Hello Dave,

You can get past this by typing
pacman-key --recv-keys 76A5EF9054449A5C

This will refresh Pierre Schmitz's key.    You can check the key id at https://pierre-schmitz.com/about/gpg-keys/pierre-packager-key/

Merry Christmas!

Frank

On Sun, Dec 25, 2022 at 12:03 AM <arch-general-request@lists.archlinux.org> wrote:
Send Arch-general mailing list submissions to
        arch-general@lists.archlinux.org

To subscribe or unsubscribe via email, send a message with subject or
body 'help' to
        arch-general-request@lists.archlinux.org

You can reach the person managing the list at
        arch-general-owner@lists.archlinux.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Arch-general digest..."Today's Topics:

   1. pacstrap complaining about corrupt package (David N Murray)
   2. Re: pacstrap complaining about corrupt package (Mike Yuan)



---------- Forwarded message ----------
From: David N Murray <dmurray@jsbsystems.com>
To: arch-general@lists.archlinux.org
Cc: 
Bcc: 
Date: Sun, 25 Dec 2022 00:12:32 -0500
Subject: pacstrap complaining about corrupt package
Hi all,
Trying to install Arch on a new birthday/Christmas present. I'm manually copying this (abbreviated) because I can't figure out how to get the text off the new box:
# pacstrap /mnt linux linux-firmware base btrfs-progs intel-ucode nano iw
[snipped the package list and stuff]
:: Retrieving packages...
 openssl-3.0.7-4-x86_64 ...
(126/126) checking keys in keyring
(126/126) checking package integrity
error: openssl: signature from "Pierre Schmitz <pierre@archlinux.org>" is marginal trust
:: File /mnt/var/cache/pacman/pkg/openssl-3.0.7-4-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
[failure messages]

Things I've tried/checked:
* clock on the new box has correct time
* pacman -Syu from another machine. That pulled down a new archlinux-keyring and openssl-3.0.7-4 and it ran fine
* new machine has same mirrorlist that worked with the pacman -Syu
* commented out mirrorlist entries one-at-a-time to see if it was one mirror problem. 5 servers all give the same results.

The other 125 packages that were downloaded all passed the integrity check (I think).

Any suggestions?

TIA,
Dave Murray



---------- Forwarded message ----------
From: Mike Yuan <me@yhndnzj.com>
To: David N Murray <dmurray@jsbsystems.com>
Cc: arch-general@lists.archlinux.org
Bcc: 
Date: Sun, 25 Dec 2022 13:17:14 +0800
Subject: Re: pacstrap complaining about corrupt package
The keyring shipped in the 2022.12.01 ISO is outdated. You’ll need to update it using `pacman -Sy archlinux-keyring` first before pacstrap-ping :)

Hi all,
Trying to install Arch on a new birthday/Christmas present. I'm manually copying this (abbreviated) because I can't figure out how to get the text off the new box:
# pacstrap /mnt linux linux-firmware base btrfs-progs intel-ucode nano iw
[snipped the package list and stuff]
:: Retrieving packages...
 openssl-3.0.7-4-x86_64 ...
(126/126) checking keys in keyring
(126/126) checking package integrity
error: openssl: signature from "Pierre Schmitz <pierre@archlinux.org>" is marginal trust
:: File /mnt/var/cache/pacman/pkg/openssl-3.0.7-4-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
[failure messages]

Things I've tried/checked:
* clock on the new box has correct time
* pacman -Syu from another machine. That pulled down a new archlinux-keyring and openssl-3.0.7-4 and it ran fine
* new machine has same mirrorlist that worked with the pacman -Syu
* commented out mirrorlist entries one-at-a-time to see if it was one mirror problem. 5 servers all give the same results.

The other 125 packages that were downloaded all passed the integrity check (I think).

Any suggestions?

TIA,
Dave Murray
_______________________________________________
Arch-general mailing list -- arch-general@lists.archlinux.org
To unsubscribe send an email to arch-general-leave@lists.archlinux.org