Re: [arch-general] [arch-dev-public] Pacman 4.0.0 RC1 "release"
On Thu, Aug 11, 2011 at 12:28, Dan McGee <dpmcgee@gmail.com> wrote:
For the daring, pick your poison (by architecture):
* pacman -U http://dev.archlinux.org/~dan/pacman-4.0.0rc1-1-i686.pkg.tar.gz * pacman -U http://dev.archlinux.org/~dan/pacman-4.0.0rc1-1-x86_64.pkg.tar.gz
Allan, Dave, and I (and probably a few others) run pacman-git on most of our systems with no problems, so their should be no real shockers or problems if you give this a spin. There are no database upgrades or changes this time so downgrading later should work fine if truly necessary.
What we're looking for feedback on:
* any build failures in makepkg you may see * if you manage a custom repo, how does repo-add work for you * does pacman behave as it did before * if you want to sign packages, does the functionality in makepkg and the documentation make sense * same for signing repos- does it work for you
What we know isn't there yet: * translations * a developer keyring (or keyring package)- if you delve into this, you will need to look at pacman-key for now * great error messages on verification failure, or ability to import keys on the fly if it is unknown
Note that we'd love testing even if you don't plan on touching any of the new signing stuff- there were 500+ commits worth of changes in this release, including a switch to curl as the download library, so anything out of the ordinary should be reported. Please choose -git as the version in the bugtracker if you do it that way, otherwise email pacman-dev.
Happy testing!
-Dan
This may not be in the right place but I just experienced an error while upgrading. This is the first hiccup I've noticed since installing the pacman-4.0.0.rc1. I put a copy of the pacman log for the last two days and the error messages I'm receiving here: http://pastebin.com/WsCJPpqk . This is a sample of the error, :: File /var/cache/pacman/pkg/avahi-0.6.30-5-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). It was the same for device-mapper, eject, fakeroot, and lvm2. I tried changing mirrors from rit.edu to mirrors1.kernel.org and resyncing with pacman -Syy. I still received the same errors. Other packages upgraded just fine, inetutils; net-tools; atool. Since I'm not familiar enough with the pacman code I'm not sure where to go next. If I need to file a bug report I will be glad to. Thanks. Myra -- Life's fun when your sick and psychotic!
On 21/08/11 17:40, Myra Nelson wrote:
On Thu, Aug 11, 2011 at 12:28, Dan McGee<dpmcgee@gmail.com> wrote:
For the daring, pick your poison (by architecture):
* pacman -U http://dev.archlinux.org/~dan/pacman-4.0.0rc1-1-i686.pkg.tar.gz * pacman -U http://dev.archlinux.org/~dan/pacman-4.0.0rc1-1-x86_64.pkg.tar.gz
Allan, Dave, and I (and probably a few others) run pacman-git on most of our systems with no problems, so their should be no real shockers or problems if you give this a spin. There are no database upgrades or changes this time so downgrading later should work fine if truly necessary.
What we're looking for feedback on:
* any build failures in makepkg you may see * if you manage a custom repo, how does repo-add work for you * does pacman behave as it did before * if you want to sign packages, does the functionality in makepkg and the documentation make sense * same for signing repos- does it work for you
What we know isn't there yet: * translations * a developer keyring (or keyring package)- if you delve into this, you will need to look at pacman-key for now * great error messages on verification failure, or ability to import keys on the fly if it is unknown
Note that we'd love testing even if you don't plan on touching any of the new signing stuff- there were 500+ commits worth of changes in this release, including a switch to curl as the download library, so anything out of the ordinary should be reported. Please choose -git as the version in the bugtracker if you do it that way, otherwise email pacman-dev.
Happy testing!
-Dan
This may not be in the right place but I just experienced an error while upgrading. This is the first hiccup I've noticed since installing the pacman-4.0.0.rc1. I put a copy of the pacman log for the last two days and the error messages I'm receiving here: http://pastebin.com/WsCJPpqk .
This is a sample of the error, :: File /var/cache/pacman/pkg/avahi-0.6.30-5-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). It was the same for device-mapper, eject, fakeroot, and lvm2.
I tried changing mirrors from rit.edu to mirrors1.kernel.org and resyncing with pacman -Syy. I still received the same errors. Other packages upgraded just fine, inetutils; net-tools; atool. Since I'm not familiar enough with the pacman code I'm not sure where to go next. If I need to file a bug report I will be glad to.
