Pacman -Syu fails because of required keys missing from keyring
Hello I tried to run pacman -Syu to update my Arch Linux system. Downloading the (39) packages goes well. But when installing I do get messages like: :: Import PGP key 9B7A287D9A2EC608, "David Runge <dvzrv@archlinux.org>"? [Y/n] error: key "9B7A287D9A2EC608" could not be imported :: Import PGP key 94657AB20F2A092B, "Andreas Radke <andyrtr@archlinux.org>"? [Y/n] error: key "94657AB20F2A092B" could not be imported 12 keys could not be imported and pacman thereafter stops the update. I do have another Arch Linux system which doesn't show these errors. Looks like there is an issue with this system. Is there a way to have these keys imported so that I can update my Arch Linux system ? ~Zerro
Hello, Normally this can be solved by doing the following: pacman -Sy archlinux-keyring And then running: pacman -Syu This will ensure that the keyring is updated, and therefore, you should not have key issues. I hope this helps. Take care, -- Polarian GPG signature: 0770E5312238C760 Website: https://polarian.dev JID/XMPP: polarian@icebound.dev
On 11/19/23 16:52, Polarian wrote:
Hello,
Normally this can be solved by doing the following:
pacman -Sy archlinux-keyring
And then running:
pacman -Syu
This will ensure that the keyring is updated, and therefore, you should not have key issues.
I hope this helps.
Take care,
Hello Thank you for your suggestion. Though it gives me an error: pacman -Sy archlinux-keyring :: Retrieving packages... archlinux-keyring-20231113-... 1173.6 KiB 4.78 MiB/s 00:00 [##################################] 100% (1/1) checking keys in keyring [##################################] 100% (1/1) checking package integrity [##################################] 100% error: archlinux-keyring: signature from "Christian Hesse <eworm@archlinux.org>" is unknown trust :: File /var/cache/pacman/pkg/archlinux-keyring-20231113-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] Y Does this mean that the package on the server is corrupted ? ~Zerro
On Sun, 2023-11-19 at 19:35 +0100, Zerro wrote:
error: archlinux-keyring: signature from "Christian Hesse <eworm@archlinux.org>" is unknown trust :: File /var/cache/pacman/pkg/archlinux-keyring-20231113-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] Y
Hi, I don't run into this issue. I suspect that the culprit is, that the packager's signature of the keyring package changed probably a few days back. • rocketmouse@archlinux ~ $ grep archlinux-keyring /var/log/pacman.log | tail -1 [2023-11-13T22:31:19+0100] [ALPM] upgraded archlinux-keyring (20231107-1 -> 20231113-1) • rocketmouse@archlinux ~ $ pacman -Q archlinux-keyring archlinux-keyring 20231113-1 • rocketmouse@archlinux ~ $ pacman -Si archlinux-keyring | grep -eVersion -ePacka Version : 20231113-1 Packager : Christian Hesse <eworm@archlinux.org> In Germany we call this "Die Katze beißt sich in den eigenen Schwanz", in English it's maybe "going round in circles". Regards, Ralf
Hi there, I have a nuclear bomb receipt (NIH, from the Arch forum) : rm -rf /etc/pacman.d/gnupg pacman-key --init pacman-key --populate archlinux pacman -Sy archlinux-keyring This has always worked for me. Regards On 19/11/2023 19:35, Zerro wrote:
On 11/19/23 16:52, Polarian wrote:
Hello,
Normally this can be solved by doing the following:
pacman -Sy archlinux-keyring
And then running:
pacman -Syu
This will ensure that the keyring is updated, and therefore, you should not have key issues.
I hope this helps.
Take care,
Hello
Thank you for your suggestion.
Though it gives me an error:
pacman -Sy archlinux-keyring
:: Retrieving packages...
archlinux-keyring-20231113-... 1173.6 KiB 4.78 MiB/s 00:00 [##################################] 100% (1/1) checking keys in keyring [##################################] 100% (1/1) checking package integrity [##################################] 100% error: archlinux-keyring: signature from "Christian Hesse <eworm@archlinux.org>" is unknown trust :: File /var/cache/pacman/pkg/archlinux-keyring-20231113-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] Y
Does this mean that the package on the server is corrupted ?
~Zerro
Hi Daniel, That worked ! Thanks for the suggestion ! Regards, ~Z On 11/19/23 20:08, Daniel Ranc wrote:
Hi there,
I have a nuclear bomb receipt (NIH, from the Arch forum) :
rm -rf /etc/pacman.d/gnupg pacman-key --init pacman-key --populate archlinux pacman -Sy archlinux-keyring
This has always worked for me.
Regards
On 19/11/2023 19:35, Zerro wrote:
On 11/19/23 16:52, Polarian wrote:
Hello,
Normally this can be solved by doing the following:
pacman -Sy archlinux-keyring
And then running:
pacman -Syu
This will ensure that the keyring is updated, and therefore, you should not have key issues.
