or possibly has corrupt packages.
I, also, have a local package cache served up over NFS from TrueNAS scale (which is a ZFS mirror locally there). This might have exacerbated some of my past issues, but is not the case with the incident that I opened this issue with as I had simplified my setup in trying to eliminate any complications. But I will look out for any issues with ZFS/NFS as Seth has suggested as well, and report back with any errors if I see any there.
Offline
#20 2023-01-10 01:34:14
- walkingstickfan
- Member
- From: USA
- Registered: 2021-05-10
- Posts: 113
Re: archlinux-keyring abuse
Manually updating archlinux-keyring should not be needed on each update. That’s an emergency procedure, which may be needed for systems that were left unmaintained for a long time.⁽¹⁾ Having to do this is an exceptional situation.
Is there a potential issue if one manually updates the archlinux-keyring?
Almost always doing simple `sudo pacman -Syu` should work flawlessly.
That hasn't been my experience. I've resorted to always manually update the archlinux-keyring package because I've encountered issues too many times when installing the package with...
sudo pacman -SyuArch Linux with Openbox & Tint2
Offline
#21 2023-01-10 03:32:01
- mpan
- Member
- Registered: 2012-08-01
- Posts: 1,396
- Website
Re: archlinux-keyring abuse
Is there a potential issue if one manually updates the archlinux-keyring?
I am saying, that there are recurring reports of issues with the WKD based updater. That’s a hint to OP, so they could check this, if more likely explanations do not work. IF! Not because I claim there is such a problem, but because such a possibility can’t be excluded in this situation. The causes, I believe should be checked first, were given earlier.
That hasn't been my experience. I've resorted to always manually update the archlinux-keyring package because I've encountered issues too many times when installing the package with...
Unless that was during the aforementioned sequence of frequent keyring updates last year, which was an exceptional situation, this shouldn’t be the case. I do not know, what you are observing, but even if the system is updated only once a week, in years before 2022 there were at most a few potential⁽¹⁾ trouble causing updates per year.⁽²⁾ So I can’t really respond to that.
____
⁽¹⁾ More than a single update in a week, without taking into consideration if it included key expirations and if those were affecting a significant packages.
⁽²⁾ archlinux-keyring commits history, ALA entry for archlinux-keyring.
Last edited by mpan (2023-01-10 03:35:51)
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
#22 2023-01-13 18:03:24
- thoth
- Member
- Registered: 2010-01-10
- Posts: 93
Re: archlinux-keyring abuse
Ok, I hit it again, I reset the keys and everything and it persists. Before I fire off the ridiculous for loop is there anything else I should try?
$ cat /etc/pacman.d/mirrorlist
Server = https://dfw.mirror.rackspace.com/archlinux/$repo/os/$arch
$ sudo pacman -Sy archlinux-keyring
:: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
multilib is up to date
xyne-any is up to date
xyne-x86_64 is up to date
archrepo is up to date
arch4edu is up to date
warning: archlinux-keyring-20221220-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...
Packages (1) archlinux-keyring-20221220-1
Total Installed Size: 1.60 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n]
(1/1) checking keys in keyring [#####################################################################################] 100%
(1/1) checking package integrity [#####################################################################################] 100%
(1/1) loading package files [#####################################################################################] 100%
(1/1) checking for file conflicts [#####################################################################################] 100%
(1/1) checking available disk space [#####################################################################################] 100%
:: Processing package changes...
(1/1) reinstalling archlinux-keyring [#####################################################################################] 100%
==> Appending keys from archlinux.gpg...
==> Updating trust database...
gpg: next trustdb check due at 2023-04-21
==> Updating trust database...
gpg: next trustdb check due at 2023-04-21
:: Running post-transaction hooks...
(1/2) Reloading system manager configuration...
(2/2) Arming ConditionNeedsUpdate...