Use --debug to get more detailed error messages. Basically, signatures are now being included in our repo databases. You do not have them in your pacman keyring so pacman can not validate the package. Read the man pages for pacman-key and pacman.conf to find out more on how to configure your system to deal with this. You can get developer keys from: http://www.archlinux.org/developers/ Allan
On Sun, Aug 21, 2011 at 02:52, Allan McRae <allan@archlinux.org> wrote:
On 21/08/11 17:40, Myra Nelson wrote:
On Thu, Aug 11, 2011 at 12:28, Dan McGee<dpmcgee@gmail.com> wrote:
For the daring, pick your poison (by architecture):
* pacman -U http://dev.archlinux.org/~dan/pacman-4.0.0rc1-1-i686.pkg.tar.gz * pacman -U http://dev.archlinux.org/~dan/pacman-4.0.0rc1-1-x86_64.pkg.tar.gz
Allan, Dave, and I (and probably a few others) run pacman-git on most of our systems with no problems, so their should be no real shockers or problems if you give this a spin. There are no database upgrades or changes this time so downgrading later should work fine if truly necessary.
What we're looking for feedback on:
* any build failures in makepkg you may see * if you manage a custom repo, how does repo-add work for you * does pacman behave as it did before * if you want to sign packages, does the functionality in makepkg and the documentation make sense * same for signing repos- does it work for you
What we know isn't there yet: * translations * a developer keyring (or keyring package)- if you delve into this, you will need to look at pacman-key for now * great error messages on verification failure, or ability to import keys on the fly if it is unknown
Note that we'd love testing even if you don't plan on touching any of the new signing stuff- there were 500+ commits worth of changes in this release, including a switch to curl as the download library, so anything out of the ordinary should be reported. Please choose -git as the version in the bugtracker if you do it that way, otherwise email pacman-dev.
Happy testing!
-Dan
This may not be in the right place but I just experienced an error while upgrading. This is the first hiccup I've noticed since installing the pacman-4.0.0.rc1. I put a copy of the pacman log for the last two days and the error messages I'm receiving here: http://pastebin.com/WsCJPpqk .
This is a sample of the error, :: File /var/cache/pacman/pkg/avahi-0.6.30-5-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). It was the same for device-mapper, eject, fakeroot, and lvm2.
I tried changing mirrors from rit.edu to mirrors1.kernel.org and resyncing with pacman -Syy. I still received the same errors. Other packages upgraded just fine, inetutils; net-tools; atool. Since I'm not familiar enough with the pacman code I'm not sure where to go next. If I need to file a bug report I will be glad to.
Use --debug to get more detailed error messages.
Basically, signatures are now being included in our repo databases. You do not have them in your pacman keyring so pacman can not validate the package. Read the man pages for pacman-key and pacman.conf to find out more on how to configure your system to deal with this.
You can get developer keys from: http://www.archlinux.org/developers/
Allan
Cool. That was the answer I was looking for. Myra -- Life's fun when your sick and psychotic!
On Sun, Aug 21, 2011 at 02:52, Allan McRae <allan@archlinux.org> wrote:
On 21/08/11 17:40, Myra Nelson wrote:
On Thu, Aug 11, 2011 at 12:28, Dan McGee<dpmcgee@gmail.com> wrote:
For the daring, pick your poison (by architecture):
* pacman -U http://dev.archlinux.org/~dan/pacman-4.0.0rc1-1-i686.pkg.tar.gz * pacman -U http://dev.archlinux.org/~dan/pacman-4.0.0rc1-1-x86_64.pkg.tar.gz
Allan, Dave, and I (and probably a few others) run pacman-git on most of our systems with no problems, so their should be no real shockers or problems if you give this a spin. There are no database upgrades or changes this time so downgrading later should work fine if truly necessary.
What we're looking for feedback on:
* any build failures in makepkg you may see * if you manage a custom repo, how does repo-add work for you * does pacman behave as it did before * if you want to sign packages, does the functionality in makepkg and the documentation make sense * same for signing repos- does it work for you
What we know isn't there yet: * translations * a developer keyring (or keyring package)- if you delve into this, you will need to look at pacman-key for now * great error messages on verification failure, or ability to import keys on the fly if it is unknown
Note that we'd love testing even if you don't plan on touching any of the new signing stuff- there were 500+ commits worth of changes in this release, including a switch to curl as the download library, so anything out of the ordinary should be reported. Please choose -git as the version in the bugtracker if you do it that way, otherwise email pacman-dev.
Happy testing!
-Dan
This may not be in the right place but I just experienced an error while upgrading. This is the first hiccup I've noticed since installing the pacman-4.0.0.rc1. I put a copy of the pacman log for the last two days and the error messages I'm receiving here: http://pastebin.com/WsCJPpqk .
This is a sample of the error, :: File /var/cache/pacman/pkg/avahi-0.6.30-5-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). It was the same for device-mapper, eject, fakeroot, and lvm2.
