[SOLVED] Can't update system due to allegedly bad PGP sigs / Pacman / Pacman Upgrades / Arch Linux 32 Forums

You are not logged in.

#1 2018-01-05 04:24:13

kdsch
Member
From: Lititz, PA, USA
Registered: 2018-01-05
Posts: 14
Website

[SOLVED] Can't update system due to allegedly bad PGP sigs

Edit: This issue has been solved; see post #30.

I transitioned to archlinux32 successfully some time ago and as far as I recall, was able to update the system afterward. However, currently I'm having an issue similar to 310 and possibly 402, but the solutions suggested therein and here are not working for me. It's not clear when the pacman-key commands should be run, but I've tried this:

ntpd -qg && hwclock --systohc
vim /etc/pacman.d/mirrolist
rm -rf /var/cache/pacman/*
pacman-key --init
pacman-key --populate
pacman -Syy archlinux32-keyring-transition
pacman-key --init
pacman-key --populate
pacman -Syuu

I must be missing something.

Last edited by kdsch (2018-01-07 00:29:17)

Offline

#2 2018-01-05 05:33:56

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 442

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

probably, you may need to install archlinux32-keyring as first of the new packages (should be pulled in as a dependency anyway), because abaumann's key is in that package but not in archlinux32-keyring-transition.

Offline

#3 2018-01-06 02:11:12

kdsch
Member
From: Lititz, PA, USA
Registered: 2018-01-05
Posts: 14
Website

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

I'm having trouble understanding what you mean. Should I run this:

pacman -S archlinux32-keyring
pacman -S archlinux32-keyring-transition

?

I am guessing that this issue is highly dependent on the state of my machine, and I don't fully understand the dependence, or what state is relevant. As a point of reference:

Currently if I run

pacman -Syuu

it asks to replace the transition package with archlinux32-keyring. Then packages are retrieved. Then

error: filesystem: signature from "Erich Eckner (just to sign arch packages) <arch@eckner.net>" is marginal trust
:: File /var/cache/pacman/pkg/filesystem-2017.10-2.0-i686.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).

Offline

#4 2018-01-06 06:39:55

Quantum
Member
Registered: 2018-01-06
Posts: 4

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

I'm having a similar issue today on both my Arch32 systems:

[root@rpc ~]# pacman -Syyu
:: Synchronizing package databases...
core                          172.5 KiB  1369K/s 00:00 [##############################] 100%
extra                           2.2 MiB  3.77M/s 00:01 [##############################] 100%
community                       4.6 MiB  4.27M/s 00:01 [##############################] 100%
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (3) archlinux32-keyring-20180104-1  nano-2.9.2-1.0  pacman-mirrorlist-20180103-1.1

Total Download Size:   0.43 MiB
Total Installed Size:  2.28 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n]
:: Retrieving packages...
nano-2.9.2-1.0-i686           435.9 KiB  1955K/s 00:00 [##############################] 100%
(3/3) checking keys in keyring                          [##############################] 100%
(3/3) checking package integrity                        [##############################] 100%
error: nano: signature from "Andreas Baumann (sign) <mail@andreasbaumann.cc>" is marginal trust
:: File /var/cache/pacman/pkg/nano-2.9.2-1.0-i686.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.
[root@rpc ~]#

Offline

#5 2018-01-06 08:57:17

ula8000
Member
Registered: 2017-12-27
Posts: 11

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

Me too, I did like this, temporarily uninstalling nano:

sudo pacman -R nano
sudo pacman -Syyu
sudo pacman -S nano

Offline

#6 2018-01-06 09:20:45

andreas_baumann
Administrator
From: Zurich, Switzerland
Registered: 2017-08-10
Posts: 812
Website

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

What happens it you just upgrade the archlinux32-keyring first separately?

Offline

#7 2018-01-06 09:23:15

Quantum
Member
Registered: 2018-01-06
Posts: 4

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

I just tried ula8000's solution.  Worked for me too.  Strangely, I also then reran the update attempt on my other Arch32 system and the keys updated and it worked just fine.  I wonder if something was fixed on the servers.

Last edited by Quantum (2018-01-06 09:24:06)

Offline

#8 2018-01-06 11:02:36

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 442

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

abaumann's key is not in archlinux32-keyring-transition, but only in archlinux32-keyring. So you need to install the latter before nano (and possibly others).

Offline

#9 2018-01-06 12:44:36

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 442

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

I see, that this information was missing on archlinux32.org/download - I've put it there, it should appear online soon.