$ sudo pacman -Su
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...
sudo pacman-key -l i@jingbei.li
pub rsa2048 2016-08-25 [SC]
CCED9BE21E1173C61DC1C9407931B6D628C8D3BA
uid [ unknown] Jingbei Li <i@jingbei.li>
sub rsa2048 2016-08-25 [E]
Packages (30) alsa-card-profiles-1:0.3.64-1 brave-bin-1:1.47.171-1 celt-0.11.3-5 discord-0.0.23-1 gpg-tui-0.9.3-1 gst-plugin-pipewire-1:0.3.64-1 gvim-9.0.1182-1 jupyter-nbformat-5.7.3-1 kdiff3-1.10.0-2 lib32-mesa-22.3.3-1
lib32-mesa-vdpau-22.3.3-1 libreoffice-fresh-7.4.4-1 libwebp-1.3.0-2 linux-6.1.5.arch2-1 linux-headers-6.1.5.arch2-1 linux-lts-headers-5.15.87-1 mesa-22.3.3-1 mesa-vdpau-22.3.3-1 nvidia-525.78.01-4
opera-94.0.4606.65-1 php-8.2.1-1 pipewire-1:0.3.64-1 pipewire-alsa-1:0.3.64-1 pipewire-audio-1:0.3.64-1 pipewire-jack-1:0.3.64-1 pipewire-pulse-1:0.3.64-1 python-trove-classifiers-2023.1.12-1
signal-desktop-6.2.0-1 vim-runtime-9.0.1182-1 zoom-5.13.4-1
Total Download Size: 149.61 MiB
Total Installed Size: 2862.63 MiB
Net Upgrade Size: 306.52 MiB
:: Proceed with installation? [Y/n]
:: Retrieving packages...
celt-0.11.3-5-x86_64 71.6 KiB 34.7 KiB/s 00:02 [#####################################################################################] 100%
brave-bin-1:1.47.171-1-x86_64 is up to date
zoom-5.13.4-1-x86_64 149.5 MiB 10.2 MiB/s 00:15 [#####################################################################################] 100%
Total (3/3) 149.6 MiB 10.1 MiB/s 00:15 [#####################################################################################] 100%
(30/30) checking keys in keyring [#####################################################################################] 100%
(30/30) checking package integrity [#####################################################################################] 100%
error: celt: signature from "Jingbei Li <i@jingbei.li>" is unknown trust
:: File /var/cache/pacman/pkg/celt-0.11.3-5-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: zoom: signature from "Jingbei Li <i@jingbei.li>" is unknown trust
:: File /var/cache/pacman/pkg/zoom-5.13.4-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
$ sudo pacman-key --init
$ sudo pacman-key --populate
==> Appending keys from archlinux.gpg...
==> Updating trust database...
gpg: next trustdb check due at 2023-04-21
$ sudo pacman -Su
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...
Packages (30) alsa-card-profiles-1:0.3.64-1 brave-bin-1:1.47.171-1 celt-0.11.3-5 discord-0.0.23-1 gpg-tui-0.9.3-1 gst-plugin-pipewire-1:0.3.64-1 gvim-9.0.1182-1 jupyter-nbformat-5.7.3-1 kdiff3-1.10.0-2 lib32-mesa-22.3.3-1
lib32-mesa-vdpau-22.3.3-1 libreoffice-fresh-7.4.4-1 libwebp-1.3.0-2 linux-6.1.5.arch2-1 linux-headers-6.1.5.arch2-1 linux-lts-headers-5.15.87-1 mesa-22.3.3-1 mesa-vdpau-22.3.3-1 nvidia-525.78.01-4
opera-94.0.4606.65-1 php-8.2.1-1 pipewire-1:0.3.64-1 pipewire-alsa-1:0.3.64-1 pipewire-audio-1:0.3.64-1 pipewire-jack-1:0.3.64-1 pipewire-pulse-1:0.3.64-1 python-trove-classifiers-2023.1.12-1
signal-desktop-6.2.0-1 vim-runtime-9.0.1182-1 zoom-5.13.4-1sudo pacman-key -l i@jingbei.li
pub rsa2048 2016-08-25 [SC]
CCED9BE21E1173C61DC1C9407931B6D628C8D3BA
uid [ unknown] Jingbei Li <i@jingbei.li>
sub rsa2048 2016-08-25 [E]
Total Installed Size: 2862.63 MiB
Net Upgrade Size: 306.52 MiB
:: Proceed with installation? [Y/n]
:: Retrieving packages...