I tried changing mirrors from rit.edu to mirrors1.kernel.org and resyncing with pacman -Syy. I still received the same errors. Other packages upgraded just fine, inetutils; net-tools; atool. Since I'm not familiar enough with the pacman code I'm not sure where to go next. If I need to file a bug report I will be glad to.
Use --debug to get more detailed error messages.
Basically, signatures are now being included in our repo databases. You do not have them in your pacman keyring so pacman can not validate the package. Read the man pages for pacman-key and pacman.conf to find out more on how to configure your system to deal with this.
You can get developer keys from: http://www.archlinux.org/developers/
Allan
Works like a charm. Thanks again for the assistance. I missed #GPGDir = /etc/pacman.d/gnupg/ in the new pacman.conf file or I would have investigated further. I only had one other problem, importing Andreas Radke's key. I get a key not found error both when I click the link on the developers page and when I try to import the key with pacman-key. On to two more boxes. Myra -- Life's fun when your sick and psychotic!
On 22/08/11 03:10, Myra Nelson wrote:
On Sun, Aug 21, 2011 at 02:52, Allan McRae<allan@archlinux.org> wrote:
On 21/08/11 17:40, Myra Nelson wrote:
On Thu, Aug 11, 2011 at 12:28, Dan McGee<dpmcgee@gmail.com> wrote:
For the daring, pick your poison (by architecture):
* pacman -U http://dev.archlinux.org/~dan/pacman-4.0.0rc1-1-i686.pkg.tar.gz * pacman -U http://dev.archlinux.org/~dan/pacman-4.0.0rc1-1-x86_64.pkg.tar.gz
Allan, Dave, and I (and probably a few others) run pacman-git on most of our systems with no problems, so their should be no real shockers or problems if you give this a spin. There are no database upgrades or changes this time so downgrading later should work fine if truly necessary.
What we're looking for feedback on:
* any build failures in makepkg you may see * if you manage a custom repo, how does repo-add work for you * does pacman behave as it did before * if you want to sign packages, does the functionality in makepkg and the documentation make sense * same for signing repos- does it work for you
What we know isn't there yet: * translations * a developer keyring (or keyring package)- if you delve into this, you will need to look at pacman-key for now * great error messages on verification failure, or ability to import keys on the fly if it is unknown
Note that we'd love testing even if you don't plan on touching any of the new signing stuff- there were 500+ commits worth of changes in this release, including a switch to curl as the download library, so anything out of the ordinary should be reported. Please choose -git as the version in the bugtracker if you do it that way, otherwise email pacman-dev.
Happy testing!
-Dan
This may not be in the right place but I just experienced an error while upgrading. This is the first hiccup I've noticed since installing the pacman-4.0.0.rc1. I put a copy of the pacman log for the last two days and the error messages I'm receiving here: http://pastebin.com/WsCJPpqk .
This is a sample of the error, :: File /var/cache/pacman/pkg/avahi-0.6.30-5-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). It was the same for device-mapper, eject, fakeroot, and lvm2.
I tried changing mirrors from rit.edu to mirrors1.kernel.org and resyncing with pacman -Syy. I still received the same errors. Other packages upgraded just fine, inetutils; net-tools; atool. Since I'm not familiar enough with the pacman code I'm not sure where to go next. If I need to file a bug report I will be glad to.
Use --debug to get more detailed error messages.
Basically, signatures are now being included in our repo databases. You do not have them in your pacman keyring so pacman can not validate the package. Read the man pages for pacman-key and pacman.conf to find out more on how to configure your system to deal with this.
You can get developer keys from: http://www.archlinux.org/developers/
Allan
Works like a charm. Thanks again for the assistance. I missed #GPGDir = /etc/pacman.d/gnupg/ in the new pacman.conf file or I would have investigated further. I only had one other problem, importing Andreas Radke's key. I get a key not found error both when I click the link on the developers page and when I try to import the key with pacman-key.
You can get it from: https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages/Packager... Allan
On Sun, Aug 21, 2011 at 17:40, Allan McRae <allan@archlinux.org> wrote:
On 22/08/11 03:10, Myra Nelson wrote:
On Sun, Aug 21, 2011 at 02:52, Allan McRae<allan@archlinux.org> wrote:
On 21/08/11 17:40, Myra Nelson wrote:
On Thu, Aug 11, 2011 at 12:28, Dan McGee<dpmcgee@gmail.com> wrote:
For the daring, pick your poison (by architecture):
* pacman -U http://dev.archlinux.org/~dan/pacman-4.0.0rc1-1-i686.pkg.tar.gz * pacman -U http://dev.archlinux.org/~dan/pacman-4.0.0rc1-1-x86_64.pkg.tar.gz
Allan, Dave, and I (and probably a few others) run pacman-git on most of our systems with no problems, so their should be no real shockers or problems if you give this a spin. There are no database upgrades or changes this time so downgrading later should work fine if truly necessary.