Offline

#10 2018-01-06 18:39:30

kdsch
Member
From: Lititz, PA, USA
Registered: 2018-01-05
Posts: 14
Website

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

andreas_baumann wrote:

What happens it you just upgrade the archlinux32-keyring first separately?

karl ~ » sudo pacman -S archlinux32-keyring
[sudo] password for karl:
resolving dependencies...
looking for conflicting packages...
:: archlinux32-keyring and archlinux32-keyring-transition are in conflict. Remove archlinux32-keyring-transition? [y/N] y

Packages (2) archlinux32-keyring-transition-20170628-1 [removal]
             archlinux32-keyring-20180104-1

Total Installed Size:  0.04 MiB
Net Upgrade Size:      0.03 MiB

:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring                     [####################] 100%
(1/1) checking package integrity                   [####################] 100%
error: archlinux32-keyring: signature from "Erich Eckner (just to sign arch packages) <arch@eckner.net>" is marginal trust
:: File /var/cache/pacman/pkg/archlinux32-keyring-20180104-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]

Offline

#11 2018-01-06 18:47:33

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 442

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

hmm, this key should be trusted if you installed archlinux32-keyring-transition. Try running

sudo pacman-key --populate archlinux32

manually (again) before trying to install archlinux32-keyring.

Offline

#12 2018-01-06 18:51:59

kdsch
Member
From: Lititz, PA, USA
Registered: 2018-01-05
Posts: 14
Website

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

deep42thought wrote:

hmm, this key should be trusted if you installed archlinux32-keyring-transition. Try running

sudo pacman-key --populate archlinux32

manually (again) before trying to install archlinux32-keyring.

karl ~ » sudo pacman-key --populate archlinux32
[sudo] password for karl:
==> Appending keys from archlinux32.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signing key CE0BDE71A759A87F23F0F7D8B61DBCE10901C163...
  -> Locally signing key A0B250C0FC9FC079EC04ADB7A50C0F20AEC3AF00...
  -> Locally signing key 194E37A47A4C671807BACB37B1117BC1094EA6E9...
==> Importing owner trust values...
==> Updating trust database...
gpg: next trustdb check due at 2018-04-13

karl ~ » sudo pacman -Syy archlinux32-keyring
:: Synchronizing package databases...
 core                     173.2 KiB  1082K/s 00:00 [####################] 100%
 extra                      2.2 MiB  1421K/s 00:02 [####################] 100%
 community                  4.7 MiB  1352K/s 00:04 [####################] 100%
resolving dependencies...
looking for conflicting packages...
:: archlinux32-keyring and archlinux32-keyring-transition are in conflict. Remove archlinux32-keyring-transition? [y/N] y

Packages (2) archlinux32-keyring-transition-20170628-1 [removal]
             archlinux32-keyring-20180104-1

Total Download Size:   0.02 MiB
Total Installed Size:  0.04 MiB
Net Upgrade Size:      0.03 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 archlinux32-keyring...    21.6 KiB  7.02M/s 00:00 [####################] 100%
(1/1) checking keys in keyring                     [####################] 100%
(1/1) checking package integrity                   [####################] 100%
error: archlinux32-keyring: signature from "Erich Eckner (just to sign arch packages) <arch@eckner.net>" is marginal trust
:: File /var/cache/pacman/pkg/archlinux32-keyring-20180104-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]

Offline

#13 2018-01-06 19:17:05

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 442

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

What does

pacman-key --list-sigs '7C98C4C3DE926168DC46FBAA3D06644243BF68D3'

say? It should show signatures from at least the three master keys you posted above.

Offline

#14 2018-01-06 19:22:01

kdsch
Member
From: Lititz, PA, USA
Registered: 2018-01-05
Posts: 14
Website

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

deep42thought wrote:

What does

pacman-key --list-sigs '7C98C4C3DE926168DC46FBAA3D06644243BF68D3'

say? It should show signatures from at least the three master keys you posted above.

karl ~ » pacman-key --list-sigs '7C98C4C3DE926168DC46FBAA3D06644243BF68D3'
gpg: Note: trustdb not writable
pub   rsa4096 2016-04-13 [SC] [expires: 2018-04-13]
      7C98C4C3DE926168DC46FBAA3D06644243BF68D3
uid           [marginal] Erich Eckner (just to sign arch packages) <arch@eckner.net>
sig 3        3D06644243BF68D3 2016-04-13  Erich Eckner (just to sign arch packages) <arch@eckner.net>
sig          B1117BC1094EA6E9 2017-05-27  Erich Eckner <deep42thought@archlinux32.org>
sig          B61DBCE10901C163 2017-05-14  Balló György <ballogyor@gmail.com>
sig          A50C0F20AEC3AF00 2017-05-15  Polichronucci (Arch Linux 32 Master Key) <polichronucci@archlinux.gr>
sig          F3229B16A539A308 2017-05-15  [User ID not found]
sig          0AEEC90755DA7B5A 2017-05-14  [User ID not found]
sub   rsa4096 2016-04-13 [S] [expires: 2018-04-13]
sig          3D06644243BF68D3 2016-04-13  Erich Eckner (just to sign arch packages) <arch@eckner.net>

