[arch-general] Invalid signatures

Dave Reisner d at falconindy.com
Tue Nov 6 14:41:22 EST 2012


On Tue, Nov 06, 2012 at 01:11:38PM -0600, Leonid Isaev wrote:
> On Tue, 6 Nov 2012 14:02:23 -0500
> Dave Reisner <d at falconindy.com> wrote:
> 
> > On Tue, Nov 06, 2012 at 01:50:01PM -0500, David Rosenstrauch wrote:
> > > Saw these errors from pacman today, which are preventing me from
> > > upgrading some packages:
> > > 
> > > error: directfb: signature from "Eric Belanger <eric at archlinux.org>"
> > > is invalid
> > > error: xmms2: signature from "Sergej Pupykin <arch at sergej.pp.ru>" is
> > > invalid error: failed to commit transaction (invalid or corrupted package
> > > (PGP signature))
> > > 
> > > Anyone have an idea what's up?
> > > 
> > > DR
> > 
> > Nuke the packages from your cache, and redownload them. The error
> > message is misleading -- the signatures are invalid FOR the packages,
> > meaning the package data is not what the signature "expected".
> > 
> > The situation is much improved come pacman 4.1 -- we'll just prompt you
> > to delete the package, much like we did historically when a package
> > failed checksums.
> > 
> > d
> 
> A bit OT, but anyway... Are there any plans for actually storing *.sig files
> in the cache alongside the packages? This costs a tiny amount of space, but
> IMHO will make verification (especially of old packages) much easier.

We don't have any plans right now to do this.

d


More information about the arch-general mailing list