I am unable to upgrade my system today
Hi, I tried to pacman -Suy today and it failed: (42/42) checking keys in keyring [##############################################################################################] 100% warning: Public keyring not found; have you run 'pacman-key --init'? downloading required keys... error: keyring is not writable error: keyring is not writable error: keyring is not writable error: keyring is not writable error: keyring is not writable error: keyring is not writable error: keyring is not writable error: keyring is not writable error: required key missing from keyring error: failed to commit transaction (unexpected error) Errors occurred, no packages were upgraded. Then I checked database with pacman-key: [root@archdevel ~]# pacman-key --list-sigs ==> ERROR: You do not have sufficient permissions to read the pacman keyring. ==> Use 'pacman-key --init' to correct the keyring permissions. [root@archdevel ~]# pacman-key --init ==> Generating pacman master key. This may take some time. gpg: Generating pacman keyring master key... gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/A99B568F9C124056C01DEBFAE33864D7C9C3D4FB.rev' gpg: Done ==> Updating trust database... gpg: public key of ultimately trusted key 489992F0B03F986A not found gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u ==> ERROR: Trust database could not be updated. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Is this a root of my problem? [root@archdevel ~]# gpg --homedir /etc/pacman.d/gnupg --list-keys gpg: WARNING: unsafe permissions on homedir '/etc/pacman.d/gnupg' /etc/pacman.d/gnupg/pubring.kbx ------------------------------- pub rsa4096 2014-11-04 [SC] 5C81C9D6C8D7475DF65A0C884FE7F4FEAC8EBE67 uid [ unknown] Justin Kromlinger <hashworks@archlinux.org [a lot of entries....] Then I tried again: [root@archdevel ~]# pacman -Suy -v Root : / Conf File : /etc/pacman.conf DB Path : /var/lib/pacman/ Cache Dirs: /var/cache/pacman/pkg/ Hook Dirs : /usr/share/libalpm/hooks/ /etc/pacman.d/hooks/ Lock File : /var/lib/pacman/db.lck Log File : /var/log/pacman.log GPG Dir : /etc/pacman.d/gnupg/ Targets : None :: Synchronizing package databases... core is up to date extra is up to date community is up to date multilib is up to date :: Starting full system upgrade... resolving dependencies... looking for conflicting packages... Packages (41) btrfs-progs-6.5.1-1 chromium-117.0.5938.62-1 cmake-3.27.5-1 code-1.82.0-2 containerd-1.7.6-1 curl-8.3.0-1 dotnet-host-7.0.11.sdk111-1 dotnet-runtime-7.0.11.sdk111-1 dotnet-sdk-7.0.11.sdk111-1 dotnet-targeting-pack-7.0.11.sdk111-1 ffmpeg-2:6.0-10 filelight-23.08.1-1 firefox-117.0.1-1 ghostscript-10.02.0-1 glib2-2.78.0-2 graphviz-9.0.0-1 kompare-23.08.1-1 lib32-curl-8.3.0-1 lib32-glib2-2.78.0-2 lib32-libtiff-4.6.0-1 libarchive-3.7.2-1 libimagequant-4.2.1-1 libkomparediff2-23.08.1-1 liblouis-3.27.0-1 libportal-0.7-1 libportal-gtk3-0.7-1 libreoffice-fresh-7.6.1-1 librsvg-2:2.57.0-1 libtiff-4.6.0-1 libwebp-1.3.2-1 linux-6.5.3.arch1-1 linux-headers-6.5.3.arch1-1 linux-lts-6.1.53-1 linux-lts-headers-6.1.53-1 netstandard-targeting-pack-7.0.11.sdk111-1 nvidia-535.104.05-6 python-gobject-3.46.0-1 python-sphinx-7.2.6-1 qt5-script-5.15.15-1 qt5-webengine-5.15.15-1 sqlite-3.43.1-1 Total Installed Size: 2583.28 MiB Net Upgrade Size: -0.07 MiB :: Proceed with installation? [Y/n] y (41/41) checking keys in keyring [##############################################################################################] 100% downloading required keys... :: Import PGP key 771DF6627EDF681F, "Tobias Powalowski <tpowa@archlinux.org>"? [Y/n] y :: Import PGP key 3B94A80E50A477C7, "Jan Alexander Steffens (heftig) <heftig@archlinux.org>"? [Y/n] y :: Import PGP key 6D42BDD116E0068F, "Christian Hesse <eworm@archlinux.org>"? [Y/n] y :: Import PGP key 94657AB20F2A092B, "Andreas Radke <andyrtr@archlinux.org>"? [Y/n] y :: Import PGP key 51E8B148A9999C34, "Evangelos Foutras <foutrelis@archlinux.org>"? [Y/n] y :: Import PGP key 7A4E76095D8A52E4, "Antonio Rojas <arojas@archlinux.org>"? [Y/n] y :: Import PGP key EA4F7B321A906AD9, "Daniel M. Capella <polyzen@archlinux.org>"? [Y/n] y y( 9/41) checking package integrity [###########-----------------------------------------------------------------------------------] 12(41/41) checking package integrity [##############################################################################################] 100% error: btrfs-progs: signature from "Tobias Powalowski <tpowa@archlinux.org>" is unknown trust :: File /var/cache/pacman/pkg/btrfs-progs-6.5.1-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] n Following wiki I