brave-bin-1:1.47.171-1-x86_64 is up to date
(30/30) checking keys in keyring [#####################################################################################] 100%
(30/30) checking package integrity [#####################################################################################] 100%
error: celt: signature from "Jingbei Li <i@jingbei.li>" is unknown trust
:: File /var/cache/pacman/pkg/celt-0.11.3-5-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: zoom: signature from "Jingbei Li <i@jingbei.li>" is unknown trust
:: File /var/cache/pacman/pkg/zoom-5.13.4-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.EDIT: oh and for Seth:
$ sudo pacman-key -l felixonmars@archlinux.org
pub rsa4096 2012-01-20 [SC]
B5971F2C5C10A9A08C60030F786C63F330D7CB92
uid [ full ] Felix Yan <felixonmars@archlinux.org>
uid [marginal] Felix Yan <i@felixc.at>
uid [ undef ] Felix Yan <yanran@deepin.com>
uid [ undef ] Felix Yan <felixonmars@qq.com>
uid [marginal] Felix Yan <felixonmars@163.com>
uid [marginal] Felix Yan <felixonmars@nyaa.cat>
uid [marginal] Felix Yan <felixonmars@gmail.com>
uid [marginal] Felix Yan <felixyan@bbtechgroup.com>
uid [ undef ] Felix Yan <felixonmars@member.fsf.org>
uid [marginal] Felix Yan <felixonmars@archlinuxcn.org>
uid [ undef ] Felix Yan <felixonmars@fedoraproject.org>
uid [marginal] keybase.io/felixonmars <felixonmars@keybase.io>
uid [marginal] Yan, Ran (Name on Passport) <felixonmars@gmail.com>
uid [ unknown] Felix Yan <yanran@uniontech.com>
uid [ unknown] Felix Yan <felixonmars@189.cn>
uid [ unknown] Felix Yan <felixonmars@ubuntukylin.com>
sub rsa4096 2012-01-20 [E]
$ sudo pacman-key -l i@jingbei.li
pub rsa2048 2016-08-25 [SC]
CCED9BE21E1173C61DC1C9407931B6D628C8D3BA
uid [ unknown] Jingbei Li <i@jingbei.li>
sub rsa2048 2016-08-25 [E]EDIT: as an aside note, the problem exists right now for both local storage on ext4, and mounted over NFS on TrueNAS (locally there ZFS). Same exact packages throw the error.
Last edited by thoth (2023-01-13 18:11:37)
Offline
#23 2023-01-13 18:11:25
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 12,652
Re: archlinux-keyring abuse
That is a totally different error, and this one *is* a keyring problem. Jingbei Li is not an Arch Dev/TU/PM, so they're not in Arch's keyring. You have to deal with it yourself. See the instructions for your 3rd party repos.
Offline
#24 2023-01-13 18:18:45
- thoth
- Member
- Registered: 2010-01-10
- Posts: 93
Re: archlinux-keyring abuse
That is a totally different error, and this one *is* a keyring problem. Jingbei Li is not an Arch Dev/TU/PM, so they're not in Arch's keyring. You have to deal with it yourself. See the instructions for your 3rd party repos.
You are correct this is a separate issue, I had enabled the arch4edu repo recently and that apparently had the out of date packages, so unrelated to the original issue. Deleting those lines from pacman.conf fixed this particular issue.
