Arch Linux

cmiles74

Member

Registered: 2011-10-16

Posts: 8

[SOLVED] Common Problem with Missing PGP Keys, Can't Resolve the Issue

When I try to upgrade with `pacman -Syu`, pacman complains about missing PGP keys (sample output is listed below).

This has happened to me before, typically the system has been neglected for several months. In this case, this is my daily driver and it was last updated no more than five days ago. I have another machine also running Arch Linux, it has been longer since an update but it updated without issue.

I tried removing and recreating the keychain, but this didn't resolve the issue. I tried adding the key I needed with `pacman-key --recv-keys`, this completed without error but didn't resolve the issue. I also tried refreshing the keys with `pacman-key --refresh-keys`, this also completed normally but didn't fix the problem.

I spent some time fussing with the time on my machine, to the naked eye it looks correct. The output from `timedatectl` is also listed below.

Out of curiosity, I burned a USB with a fresh copy of the Arch installation media. I booted from that media, mounted my partitions and then changed root to my system with `arch-chroot`. From there I ran `pacman -Syu` without issue and it did indeed update my system. I rebooted and there are no packages that I need to install yet this issue with the PGP signatures remains.

I have to say, I am stumped! If anyone has any idea, I would be grateful. While this seems super strange to me, I am not an expert on how pacman and PGP interact.

Thank you!

Pacman Install Package Output

cmiles@friday ~ [1]> sudo pacman -Syu imagemagick
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
warning: imagemagick-7.1.1.5-1 is up to date -- reinstalling
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (1) imagemagick-7.1.1.5-1

Total Installed Size:  21.70 MiB
Net Upgrade Size:       0.00 MiB

:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring                          [-----------------------------] 100%
downloading required keys...
:: Import PGP key 7A4E76095D8A52E4, "Antonio Rojas <arojas@archlinux.org>"? [Y/n] y
error: key "7A4E76095D8A52E4" could not be looked up remotely
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.

Timedatectl Output

cmiles@friday ~> timedatectl timesync-status
       Server: 209.51.161.238 (2.arch.pool.ntp.org)
Poll interval: 8min 32s (min: 32s; max 34min 8s)
         Leap: normal
      Version: 4
      Stratum: 2
    Reference: 42DC097A
    Precision: 1us (-25)
Root distance: 33.096ms (max: 5s)
       Offset: -859us
        Delay: 24.324ms
       Jitter: 989us
 Packet count: 4
    Frequency: +1.714ppm

Last edited by cmiles74 (2023-03-27 14:16:07)

seth

Member

From: Don't DM me only for attention

Registered: 2012-09-03

Posts: 73,825

Re: [SOLVED] Common Problem with Missing PGP Keys, Can't Resolve the Issue

cat /etc/pacman.d/gnupg/gpg.conf

And there's this rather freakish behavior: https://bbs.archlinux.org/viewtopic.php?id=284522
Does it work in a console session?

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc

cmiles74

Member

Registered: 2011-10-16

Posts: 8

Re: [SOLVED] Common Problem with Missing PGP Keys, Can't Resolve the Issue

That is really strange! And I am seeing the same thing, pacman fails under Foot with the Fish shell but runs successfully in new TTY.

If I run pacman under Xterm, that also works. Invoking bash in my Fish session and running pacman does not work. The PATH variables under Xterm/Bash and Foot/Fish are the same... The other environment variables are pretty close.

Pacman GPG Config

cmiles@friday ~> cat /etc/pacman.d/gnupg/gpg.conf
no-greeting
no-permission-warning
lock-never
keyserver-options timeout=10
keyserver-options import-clean
keyserver-options no-self-sigs-only

Sudo Fish vs. Sudo Bash Environment

cmiles@friday ~> diff (sort sudo-fish-env.txt | psub) (sort sudo-xterm-env.txt | psub)
1,2c1
< COLORTERM=truecolor
< DISPLAY=
---
> DISPLAY=:1
13c12
< TERM=foot
---
> TERM=xterm

