[arch-general] Unknown Trust and Corrupted Package
Hi, I'm receiving message about unknown trust while trying to install the confuse package. $ sudo pacman -S confuse resolving dependencies... looking for conflicting packages... Packages (1) confuse-2.8-1 Total Download Size: 0.03 MiB Total Installed Size: 0.11 MiB :: Proceed with installation? [Y/n] y :: Retrieving packages ... confuse-2.8-1-x86_64 33.8 KiB 4.72M/s 00:00 [######################] 100% (1/1) checking keys in keyring [######################] 100% (1/1) checking package integrity [######################] 100% error: confuse: signature from "Thorsten Töpper <atsutane@freethoughts.de>" is unknown trust :: File /var/cache/pacman/pkg/confuse-2.8-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] y error: failed to commit transaction (invalid or corrupted package (PGP signature)) Errors occurred, no packages were upgraded. -- Jayesh Badwaik
On 01/25/2016 03:17 AM, Jayesh Badwaik wrote:
Hi,
I'm receiving message about unknown trust while trying to install the confuse package.
Looks like people tend to forget about updating pacman keyring. pacman-key --refresh-keys cheers, anthraxx
On Monday, 25 January 2016 03:23:25 IST Levente Polyak wrote:
Looks like people tend to forget about updating pacman keyring.
pacman-key --refresh-keys
Oops, feel very silly now. -- Cheers Jayesh Badwaik
On Sun, Jan 24, 2016 at 9:03 PM, Jayesh Badwaik <archlinux@jayeshbadwaik.in> wrote:
On Monday, 25 January 2016 03:23:25 IST Levente Polyak wrote:
Looks like people tend to forget about updating pacman keyring.
pacman-key --refresh-keys
Oops, feel very silly now.
Interesting, I just had a similar issue when installing i3-wm on a fresh install for my laptop. Good to know it was just about refreshing the keys. Thank you all, Jonathan
Le 25 janvier 2016 03:23:25 GMT+01:00, Levente Polyak <anthraxx@archlinux.org> a écrit :
On 01/25/2016 03:17 AM, Jayesh Badwaik wrote:
Hi,
I'm receiving message about unknown trust while trying to install the confuse package.
Looks like people tend to forget about updating pacman keyring.
pacman-key --refresh-keys
cheers, anthraxx
Definitely, just ran into the same issue and had more than thousand new sigs… Is there somewhere on the wiki, especially beginner guide or install one where it’s advised to do this on a regular basis? (I’m on mobile right now, not easy to check) Bruno
On Monday, 25 January 2016 09:00:43 IST Bruno Pagani wrote:
Is there somewhere on the wiki, especially beginner guide or install one where it’s advised to do this on a regular basis? (I’m on mobile right now, not easy to check)
I found this [1], which suggests that the changes should be updated in the archlinux-keyring package, but that may not be enough if the keyring package is not recent enough. -- Cheers Jayesh Badwaik [1] https://wiki.archlinux.org/index.php/Pacman/ Package_signing#Adding_developer_keys
It is in testing; updating the keyring pkg from testing fixed the issue on my box. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Looks like people tend to forget about updating pacman keyring.
pacman-key --refresh-keys
is'n this done automatically? should it?
I personally can't see how it (an upgrade hook in a package) could. The pacman-keyring package can (and does) do some maintenance operations on upgrades, but things like OP's issue (I noticed the same thing as well) is more likely to occur due to a completely unrelated package coming with signatures from a new key without the pacman-key package being touched. What could be done would be to make pacman automatically download any and all needed keys without user intervention. This shouldn't be a security issue since the web of trust should still be enforced (i.e. this wouldn't mean you'd just blindly trust random keys, just that pacman would do the equivalent of `pacman-key --refresh` when necessary). I don't know if this has already been considered and rejected by the pacman devs.
Looks like people tend to forget about updating pacman keyring.
pacman-key --refresh-keys
huh, now what? # pacman-key --refresh-keys gpg: refreshing 85 keys from hkp://keys.gnupg.net gpg: keyserver refresh failed: Permission denied ==> ERROR: A specified local key could not be updated from a keyserver. -- damjan
On 01/25/2016 10:27 AM, Damjan Georgievski wrote:
huh, now what? [...] gpg: keyserver refresh failed: Permission denied
As the error message indicates, you need to do that as root. It's also possible to grab the new archlinux-keyring package from [testing]. cheers, Levente
participants (7)
-
Bruno Pagani
-
Damjan Georgievski
-
Emil Lundberg
-
Jayesh Badwaik
-
Jonathan Villatoro
-
Levente Polyak
-
Stefan Tatschner