Last edited by thoth (2023-01-13 18:19:22)
Offline
#25 2023-03-13 15:48:30
- thoth
- Member
- Registered: 2010-01-10
- Posts: 93
Re: archlinux-keyring abuse
Ok, I think I ran into this loop again:
error: haskell-optparse-simple: signature from "Felix Yan <felixonmars@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/haskell-optparse-simple-0.1.1.4-227-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: haskell-persistent-sqlite: signature from "Felix Yan <felixonmars@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/haskell-persistent-sqlite-2.13.1.0-45-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: haskell-rio-orphans: signature from "Felix Yan <felixonmars@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/haskell-rio-orphans-0.1.2.0-221-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: haskell-tar-conduit: signature from "Felix Yan <felixonmars@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/haskell-tar-conduit-0.3.2-369-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: haskell-zip-archive: signature from "Felix Yan <felixonmars@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/haskell-zip-archive-0.4.3-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: haskell-pantry: signature from "Felix Yan <felixonmars@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/haskell-pantry-0.5.7-76-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: haskell-project-template: signature from "Felix Yan <felixonmars@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/haskell-project-template-0.2.1.0-279-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: k3b: signature from "Antonio Rojas <arojas@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/k3b-1:22.12.3-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.
sudo pacman -Syu 4.91s user 2.88s system 12% cpu 1:03.05 total
1 thoth@eskimo ~ % sudo pacman -Sy archlinux-keyring --noconfirm && sudo pacman -Su --noconfirm
:: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
multilib is up to date
xyne-any is up to date
xyne-x86_64 is up to date
archrepo is up to date
warning: archlinux-keyring-20230225-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...
Packages (1) archlinux-keyring-20230225-1
Total Installed Size: 1.60 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n]
(1/1) checking keys in keyring [######################] 100%
(1/1) checking package integrity [######################] 100%
(1/1) loading package files [######################] 100%
(1/1) checking for file conflicts [######################] 100%
(1/1) checking available disk space [######################] 100%
:: Processing package changes...
(1/1) reinstalling archlinux-keyring [######################] 100%
==> Appending keys from archlinux.gpg...
==> Updating trust database...
gpg: next trustdb check due at 2023-07-12
==> Updating trust database...
gpg: next trustdb check due at 2023-07-12
