You are not logged in.
Hello,
Attempting to update the keyring to the most recent release to clear up a set of PGP trust errors that prevent normal upgrade due to invalid PGP keys.
However the same error occurs.
~]$ sudo pacman -Sy --needed archlinux-keyring && pacman -Su
:: Synchronizing package databases...
core 128.6 KiB 246 KiB/s 00:01 [############################################] 100%
extra is up to date
resolving dependencies...
looking for conflicting packages...
Packages (1) archlinux-keyring-20240313-1
Total Installed Size: 1.66 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring [############################################] 100%
(1/1) checking package integrity [############################################] 100%
error: archlinux-keyring: signature from "Christian Hesse <eworm@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20240313-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
It appears that the keys of at least one specific developer appear to my machine as invalid.
Now I look to the Arch Developers page and find that indeed eworm is a legit developer: https://archlinux.org/people/developers/#eworm
The link to his keyserver confirms this: https://keyserver.ubuntu.com/pks/lookup … 74498E9CEE
However if you see the most recent key, it is listed as 'revok'.
Is this the root problem? Is it advisable to simply modify the trust rating of eworm arbitrarily?
Last edited by dootfs (2024-03-25 17:33:36)
Offline
Hello. No, the trust shouldn’t require manual adjustment. Please follow resetting all pacman keys section and see if that helps.
For comparison in archlinux-keyring 20240313 this key is implicitly trusted:
$ pacman -Q archlinux-keyring; pacman-key --list-sigs 02FD1C7A934E614545849F19A6234074498E9CEE
archlinux-keyring 20240313-1
gpg: Note: trustdb not writable
pub rsa2048 2011-08-12 [SC]
02FD1C7A934E614545849F19A6234074498E9CEE
sig R A6234074498E9CEE 2013-01-14 [self-signature]
sig R A6234074498E9CEE 2013-02-04 [self-signature]
uid [ full ] Christian Hesse <eworm@archlinux.org>
sig 3 A6234074498E9CEE 2020-02-04 [self-signature]
sig 3 A6234074498E9CEE 2022-12-01 [self-signature]
sig 3348882F6AC6A4C2 2022-01-22 Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sig 4DC95B6D7BE9892E 2021-10-28 David Runge (Arch Linux Master Key) <dvzrv@master-key.archlinux.org>
sig 6BA0F5A2037F4F41 2022-11-29 Johannes Löthberg (Arch Linux Master Key) <demize@master-key.archlinux.org>
sig A88E23E377514E00 2022-02-06 Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sig B1B73B02CC52A02A 2022-07-10 Jonas Witschel (Arch Linux Master Key) <diabonas@master-key.archlinux.org>
sig BA1DFB64FFF979E7 2020-08-18 Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig D6D055F927843F1C 2022-01-12 Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>
sig F8B821B42A6FDCD7 2023-10-25 Leonidas Spyropoulos (Arch Linux Master Key) <artafinde@master-key.archlinux.org>
sub rsa2048 2011-08-12 [E]
sig A6234074498E9CEE 2011-08-12 [self-signature]
sig N A6234074498E9CEE 2022-07-09 [self-signature]
sub ed25519 2019-08-29 [S]
sig A6234074498E9CEE 2019-08-29 [self-signature]
sub cv25519 2019-08-29 [E]
sig A6234074498E9CEE 2019-08-29 [self-signature]
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
Hello and thanks,
Resetting all pacman keys solved the problem!
It was simple enough:
First delete the gpg files
~]$ sudo rm -rf /etc/pacman.d/gnupg
Then initialize and populate
~]$ sudo pacman-key --init && sudo pacman-key --populate
Then refresh just to be safe
~]$ sudo pacman-key --refresh-keys
And now the keyring can be downloaded, and upgrades can proceed as normal.
Thanks!
Offline