Fish vs. Bash Environment

cmiles@friday ~ [1]> diff (sort fish-env.txt | psub) (sort xterm-env.txt | psub)
3d2
< COLORTERM=truecolor
25c24
< DISPLAY=
---
> DISPLAY=:1
29,61d27
< fish_color_autosuggestion=6272a4
< fish_color_cancel=ff5555 --reverse
< fish_color_command=8be9fd
< fish_color_comment=6272a4
< fish_color_cwd=50fa7b
< fish_color_end=ffb86c
< fish_color_error=ff5555
< fish_color_escape=ff79c6
< fish_color_host=bd93f9
< fish_color_host_remote=bd93f9
< fish_color_keyword=ff79c6
< fish_color_normal=f8f8f2
< fish_color_operator=50fa7b
< fish_color_option=ffb86c
< fish_color_param=bd93f9
< fish_color_quote=f1fa8c
< fish_color_redirection=f8f8f2
< fish_color_search_match=--background=44475a
< fish_color_selection=--background=44475a
< fish_color_user=8be9fd
< fish_pager_color_background=
< fish_pager_color_completion=f8f8f2
< fish_pager_color_description=6272a4
< fish_pager_color_prefix=8be9fd
< fish_pager_color_progress=6272a4
< fish_pager_color_secondary_background=
< fish_pager_color_secondary_completion=f8f8f2
< fish_pager_color_secondary_description=6272a4
< fish_pager_color_secondary_prefix=8be9fd
< fish_pager_color_selected_background=--background=44475a
< fish_pager_color_selected_completion=f8f8f2
< fish_pager_color_selected_description=6272a4
< fish_pager_color_selected_prefix=8be9fd
64c30
< GPG_TTY=/dev/pts/4
---
> GPG_TTY=/dev/pts/3
79c45
< SHELL=/usr/bin/fish
---
> SHELL=/bin/bash
82c48
< TERM=foot
---
> TERM=xterm
83a50
> _=/usr/bin/printenv
84a52
> WINDOWID=48234508
85a54
> XDG_ACTIVATION_TOKEN=501710008bcdac6775b17cb85608fdc8
96a66,68
> XTERM_LOCALE=en_US.UTF-8
> XTERM_SHELL=/bin/bash
> XTERM_VERSION=XTerm(379)

Last edited by cmiles74 (2023-03-27 13:30:51)

cmiles74

Member

Registered: 2011-10-16

Posts: 8

Re: [SOLVED] Common Problem with Missing PGP Keys, Can't Resolve the Issue

The difference seems to be that under Fish I clear the DISPLAY variable in order to force GPG to use the console pinentry command. The use-case here is that git will invoke a new Emacs client in the terminal and this will invoke the terminal pinentry to sign my commit.

If I change from "set -x DISPLAY" to "set -e DISPLAY" then pacman works from the Fish session. The root cause appears to be having a DISPLAY variable in the environment that has no value.

Thank you for your help with this, I really appreciate it! I don't think I would've figured this out without the pointer to the other thread. :-)

Clearing DISPLAY Cause of Pacman Signature Issue

cmiles@friday ~> sudo pacman -Syu imagemagick
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
warning: imagemagick-7.1.1.5-1 is up to date -- reinstalling
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (1) imagemagick-7.1.1.5-1

Total Installed Size:  21.70 MiB
Net Upgrade Size:       0.00 MiB

:: Proceed with installation? [Y/n] y   
(1/1) checking keys in keyring                                                                       [------------------------------------------------------------] 100%
(1/1) checking package integrity                                                                     [------------------------------------------------------------] 100%
(1/1) loading package files                                                                          [------------------------------------------------------------] 100%
(1/1) checking for file conflicts                                                                    [------------------------------------------------------------] 100%
(1/1) checking available disk space                                                                  [------------------------------------------------------------] 100%
:: Processing package changes...
(1/1) reinstalling imagemagick                                                                       [------------------------------------------------------------] 100%
:: Running post-transaction hooks...
(1/2) Arming ConditionNeedsUpdate...
(2/2) Warn about old perl modules

cmiles@friday ~> set -x DISPLAY
cmiles@friday ~> sudo pacman -Syu imagemagick
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
warning: imagemagick-7.1.1.5-1 is up to date -- reinstalling
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (1) imagemagick-7.1.1.5-1

Total Installed Size:  21.70 MiB
Net Upgrade Size:       0.00 MiB

:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring                                                                       [------------------------------------------------------------] 100%
downloading required keys...
:: Import PGP key 7A4E76095D8A52E4, "Antonio Rojas <arojas@archlinux.org>"? [Y/n] y
error: key "7A4E76095D8A52E4" could not be looked up remotely
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.

seth

Member

From: Don't DM me only for attention

Registered: 2012-09-03

Posts: 73,825

Re: [SOLVED] Common Problem with Missing PGP Keys, Can't Resolve the Issue

We solved 2 threads w/ one cross-reference

Please always remember to mark resolved threads by editing your initial posts subject - so others will know that there's no task left, but maybe a solution to find.
Thanks.

---

How to upload text · How to boot w/o GUI · Disable Windows Fast-Start! · Fix your xinitrc