[arch-general] Invalid signatures
Saw these errors from pacman today, which are preventing me from upgrading some packages: error: directfb: signature from "Eric Belanger <eric@archlinux.org>" is invalid error: xmms2: signature from "Sergej Pupykin <arch@sergej.pp.ru>" is invalid error: failed to commit transaction (invalid or corrupted package (PGP signature)) Anyone have an idea what's up? DR
On Tue, Nov 06, 2012 at 01:50:01PM -0500, David Rosenstrauch wrote:
Saw these errors from pacman today, which are preventing me from upgrading some packages:
error: directfb: signature from "Eric Belanger <eric@archlinux.org>" is invalid error: xmms2: signature from "Sergej Pupykin <arch@sergej.pp.ru>" is invalid error: failed to commit transaction (invalid or corrupted package (PGP signature))
Anyone have an idea what's up?
DR
Nuke the packages from your cache, and redownload them. The error message is misleading -- the signatures are invalid FOR the packages, meaning the package data is not what the signature "expected". The situation is much improved come pacman 4.1 -- we'll just prompt you to delete the package, much like we did historically when a package failed checksums. d
On Tue, 6 Nov 2012 14:02:23 -0500 Dave Reisner <d@falconindy.com> wrote:
On Tue, Nov 06, 2012 at 01:50:01PM -0500, David Rosenstrauch wrote:
Saw these errors from pacman today, which are preventing me from upgrading some packages:
error: directfb: signature from "Eric Belanger <eric@archlinux.org>" is invalid error: xmms2: signature from "Sergej Pupykin <arch@sergej.pp.ru>" is invalid error: failed to commit transaction (invalid or corrupted package (PGP signature))
Anyone have an idea what's up?
DR
Nuke the packages from your cache, and redownload them. The error message is misleading -- the signatures are invalid FOR the packages, meaning the package data is not what the signature "expected".
The situation is much improved come pacman 4.1 -- we'll just prompt you to delete the package, much like we did historically when a package failed checksums.
d
A bit OT, but anyway... Are there any plans for actually storing *.sig files in the cache alongside the packages? This costs a tiny amount of space, but IMHO will make verification (especially of old packages) much easier. -- Leonid Isaev GnuPG key: 0x164B5A6D Fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
Am 06.11.2012 20:11, schrieb Leonid Isaev:
A bit OT, but anyway... Are there any plans for actually storing *.sig files in the cache alongside the packages? This costs a tiny amount of space, but IMHO will make verification (especially of old packages) much easier.
pacman does not download them, so it cannot store them. Signatures are contained in the db file.
On Tue, 06 Nov 2012 20:33:20 +0100 Thomas Bächler <thomas@archlinux.org> wrote:
Am 06.11.2012 20:11, schrieb Leonid Isaev:
A bit OT, but anyway... Are there any plans for actually storing *.sig files in the cache alongside the packages? This costs a tiny amount of space, but IMHO will make verification (especially of old packages) much easier.
pacman does not download them, so it cannot store them.
Signatures are contained in the db file.
Yes, but it's only for the current (latest synced) set of packages, and even then I have to parse the desc files and filter the ascii sigs through base64, all outside of pacman which I think does it anyway at the verification stage. Hence my question. For example, I don't mind a performance hit due to regeneration of all binary signatures on the fly. Just an opinion though... -- Leonid Isaev GnuPG key: 0x164B5A6D Fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
On Tue, Nov 06, 2012 at 01:11:38PM -0600, Leonid Isaev wrote:
On Tue, 6 Nov 2012 14:02:23 -0500 Dave Reisner <d@falconindy.com> wrote:
On Tue, Nov 06, 2012 at 01:50:01PM -0500, David Rosenstrauch wrote:
Saw these errors from pacman today, which are preventing me from upgrading some packages:
error: directfb: signature from "Eric Belanger <eric@archlinux.org>" is invalid error: xmms2: signature from "Sergej Pupykin <arch@sergej.pp.ru>" is invalid error: failed to commit transaction (invalid or corrupted package (PGP signature))
Anyone have an idea what's up?
DR
Nuke the packages from your cache, and redownload them. The error message is misleading -- the signatures are invalid FOR the packages, meaning the package data is not what the signature "expected".
The situation is much improved come pacman 4.1 -- we'll just prompt you to delete the package, much like we did historically when a package failed checksums.
d
A bit OT, but anyway... Are there any plans for actually storing *.sig files in the cache alongside the packages? This costs a tiny amount of space, but IMHO will make verification (especially of old packages) much easier.
We don't have any plans right now to do this. d
On Tue, Nov 6, 2012 at 7:50 PM, David Rosenstrauch <darose@darose.net> wrote:
Saw these errors from pacman today, which are preventing me from upgrading some packages:
error: directfb: signature from "Eric Belanger <eric@archlinux.org>" is invalid error: xmms2: signature from "Sergej Pupykin <arch@sergej.pp.ru>" is invalid error: failed to commit transaction (invalid or corrupted package (PGP signature))
Anyone have an idea what's up?
DR
Try https://wiki.archlinux.org/index.php/Pacman#Q:_I_keep_getting_a_.22failed_to... (next to last question)
participants (5)
-
Dave Reisner
-
David Rosenstrauch
-
Karol Blazewicz
-
Leonid Isaev
-
Thomas Bächler