What we're looking for feedback on:
* any build failures in makepkg you may see * if you manage a custom repo, how does repo-add work for you * does pacman behave as it did before * if you want to sign packages, does the functionality in makepkg and the documentation make sense * same for signing repos- does it work for you
What we know isn't there yet: * translations * a developer keyring (or keyring package)- if you delve into this, you will need to look at pacman-key for now * great error messages on verification failure, or ability to import keys on the fly if it is unknown
Note that we'd love testing even if you don't plan on touching any of the new signing stuff- there were 500+ commits worth of changes in this release, including a switch to curl as the download library, so anything out of the ordinary should be reported. Please choose -git as the version in the bugtracker if you do it that way, otherwise email pacman-dev.
Happy testing!
-Dan
This may not be in the right place but I just experienced an error while upgrading. This is the first hiccup I've noticed since installing the pacman-4.0.0.rc1. I put a copy of the pacman log for the last two days and the error messages I'm receiving here: http://pastebin.com/WsCJPpqk .
This is a sample of the error, :: File /var/cache/pacman/pkg/avahi-0.6.30-5-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). It was the same for device-mapper, eject, fakeroot, and lvm2.
I tried changing mirrors from rit.edu to mirrors1.kernel.org and resyncing with pacman -Syy. I still received the same errors. Other packages upgraded just fine, inetutils; net-tools; atool. Since I'm not familiar enough with the pacman code I'm not sure where to go next. If I need to file a bug report I will be glad to.
Use --debug to get more detailed error messages.
Basically, signatures are now being included in our repo databases. You do not have them in your pacman keyring so pacman can not validate the package. Read the man pages for pacman-key and pacman.conf to find out more on how to configure your system to deal with this.
You can get developer keys from: http://www.archlinux.org/developers/
Allan
Works like a charm. Thanks again for the assistance. I missed #GPGDir = /etc/pacman.d/gnupg/ in the new pacman.conf file or I would have investigated further. I only had one other problem, importing Andreas Radke's key. I get a key not found error both when I click the link on the developers page and when I try to import the key with pacman-key.
You can get it from: https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages/Packager...
Allan
Thank you again. Sorry to be such a pia. That took care of the gnutls update and I bookmarked the page. Myra -- Life's fun when your sick and psychotic!
On Mon-2011/08/22-00:40 Allan McRae wrote:
On 22/08/11 03:10, Myra Nelson wrote:
Works like a charm. Thanks again for the assistance. I missed #GPGDir = /etc/pacman.d/gnupg/ in the new pacman.conf file or I would have investigated further. I only had one other problem, importing Andreas Radke's key. I get a key not found error both when I click the link on the developers page and when I try to import the key with pacman-key.
You can get it from: https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages/Packager...
Could the dev's and package maintainer keys be put into a (signed) keyring, please? Much easier to handle than downloading and "gpg --import"ing them one by one. clemens
[2011-09-14 23:16:53 +0200] clemens fischer:
Could the dev's and package maintainer keys be put into a (signed) keyring, please? Much easier to handle than downloading and "gpg --import"ing them one by one.
Pacman devs will correct me if I am wrong but pacman and/or pacman-key will eventually automatically download and add to the keyring missing keys that have signed packages which you are trying to install. (It does not mean they will be trusted by default.) In the meantime, I wrote this little script. (Do not run it blindly.) # Fetch all keys that have signed packages in the repos and put them in # some temporary keyring. homedir=/var/tmp/keyring/ gpg="gpg --no-permission-warning --keyserver hkp://pgp.mit.edu --homedir ${homedir} " mkdir -p "${homedir}" for i in /var/lib/pacman/sync/*.db; do tar xf "$i" -O done \ | awk '/%PGPSIG%/ {getline;print}' \ | while read i; do echo "${i}" \ | base64 -d \ | ${gpg} --verify - /dev/null 2>&1 \ | sed 's/.*key ID //;t;d' done \ | sort -u \ | while read x; do ${gpg} --recv-key "${x}" done # That keyring can now be fed to pacman-key. # In addition, if you want to trust everybody... ${gpg} --fingerprint \ | awk '/fingerprint/{print $4$5$6$7$8$9$10$11$12$13$14":6:"}' \ | ${gpg} --import-ownertrust -- Gaetan
participants (4)
-
Allan McRae
-
clemens fischer
-
Gaetan Bisson
-
Myra Nelson