:: Running post-transaction hooks...
(1/2) Reloading system manager configuration...
(2/2) Arming ConditionNeedsUpdate...
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...
warning: dependency cycle detected:
warning: intel-oneapi-compiler-dpcpp-cpp-runtime will be installed before its intel-oneapi-compiler-shared-runtime dependency
Packages (238) alembic-1.8.4-3 alsa-card-profiles-1:0.3.67-1
alsa-plugins-1:1.2.7.1-2 attica-5.104.0-1 aubio-0.4.9-15
baloo-5.104.0-1 blender-17:3.4.1-21 bluez-qt-5.104.0-1
brave-bin-1:1.49.120-1 breeze-icons-5.104.0-1
ca-certificates-mozilla-3.89-1 cabal-install-3.4.1.0-82
cantata-2.5.0-3 chromaprint-1.5.1-7 chromium-111.0.5563.64-2
cifs-utils-7.0-3 cmake-3.25.3-1 code-1.76.1-1 cuda-12.1.0-1
cuda-tools-12.1.0-1 cudnn-8.8.0.121-1 darktable-2:4.2.1-2
electron-22.3.2-1 electron17-17.4.11-6 electron19-19.1.9-5
eslint-8.36.0-1 ffmpeg-2:6.0-3 firefox-110.0.1-4
frameworkintegration-5.104.0-1 freerdp-2:2.10.0-2 gavl-1.4.0-7
geckodriver-0.32.2-1 gegl-0.4.42-3 ghostscript-10.0.0-6
glib2-2.76.0-1 glibmm-2.66.6-1 glibmm-2.68-2.76.0-1
gmic-3.2.1-3 go-2:1.20.2-1 go-ethereum-1.11.4-1 godot-4.0-2
gst-editing-services-1.22.1-2 gst-libav-1.22.1-2
gst-plugin-gtk-1.22.1-2 gst-plugin-pipewire-1:0.3.67-1
gst-plugins-bad-1.22.1-2 gst-plugins-bad-libs-1.22.1-2
gst-plugins-base-1.22.1-2 gst-plugins-base-libs-1.22.1-2
gst-plugins-good-1.22.1-2 gstreamer-1.22.1-2
haskell-aeson-2.1.2.0-2 haskell-bitvec-1.1.3.0-39
haskell-casa-client-0.0.1-558 haskell-casa-types-0.0.2-337
haskell-conduit-1.3.4.3-32 haskell-conduit-extra-1.3.6-64
haskell-cryptonite-conduit-0.2.2-559 haskell-dbus-1.2.22-141
haskell-digest-0.0.1.6-1 haskell-generically-0.1.1-1
haskell-githash-0.1.6.3-36 haskell-hackage-security-0.6.2.3-21
haskell-hi-file-parser-0.1.3.0-39 haskell-hpack-0.35.2-14
haskell-http-4000.4.1-87 haskell-http-conduit-2.3.8-283
haskell-http-download-0.2.0.0-553 haskell-libyaml-0.1.2-286
haskell-monad-logger-0.3.39-12
haskell-mono-traversable-1.0.15.3-116
haskell-mustache-2.4.1-129 haskell-optparse-simple-0.1.1.4-227
haskell-pantry-0.5.7-76 haskell-path-0.9.2-107
haskell-path-io-1.8.0-12 haskell-persistent-2.13.3.5-36
haskell-persistent-sqlite-2.13.1.0-45
haskell-project-template-0.2.1.0-279 haskell-rio-0.1.22.0-66
haskell-rio-orphans-0.1.2.0-221
haskell-rio-prettyprint-0.1.4.0-23
haskell-tar-conduit-0.3.2-369 haskell-unliftio-0.2.24.0-1
haskell-vector-algorithms-0.9.0.1-39
haskell-xml-conduit-1.9.1.1-178 haskell-yaml-0.11.11.0-4
haskell-zip-archive-0.4.3-2 hidapi-0.13.1-2 hugin-2022.0.0-5
hwdata-0.368-1 iana-etc-20230306-1 imagemagick-7.1.1.3-1
imath-3.1.7-1 intel-oneapi-common-2023.0.0-3
intel-oneapi-compiler-dpcpp-cpp-runtime-2023.0.0-2
intel-oneapi-compiler-shared-runtime-2023.0.0-1
intel-oneapi-openmp-2023.0.0-1 intel-oneapi-tbb-2021.8.0-1
k3b-1:22.12.3-2 kactivities-5.104.0-1
kactivities-stats-5.104.0-1 karchive-5.104.0-1 kauth-5.104.0-1