I hope this helps.
Take care, Hello
Thank you for your suggestion.
Though it gives me an error:
pacman -Sy archlinux-keyring
:: Retrieving packages...
archlinux-keyring-20231113-... 1173.6 KiB 4.78 MiB/s 00:00 [##################################] 100% (1/1) checking keys in keyring [##################################] 100% (1/1) checking package integrity [##################################] 100% error: archlinux-keyring: signature from "Christian Hesse <eworm@archlinux.org>" is unknown trust :: File /var/cache/pacman/pkg/archlinux-keyring-20231113-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] Y
Does this mean that the package on the server is corrupted ?
~Zerro
What happens if you just try # pacman -Sy archlinux-keyring and then the default On 23-11-19 16:47:31, Zerro wrote:
Hello
I tried to run pacman -Syu to update my Arch Linux system.
Downloading the (39) packages goes well.
But when installing I do get messages like:
:: Import PGP key 9B7A287D9A2EC608, "David Runge <dvzrv@archlinux.org>"? [Y/n] error: key "9B7A287D9A2EC608" could not be imported :: Import PGP key 94657AB20F2A092B, "Andreas Radke <andyrtr@archlinux.org>"? [Y/n] error: key "94657AB20F2A092B" could not be imported
12 keys could not be imported and pacman thereafter stops the update.
I do have another Arch Linux system which doesn't show these errors.
Looks like there is an issue with this system.
Is there a way to have these keys imported so that I can update my Arch Linux system ?
~Zerro
On 11/19/23 16:55, moxie.arch@posteo.net wrote:
What happens if you just try # pacman -Sy archlinux-keyring
and then the default
Polarian also suggested that. It gave me: pacman -Sy archlinux-keyring :: Retrieving packages... archlinux-keyring-20231113-... 1173.6 KiB 4.78 MiB/s 00:00 [##################################] 100% (1/1) checking keys in keyring [##################################] 100% (1/1) checking package integrity [##################################] 100% error: archlinux-keyring: signature from "Christian Hesse <eworm@archlinux.org>" is unknown trust :: File /var/cache/pacman/pkg/archlinux-keyring-20231113-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] Y But as Daniel suggested: rm -rf /etc/pacman.d/gnupg pacman-key --init pacman-key --populate archlinux pacman -Sy archlinux-keyring Did solve the issue. Probably somehow the gnupg cache got corrupted.
On 23-11-19 16:47:31, Zerro wrote:
Hello
I tried to run pacman -Syu to update my Arch Linux system.
Downloading the (39) packages goes well.
But when installing I do get messages like:
:: Import PGP key 9B7A287D9A2EC608, "David Runge <dvzrv@archlinux.org>"? [Y/n] error: key "9B7A287D9A2EC608" could not be imported :: Import PGP key 94657AB20F2A092B, "Andreas Radke <andyrtr@archlinux.org>"? [Y/n] error: key "94657AB20F2A092B" could not be imported
12 keys could not be imported and pacman thereafter stops the update.
I do have another Arch Linux system which doesn't show these errors.
Looks like there is an issue with this system.
Is there a way to have these keys imported so that I can update my Arch Linux system ?
~Zerro
Hello,
But as Daniel suggested:
rm -rf /etc/pacman.d/gnupg pacman-key --init pacman-key --populate archlinux pacman -Sy archlinux-keyring
Did solve the issue.
Probably somehow the gnupg cache got corrupted.
It didn't "get corrupted", keys expire, keys get updated, trust is changed, that is why archlinux-keyring is updated, but in this case the signer (which was eworm) was not trusted because the web of trust broke down, therefore you couldn't validate the authenticity of the package. In that case, the only way was to refetch the keys manually by repopulating the keyring. Hope this clears it up. Take care, -- Polarian GPG signature: 0770E5312238C760 Website: https://polarian.dev JID/XMPP: polarian@icebound.dev
On Mon, 20 Nov 2023 10:55:54 +0000 Polarian <polarian@polarian.dev> wrote:
Hello,
But as Daniel suggested:
rm -rf /etc/pacman.d/gnupg pacman-key --init pacman-key --populate archlinux pacman -Sy archlinux-keyring
Did solve the issue.
Probably somehow the gnupg cache got corrupted.
It didn't "get corrupted", keys expire, keys get updated, trust is changed, that is why archlinux-keyring is updated, but in this case the signer (which was eworm) was not trusted because the web of trust broke down, therefore you couldn't validate the authenticity of the package.
No, it likely did get corrupted. See https://bugs.archlinux.org/task/76580
participants (6)
-
Daniel Ranc
-
Doug Newgard
-
moxie.arch@posteo.net
-
Polarian
-
Ralf Mardorf
-
Zerro