tried to repopulate database: [root@archdevel ~]# pacman-key --populate ==> Appending keys from archlinux.gpg... gpg: public key of ultimately trusted key 489992F0B03F986A not found ==> Locally signing trusted keys in keyring... ==> ERROR: 2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E could not be locally signed. ==> ERROR: 69E6471E3AE065297529832E6BA0F5A2037F4F41 could not be locally signed. ==> ERROR: D8AFDDA07A5B6EDFA7D8CCDAD6D055F927843F1C could not be locally signed. ==> ERROR: 91FFE0700E80619CEB73235CA88E23E377514E00 could not be locally signed. [root@archdevel ~]# pacman-key --refresh-keys gpg: key 4FE7F4FEAC8EBE67: "Justin Kromlinger <justin@kromlinger.eu>" not changed gpg: key 4FE7F4FEAC8EBE67: "Justin Kromlinger <justin@kromlinger.eu>" not changed gpg: Total number processed: 2 gpg: unchanged: 2 [lot of entries, some errors like this: ==> ERROR: Could not update key: BBE43771487328A9 gpg: error retrieving 'ibiru@archlinux.org' via WKD: No data gpg: error reading key: No data gpg: refreshing 1 key from hkp://pool.sks-keyservers.net gpg: keyserver refresh failed: No name ==> ERROR: Could not update key: E8F18BA1615137BC gpg: error retrieving 'jonno.conder@gmail.com' via WKD: No data gpg: error reading key: No data gpg: refreshing 1 key from hkp://pool.sks-keyservers.net gpg: keyserver refresh failed: No name ==> ERROR: Could not update key: AF7EF7873CFD4BB6 ...] Now I am not even able to reinstall archlinux-keyring: [root@archdevel ~]# pacman -S archlinux-keyring warning: archlinux-keyring-20230821-2 is up to date -- reinstalling resolving dependencies... looking for conflicting packages... Packages (1) archlinux-keyring-20230821-2 Total Installed Size: 1.62 MiB Net Upgrade Size: 0.00 MiB :: Proceed with installation? [Y/n] y (1/1) checking keys in keyring [##############################################################################################] 100% (1/1) checking package integrity [##############################################################################################] 100% error: archlinux-keyring: signature from "Christian Hesse <eworm@archlinux.org>" is unknown trust :: File /var/cache/pacman/pkg/archlinux-keyring-20230821-2-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] n What could I do to fix this problem? Do I understand it right that ths is a problem with pacman-key --init ? Regards, Łukasz
On 23-09-15 09:49:13, Łukasz Michalski wrote:
Hi,
I tried to pacman -Suy today and it failed:
...
What could I do to fix this problem? Do I understand it right that ths is a problem with pacman-key --init ?
Regards, Łukasz
It's a bit of a longshot but there's few things you could check, at least it won't make your situation any worse. check the keyring package if it's actually ok $ cd /var/cache/pacman/pkg $ echo "1adcb1f1599b24ff357573996e4064ba9155f90e7998c3289520f6d97ca20189 archlinux-keyring-20230821-2-any.pkg.tar.zst" | sha256sum - if not, clear cache (or just package) and $ pacman -Sy archlinux-keyring if system clock is not correct, pacman-key might fail $ timedatectl https://wiki.archlinux.org/title/Pacman/Package_signing#Troubleshooting But it seems such a mess, I'd probably go with this $ sudo pacman -Scc $ sudo rm -r /etc/pacman.d/gnupg $ sudo pacman-key --init $ sudo pacman-key --populate archlinux $ sudo pacman -Sy archlinux-keyring to have clean slate, because it would seem you've tried all kinds of things gpg: WARNING: unsafe permissions on homedir '/etc/pacman.d/gnupg' is not good nor running constantly as root if you do this you'll have to add all the unofficial keys again (if you had any) https://wiki.archlinux.org/title/Pacman/Package_signing#Adding_unofficial_ke... if that doesn't work there's maybe some hardware error, faulty disk or such
On 9/15/23 12:34, moxie.arch@posteo.net wrote:
But it seems such a mess, I'd probably go with this $ sudo pacman -Scc $ sudo rm -r /etc/pacman.d/gnupg $ sudo pacman-key --init $ sudo pacman-key --populate archlinux $ sudo pacman -Sy archlinux-keyring
to have clean slate, because it would seem you've tried all kinds of things gpg: WARNING: unsafe permissions on homedir '/etc/pacman.d/gnupg' is not good nor running constantly as root
Many thanks. Those steps fixed my problem. I have not done pacman -Scc, because I need old cache for my pacnewhelper[1] scripts. Besides sha256 sum was correct on archlinux-keyring package. It seems that /etc/pacman.d/gnupg somehow gets corrupted. I did not touch anything there, I only use yay and pacman to upgrade. Regards, Łukasz [1] https://github.com/BlackZork/pacnewhelper
participants (2)
-
moxie.arch@posteo.net
-
Łukasz Michalski