kbookmarks-5.104.0-1 kcmutils-5.104.0-1 kcodecs-5.104.0-1
kcompletion-5.104.0-1 kconfig-5.104.0-1
kconfigwidgets-5.104.0-1 kcoreaddons-5.104.0-1
kcrash-5.104.0-1 kdbusaddons-5.104.0-1 kdeclarative-5.104.0-1
kded-5.104.0-1 kdelibs4support-5.104.0-1 kdesu-5.104.0-1
kdnssd-5.104.0-1 kemoticons-5.104.0-1 kfilemetadata-5.104.0-1
kglobalaccel-5.104.0-1 kguiaddons-5.104.0-1
kholidays-1:5.104.0-1 ki18n-5.104.0-1 kiconthemes-5.104.0-1
kidletime-5.104.0-1 kinit-5.104.0-1 kio-5.104.0-1
kirigami2-5.104.0-1 kitemmodels-5.104.0-1 kitemviews-5.104.0-1
kjobwidgets-5.104.0-1 kjs-5.104.0-1 knewstuff-5.104.0-1
knotifications-5.104.0-1 knotifyconfig-5.104.0-1
kpackage-5.104.0-1 kparts-5.104.0-1 kpeople-5.104.0-1
kpipewire-5.27.2-2 kpty-5.104.0-1 kquickcharts-5.104.0-1
krita-5.1.5-4 kross-5.104.0-1 krunner-5.104.0-1
kservice-5.104.0-1 ktexteditor-5.104.0-1
ktextwidgets-5.104.0-1 kunitconversion-5.104.0-1
kwallet-5.104.0-1 kwayland-5.104.0-1 kwidgetsaddons-5.104.0-1
kwindowsystem-5.104.0-1 kxmlgui-5.104.0-1
level-zero-loader-1.8.12-1 lib32-glib2-2.76.0-1
lib32-nss-3.89-1 libde265-1.0.11-2 libice-1.1.1-2
libmanette-0.2.6-4 libmfx-23.1.3-2 libnm-1.42.4-1
libopenmpt-0.6.9-1 libpipewire-1:0.3.67-1 libpulse-16.1-5
libsquish-1.15-7 libwireplumber-0.4.14-1 libwslay-1.1.1-5
libxau-1.0.11-2 libxdmcp-1.1.4-2 libxfont2-2.0.6-2
linux-6.2.5.arch1-1 linux-headers-6.2.5.arch1-1
linux-lts-6.1.18-1 mixxx-2.3.4-1 mlt-7.14.0-2
modemmanager-qt-5.104.0-1 networkmanager-1.42.4-1
networkmanager-qt-5.104.0-1 nss-3.89-1 nushell-0.76.0-1
nvidia-525.89.02-10 nvidia-lts-1:525.89.02-9 openal-1.23.0-2
opencolorio-2.2.1-4 opencv-4.7.0-6 openexr-3.1.6-1
openimageio-2.4.9.0-2 openvpn-2.6.1-1 opera-96.0.4693.50-1
pcsclite-1.9.9-3 pipewire-1:0.3.67-1 pipewire-alsa-1:0.3.67-1
pipewire-audio-1:0.3.67-1 pipewire-docs-1:0.3.67-1
pipewire-jack-1:0.3.67-1 pipewire-pulse-1:0.3.67-1
plasma-framework-5.104.0-1 prison-5.104.0-1 purpose-5.104.0-1
python-json-logger-2.0.7-1 python-markdown-it-py-2.2.0-1
python-pydantic-1.10.6-1 python-pytz-2022.7.1-1
python-trove-classifiers-2023.3.9-1
qqc2-desktop-style-5.104.0-1 qt5-script-5.15.13-1
qt5-wayland-5.15.8+kde+r63-1 qt5-webengine-5.15.13-1
qt6-webengine-6.4.2-4 rust-1:1.68.0-1 shellcheck-0.9.0-29
signal-desktop-6.9.0-1 solid-5.104.0-1 sonnet-5.104.0-1
spice-0.15.1-2 sqlite-3.41.1-1 stack-2.7.5-254
sudo-1.9.13.p3-1 syndication-5.104.0-1
syntax-highlighting-5.104.0-1 systemd-253.1-3
systemd-libs-253.1-3 systemd-sysvcompat-253.1-3
telegram-desktop-4.6.5-3 threadweaver-5.104.0-1
tinycompress-1.2.8-2 tinyxml-2.6.2-10
ttf-linux-libertine-5.3.0-9 ttf-sarasa-gothic-0.40.3-1
v4l-utils-1.24.1-1 vigra-1.11.1.r67+g093d57d1-7
vivaldi-5.7.2921.63-1 vivaldi-ffmpeg-codecs-110.0.5481.100-1
wireplumber-0.4.14-1 xmobar-0.46-12 zerotier-one-1.10.4-1
zxing-cpp-2.0.0-2
Total Download Size: 3408.27 MiB
Total Installed Size: 18475.21 MiB
Net Upgrade Size: 1673.53 MiB
:: Proceed with installation? [Y/n]
:: Retrieving packages...
