[arch-general] python2-lockfile signature failure
Having just refreshed my desktop system with a clean Arch install, I am seeing a signature failure in the python2-lockfile package (dependency for duplicity). Is anyone else seeing this? `pacman --debug` isn't giving me any additional useful information that I can see. Where might I look next? Here's my output: $ sudo pacman -S duplicity resolving dependencies... looking for inter-conflicts... Packages (6): librsync-0.9.7-7 ncftp-3.2.5-4 python2-ecdsa-0.11-2 python2-lockfile-0.9.1-1 python2-paramiko-1.14.0-1 duplicity-0.6.24-1 Total Download Size: 0.01 MiB Total Installed Size: 6.13 MiB :: Proceed with installation? [Y/n] :: Retrieving packages ... python2-lockfile-0.9.1-1-any 11.9 KiB 0.00B/s 00:00 [########################################################] 100% (6/6) checking keys in keyring [########################################################] 100% (6/6) checking package integrity [########################################################] 100% error: python2-lockfile: signature from "Thorsten Töpper <atsutane@freethoughts.de>" is unknown trust :: File /var/cache/pacman/pkg/python2-lockfile-0.9.1-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] error: failed to commit transaction (invalid or corrupted package) Errors occurred, no packages were upgraded. 545 chris@vigilance tnet $ Cheers, -Chris -- Chris Tonkinson 610.425.7807 "Work as if you were to live a hundred years. Pray as if you were to die tomorrow." -Benjamin Franklin
I would check your pacman.conf and make sure you put your siglevels back. They aren't there by default any more. — Sent from Mailbox On Mon, Jun 9, 2014 at 7:31 AM, Chris Tonkinson <chris@masterbran.ch> wrote:
Having just refreshed my desktop system with a clean Arch install, I am seeing a signature failure in the python2-lockfile package (dependency for duplicity). Is anyone else seeing this? `pacman --debug` isn't giving me any additional useful information that I can see. Where might I look next? Here's my output: $ sudo pacman -S duplicity resolving dependencies... looking for inter-conflicts... Packages (6): librsync-0.9.7-7 ncftp-3.2.5-4 python2-ecdsa-0.11-2 python2-lockfile-0.9.1-1 python2-paramiko-1.14.0-1 duplicity-0.6.24-1 Total Download Size: 0.01 MiB Total Installed Size: 6.13 MiB :: Proceed with installation? [Y/n] :: Retrieving packages ... python2-lockfile-0.9.1-1-any 11.9 KiB 0.00B/s 00:00 [########################################################] 100% (6/6) checking keys in keyring [########################################################] 100% (6/6) checking package integrity [########################################################] 100% error: python2-lockfile: signature from "Thorsten Töpper <atsutane@freethoughts.de>" is unknown trust :: File /var/cache/pacman/pkg/python2-lockfile-0.9.1-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] error: failed to commit transaction (invalid or corrupted package) Errors occurred, no packages were upgraded. 545 chris@vigilance tnet $ Cheers, -Chris -- Chris Tonkinson 610.425.7807 "Work as if you were to live a hundred years. Pray as if you were to die tomorrow." -Benjamin Franklin
Thanks Michael. After having cleared local keys and running `pacman-key --init` I began seeing even more of these "unknown trust" errors. As you recommend, I had to modify the default signature verification in `/etc/pacman.conf` to SigLevel = Required DatabaseOptional TrustAll and now it's looking good. Cheers! -Chris Chris Tonkinson 610.425.7807 "Work as if you were to live a hundred years. Pray as if you were to die tomorrow." -Benjamin Franklin On 06/09/2014 10:38 AM, Michael Boyle wrote:
I would check your pacman.conf and make sure you put your siglevels back. They aren't there by default any more.
— Sent from Mailbox
On Mon, Jun 9, 2014 at 7:31 AM, Chris Tonkinson <chris@masterbran.ch> wrote:
Having just refreshed my desktop system with a clean Arch install, I am seeing a signature failure in the python2-lockfile package (dependency for duplicity). Is anyone else seeing this? `pacman --debug` isn't giving me any additional useful information that I can see. Where might I look next? Here's my output: $ sudo pacman -S duplicity resolving dependencies... looking for inter-conflicts... Packages (6): librsync-0.9.7-7 ncftp-3.2.5-4 python2-ecdsa-0.11-2 python2-lockfile-0.9.1-1 python2-paramiko-1.14.0-1 duplicity-0.6.24-1 Total Download Size: 0.01 MiB Total Installed Size: 6.13 MiB :: Proceed with installation? [Y/n] :: Retrieving packages ... python2-lockfile-0.9.1-1-any 11.9 KiB 0.00B/s 00:00 [########################################################] 100% (6/6) checking keys in keyring [########################################################] 100% (6/6) checking package integrity [########################################################] 100% error: python2-lockfile: signature from "Thorsten Töpper <atsutane@freethoughts.de>" is unknown trust :: File /var/cache/pacman/pkg/python2-lockfile-0.9.1-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] error: failed to commit transaction (invalid or corrupted package) Errors occurred, no packages were upgraded. 545 chris@vigilance tnet $ Cheers, -Chris -- Chris Tonkinson 610.425.7807 "Work as if you were to live a hundred years. Pray as if you were to die tomorrow." -Benjamin Franklin
I had to modify the default signature verification in `/etc/pacman.conf` to
SigLevel = Required DatabaseOptional TrustAll
and now it's looking good.
FYI, turns out this wasn't enough for all cases. No combination of signature levels, updating mirrors/databases, clearing /etc/pacman.d/gnupg/, or running `pacman-key --init` made a difference. On both installs of new packages, and updates of existing software, I would continually be plagued with: :: Import PGP key 2048R/........, "A B <A@archlinux.org>", created: YYYY-MM-DD? [Y/n] And answering "Y" resulted in: error: required key missing from keyring error: failed to commit transaction (unexpected error) Finally, `pacman-key --populate` causes everything to resume working as before (that is to say, without any key prompting - official repos or otherwise). This is slightly surprising to me because I've never needed to run this in the past (but have been managing this particular new installation with Puppet, so I'm willing to blame that). Cheers! -Chris Chris Tonkinson 610.425.7807 "Work as if you were to live a hundred years. Pray as if you were to die tomorrow." -Benjamin Franklin
participants (2)
-
Chris Tonkinson
-
Michael Boyle