Arch Linux

crem

Member

Registered: 2018-01-14

Posts: 41

[SOLVED] Signature is marginal trust, also after update.

I got this error when updating my Arch Linux:

# pacman -Sy archlinux-keyring && pacman -Su

:: Synchronizing package databases...
 testing is up to date
 core is up to date
 extra is up to date
 community-testing is up to date
 community is up to date
 multilib-testing is up to date
 multilib is up to date
 sublime-text is up to date
warning: archlinux-keyring-20231113-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Package (1)             Old Version  New Version  Net Change

core/archlinux-keyring  20231113-1   20231113-1     0.00 MiB

Total Installed Size:  1.63 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n]
(1/1) checking keys in keyring                                                                  [########################################################] 100%
(1/1) checking package integrity                                                                [########################################################] 100%
(1/1) loading package files                                                                     [########################################################] 100%
(1/1) checking for file conflicts                                                               [########################################################] 100%
(1/1) checking available disk space                                                             [########################################################] 100%
:: Processing package changes...
(1/1) reinstalling archlinux-keyring                                                            [########################################################] 100%
==> Appending keys from archlinux.gpg...
==> Updating trust database...
gpg: next trustdb check due at 2023-12-31
:: Running post-transaction hooks...
(1/2) Reloading system manager configuration...
(2/2) Arming ConditionNeedsUpdate...
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

...

:: Proceed with installation? [Y/n]
(350/350) checking keys in keyring                                                              [########################################################] 100%
(350/350) checking package integrity                                                            [########################################################] 100%
error: luajit: signature from "Daurnimator <daurnimator@archlinux.org>" is marginal trust
:: File /mnt/hdd0/var/cache/pacman/pkg/luajit-2.1.1700008891-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] ^C

journalctl -u archlinux-keyring-wkd-sync has this line:

Oct 27 22:34:43 cremator archlinux-keyring-wkd-sync[195398]: Skipping key 954A3772D62EF90E4B31FBC6C91A9911192C187A with UID daurnimator@archlinux.org...

Snippet from pacman-key --refresh-keys output:

gpg: key C91A9911192C187A: "Daurnimator <daurnimator@archlinux.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
pub   rsa4096 2015-01-25 [SC] [expires: 2025-07-01]
      954A3772D62EF90E4B31FBC6C91A9911192C187A
uid           [marginal] Daurnimator <daurnimator@archlinux.org>
uid           [marginal] Daurnimator <quae@daurnimator.com>
sub   rsa4096 2015-01-25 [E] [expires: 2025-07-01]
sub   rsa4096 2016-04-06 [A] [expires: 2025-07-01]
sub   rsa4096 2016-04-06 [S] [expires: 2025-07-01]

The following command says that the key is created in future, maybe this is the reason?

# gpg --search-keys C91A9911192C187A
gpg: data source: https://[2620:2d:4000:1007::70c]:443
(1)	Daurnimator <quae@daurnimator.com>
	  4096 bit RSA key C91A9911192C187A, created: 2015-01-25

pacman-key --init + pacman-key --populate doesn't change anything.

Any hints how to resolve this?

Thanks!

Last edited by crem (2023-11-19 12:39:02)

Scimmia

Fellow

Registered: 2012-09-01

Posts: 12,182

Re: [SOLVED] Signature is marginal trust, also after update.

update archlinux-keyring first'
Wow, I really need to read better.

See https://wiki.archlinux.org/title/Pacman … l_the_keys

You did the steps there *except* removing the old keyring first. Note that you'll need to redo the key for your 3rd party repo.

Last edited by Scimmia (2023-11-19 12:31:17)

crem

Member

Registered: 2018-01-14

Posts: 41

Re: [SOLVED] Signature is marginal trust, also after update.

Thanks, deleting /etc/pacman.d/gnupg and retrying the same steps indeed worked!