k3b-1:22.12.3-2-... 11.0 MiB 9.03 MiB/s 00:01 [######################] 100%
cabal-install-3.... 1618.1 KiB 8.45 MiB/s 00:00 [######################] 100%
eslint-8.36.0-1-any 1382.4 KiB 10.7 MiB/s 00:00 [######################] 100%
brave-bin-1:1.49.120-1-x86_64 is up to date
haskell-persiste... 1367.6 KiB 12.1 MiB/s 00:00 [######################] 100%
haskell-pantry-0... 1281.7 KiB 11.4 MiB/s 00:00 [######################] 100%
haskell-hpack-0.... 696.1 KiB 9.19 MiB/s 00:00 [######################] 100%
haskell-hackage-... 623.3 KiB 5.74 MiB/s 00:00 [######################] 100%
haskell-rio-0.1.... 260.7 KiB 3.03 MiB/s 00:00 [######################] 100%
haskell-unliftio... 229.6 KiB 3.56 MiB/s 00:00 [######################] 100%
haskell-mustache... 224.5 KiB 3.00 MiB/s 00:00 [######################] 100%
haskell-persiste... 220.6 KiB 3.37 MiB/s 00:00 [######################] 100%
haskell-yaml-0.1... 199.9 KiB 2.35 MiB/s 00:00 [######################] 100%
go-ethereum-1.11... 49.8 MiB 10.3 MiB/s 00:05 [######################] 100%
haskell-tar-cond... 154.0 KiB 2.15 MiB/s 00:00 [######################] 100%
haskell-path-0.9... 160.4 KiB 1091 KiB/s 00:00 [######################] 100%
haskell-monad-lo... 147.5 KiB 2.25 MiB/s 00:00 [######################] 100%
haskell-rio-pret... 147.2 KiB 2016 KiB/s 00:00 [######################] 100%
haskell-libyaml-... 142.4 KiB 2035 KiB/s 00:00 [######################] 100%
haskell-zip-arch... 127.1 KiB 1589 KiB/s 00:00 [######################] 100%
haskell-hi-file-... 98.8 KiB 1544 KiB/s 00:00 [######################] 100%
haskell-path-io-... 77.9 KiB 1237 KiB/s 00:00 [######################] 100%
haskell-http-dow... 73.7 KiB 921 KiB/s 00:00 [######################] 100%
haskell-casa-cli... 58.2 KiB 831 KiB/s 00:00 [######################] 100%
haskell-githash-... 57.2 KiB 714 KiB/s 00:00 [######################] 100%
haskell-casa-typ... 41.9 KiB 499 KiB/s 00:00 [######################] 100%
haskell-project-... 33.1 KiB 518 KiB/s 00:00 [######################] 100%
haskell-optparse... 31.9 KiB 532 KiB/s 00:00 [######################] 100%
haskell-rio-orph... 30.0 KiB 500 KiB/s 00:00 [######################] 100%
haskell-digest-0... 15.1 KiB 251 KiB/s 00:00 [######################] 100%
cudnn-8.8.0.121-... 851.4 MiB 10.0 MiB/s 01:25 [######################] 100%
cuda-tools-12.1.... 1085.6 MiB 11.7 MiB/s 01:33 [######################] 100%
cuda-12.1.0-1-x86_64 1401.2 MiB 12.6 MiB/s 01:51 [######################] 100%
Total (33/33) 3.3 GiB 30.6 MiB/s 01:51 [######################] 100%
(238/238) checking keys in keyring [######################] 100%
(238/238) checking package integrity [######################] 100%
error: cuda: signature from "Sven-Hendrik Haase <sh@lutzhaase.com>" is invalid
:: File /var/cache/pacman/pkg/cuda-12.1.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.
sudo pacman -Su --noconfirm 11.78s user 10.49s system 12% cpu 2:58.30 totalOnly after running the ridiculous "for loop" will pacman finally complete without erring out on various package verifications.
Last edited by thoth (2023-03-13 15:49:37)
Offline
Pages: 1