You are not logged in.

#1 2023-12-02 12:48:38

millus
Member
Registered: 2019-07-21
Posts: 193

pacman suddenly complains about keyring

I just did the usual pacman -Syu but suddenly this appeared:

Total (81/81)           2.5 GiB  48.6 MiB/s 00:53 [######################] 100%
(81/81) checking keys in keyring                   [######################] 100%
warning: Public keyring not found; have you run 'pacman-key --init'?
downloading required keys...
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
millus@archlinux:~$ sudo pacman-key --init
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/2576F9EF69828A65C473AE29ABE10AC64D696D50.rev'
gpg: Done
==> Updating trust database...
gpg: public key of ultimately trusted key E1890E3BDD22754D not found
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
==> ERROR: Trust database could not be updated.

Any idea why this keyring is suddenly not writable or how to make it writable again or maybe if this is not the REAL problem underneath? This sounds pretty scary and I'm not confident here >_>
I swear I have not done anything regarding system administration or w/e that could possibly mess with keyrings, I don't even know how, I've been just doing pacman -Syu every 1-2 weeks or so, for months ^^.

Last edited by millus (2023-12-02 12:53:50)

Offline

#2 2023-12-02 13:01:45

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,327

Offline

#3 2023-12-02 13:14:04

millus
Member
Registered: 2019-07-21
Posts: 193

Re: pacman suddenly complains about keyring

uh, instead of just deleting that folder as suggested in that solution, I made a backup to be safe.
It seems that worked though, was it actually something safe to do, or would this in theory invite intrusions/malicious code if anything on the archlinux repo side ever got corrupted?
So, everything seems to be running fine again, thank you. Funny though that this bug report was in 2022 already.

I just got some warnings during Syu, I hope I can just ignore these safely?

( 4/81) upgrading archlinux-keyring                [######################] 100%
gpg: WARNING: server 'gpg-agent' is older than us (2.2.41 < 2.4.3)
gpg: Note: Outdated servers may lack important security fixes.
gpg: Note: Use the command "gpgconf --kill all" to restart them.
gpg: problem with fast path key listing: IPC parameter error - ignored
==> Appending keys from archlinux.gpg...
gpg: WARNING: server 'gpg-agent' is older than us (2.2.41 < 2.4.3)
gpg: WARNING: server 'gpg-agent' is older than us (2.2.41 < 2.4.3)
gpg: problem with fast path key listing: IPC parameter error - ignored
gpg: WARNING: server 'gpg-agent' is older than us (2.2.41 < 2.4.3)
gpg: problem with fast path key listing: IPC parameter error - ignored
gpg: WARNING: server 'gpg-agent' is older than us (2.2.41 < 2.4.3)
gpg: problem with fast path key listing: IPC parameter error - ignored
gpg: WARNING: server 'gpg-agent' is older than us (2.2.41 < 2.4.3)
gpg: problem with fast path key listing: IPC parameter error - ignored
gpg: WARNING: server 'gpg-agent' is older than us (2.2.41 < 2.4.3)
gpg: problem with fast path key listing: IPC parameter error - ignored
gpg: WARNING: server 'gpg-agent' is older than us (2.2.41 < 2.4.3)
gpg: problem with fast path key listing: IPC parameter error - ignored
==> Updating trust database...
gpg: next trustdb check due at 2023-12-31

Last edited by millus (2023-12-02 13:19:18)

Offline

#4 2023-12-02 15:50:18

loqs
Member
Registered: 2014-03-06
Posts: 17,122

Re: pacman suddenly complains about keyring

millus wrote:

It seems that worked though, was it actually something safe to do, or would this in theory invite intrusions/malicious code if anything on the archlinux repo side ever got corrupted?

Package_signing#Resetting_all_the_keys does not rely on the archlinux repo beyond the already installed packages pacman and archlinux-keyring have both been obtained from them.  A compromised package that is signed with a trusted signature is an unrelated issue to locally resetting pacman's keyring.

Offline

Board footer

Powered by FluxBB