Offline

#15 2018-01-06 19:35:43

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 442

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

hmm, I don't understand. This looks alright to me: The respective key is signed by >=3 master keys which are signed with your local key. So it should _not_ be "marginally" trusted but "fully" trusted.
As a workaround you can try to install archlinux32-keyring w/o checking the signature, e.g.

pacman -U /var/cache/pacman/pkg/archlinux32-keyring-20180104-1-any.pkg.tar.xz

Offline

#16 2018-01-06 19:44:48

kdsch
Member
From: Lititz, PA, USA
Registered: 2018-01-05
Posts: 14
Website

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

deep42thought wrote:

hmm, I don't understand. This looks alright to me: The respective key is signed by >=3 master keys which are signed with your local key. So it should _not_ be "marginally" trusted but "fully" trusted.
As a workaround you can try to install archlinux32-keyring w/o checking the signature, e.g.

pacman -U /var/cache/pacman/pkg/archlinux32-keyring-20180104-1-any.pkg.tar.xz

I had to first retrieve the package and then run the quoted command. But after this,

pacman -Syuu

is still rejecting the signatures.

It may be useful to know that prior to starting this thread, I had suspected that the time error on my system was a problem for PGP. It seems to be OK now, after my attempts to correct it, but perhaps it has caused some corrupted state on my machine.

Last edited by kdsch (2018-01-06 19:45:18)

Offline

#17 2018-01-06 19:46:46

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 442

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

ah, that might explain it: can you have a look for your private pacman-key - I'm afraid, it might have an invalid date (future?). If that's the case, you need to

pacman-key --init
pacman-key --populate archlinux-keyring
pacman-key --populate archlinux-keyring32

and then you should have a valid keyring

Offline

#18 2018-01-06 19:55:58

kdsch
Member
From: Lititz, PA, USA
Registered: 2018-01-05
Posts: 14
Website

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

Sorry, I don't know how to find the private key.

Offline

#19 2018-01-06 20:00:14

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 442

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

You should be able to either track it via

pacman-key --list-sigs

because the master keys should be signed with your private key. On the other hand, you could simply

sudo gpg --homedir /etc/pacman.d/gnupg --list-secret-keys

to find it.

Offline

#20 2018-01-06 20:05:03

kdsch
Member
From: Lititz, PA, USA
Registered: 2018-01-05
Posts: 14
Website

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

That command returns a large list of keys. What would I be looking for? I don't see my name or email address.

Offline

#21 2018-01-06 20:08:00

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 442

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

the first command needs to be appended by the master key id(s) - the latter should work as is

Offline

#22 2018-01-06 20:11:16

kdsch
Member
From: Lititz, PA, USA
Registered: 2018-01-05
Posts: 14
Website

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

I don't understand. But I ran

karl ~ » sudo pacman-key --init
[sudo] password for karl:
karl ~ » sudo pacman-key --populate archlinux-keyring
==> ERROR: The keyring file /usr/share/pacman/keyrings/archlinux-keyring.gpg does not exist.

Offline

#23 2018-01-06 20:18:03

kdsch
Member
From: Lititz, PA, USA
Registered: 2018-01-05
Posts: 14
Website

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

Apologies, I misread the gpg command. My key has a date 2015-07-09.

Offline

#24 2018-01-06 20:19:14

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 442

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

ah, sry, my bad it should be

pacman-key --populate archlinux
pacman-key --populate archlinux32

Offline

#25 2018-01-06 20:21:47

deep42thought
Administrator
From: Jena, Germany
Registered: 2017-06-17
Posts: 442

Re: [SOLVED] Can't update system due to allegedly bad PGP sigs

Hmm, your private key seems ok, then the question would be what date the signature on the master keys has, e.g.

pacman-key --list-sigs CE0BDE71A759A87F23F0F7D8B61DBCE10901C163
pacman-key --list-sigs A0B250C0FC9FC079EC04ADB7A50C0F20AEC3AF00
pacman-key --list-sigs 194E37A47A4C671807BACB37B1117BC1094EA6E9

Offline

Board footer

Powered by FluxBB