[arch-general] Invalid signatures

Leonid Isaev lisaev at umail.iu.edu
Tue Nov 6 14:11:38 EST 2012


On Tue, 6 Nov 2012 14:02:23 -0500
Dave Reisner <d at falconindy.com> wrote:

> On Tue, Nov 06, 2012 at 01:50:01PM -0500, David Rosenstrauch wrote:
> > Saw these errors from pacman today, which are preventing me from
> > upgrading some packages:
> > 
> > error: directfb: signature from "Eric Belanger <eric at archlinux.org>"
> > is invalid
> > error: xmms2: signature from "Sergej Pupykin <arch at sergej.pp.ru>" is
> > invalid error: failed to commit transaction (invalid or corrupted package
> > (PGP signature))
> > 
> > Anyone have an idea what's up?
> > 
> > DR
> 
> Nuke the packages from your cache, and redownload them. The error
> message is misleading -- the signatures are invalid FOR the packages,
> meaning the package data is not what the signature "expected".
> 
> The situation is much improved come pacman 4.1 -- we'll just prompt you
> to delete the package, much like we did historically when a package
> failed checksums.
> 
> d

A bit OT, but anyway... Are there any plans for actually storing *.sig files
in the cache alongside the packages? This costs a tiny amount of space, but
IMHO will make verification (especially of old packages) much easier.

-- 
Leonid Isaev
GnuPG key: 0x164B5A6D
Fingerprint: C0DF 20D0 C075 C3F1 E1BE  775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20121106/d64a58e2/attachment.asc>


More information about the arch-general mailing list