[Assist] signature problems with latest updates...help/guidance please.

Ben uaqben at openmailbox.org
Fri Apr 28 21:52:01 BST 2017 

Thanks for the info Megver ;)

Just a quick note - as I'm not signed up on the Dev list (yet) can't
answer there

I saw Marcel's answer
https://lists.parabola.nu/pipermail/dev/2017-April/005262.html

FYI & FWIW - I did not feel comfortable setting pacman.conf's `SigLevel
= Never`, and I managed to upgrade without doing so..

So basically, I think the following should be enough & we could
recommend that on the Wiki...

---

1. Clear your system's key cache

sudo rm -r /etc/pacman.d/gnupg

Or, back it up (and remember to `rm -r` it after you can see everything
works as you wish) by running:

sudo mv /etc/pacman.d/gnupg /etc/pacman.d/gnupg_backup

2. Initiate a new key "repository"

sudo pacman-key --init

3. Load the signature keys:

sudo pacman-key --populate archlinux parabola

4. Refresh and update the signature keys:

sudo pacman-key --refresh-keys

Alternatively (if not done by default), you can manually specify a
secure connection to the GPG keyserver

sudo pacman-key --refresh-keys --keyserver
hkps://hkps.pool.sks-keyservers.net

5. Update your system

sudo pacman -Syu

---

I think the above steps are enough to sort out the keysigning issue(s).

Note: I ran `sudo pacman -Syu --force` at the last step, after having
run `sudo pacman -Syu` where all keys were scanned & appeared as valid,
but pacman stopped from installing complaining about my openssl libs
(which I had manually put back in place [see previous posts in this
thread if you haven't read them for full context/reason])

I paste log below[1]

Hence, I think the above should work for users with a "normal" upgrade path.

Thanks

Ben


[1] log:

# pacman -Syu

 ---edited for brevity--

:: Proceed with installation? [Y/n] y
(156/156) checking keys in keyring
            [################################################] 100%
(156/156) checking package integrity
            [################################################] 100%
(156/156) loading package files
            [################################################] 100%
(156/156) checking for file conflicts
            [################################################] 100%
error: failed to commit transaction (conflicting files)
openssl-1.0: /usr/lib/libcrypto.so.1.0.0 exists in filesystem
openssl-1.0: /usr/lib/libssl.so.1.0.0 exists in filesystem
Errors occurred, no packages were upgraded.

# pacman -Syu --force

 ---worked; installed the new version of openssl which was a pending
upgrade for me; and restored my system into a clean state---

On 04/28/2017 05:38 PM, Megver83 wrote:
> This will sound like the hell but it's necessary to say it.
> Emulatorman's signing key expired, so all his packages will give you
> an resolvable error
> https://lists.parabola.nu/pipermail/dev/2017-April/005249.html
> 
> Packagers are working on that.
> 
> El 28/04/17 a las 12:35, Ben escribió:
>> Thanks - I think I managed to pull through and am back on my feet
>> :)
> 
>> I followed Franco's suggestion to clear the signatures, though just
>> out of precaution, I ran `mv /etc/pacman.d/gnupg
>> /etc/pacman.d/gnupg_
> 
>>> + pacman-key –init + pacman-key –populate archlinux + pacman-key
>>> –populate parabola + pacman -Syu --force
> 
>> and that pulled me through & normally should have finished clearing
>> up the mess I did with symlinking my openssl libs into oblivion ;)
> 
>> Thanks again for your help to both of you!
> 
>> Ben
> 
>> On 04/28/2017 05:23 PM, Megver83 wrote:
>>> ah yes, the error at the end it's normal. For more info regarding
>>> the issue, see https://wiki.parabola.nu/Pacman_troubleshooting
>>> and 
>>> https://wiki.parabola.nu/Pacman_troubleshooting#Errors_about_Keys
>>>
>>>
>>>
> El 28/04/17 a las 12:03, Ben escribió:
>>>> Thanks Megver
>>>
>>>> managed to get pacman back in working condition
>>>
>>>> Now, when I run the second step (with only amend that I
>>>> specify --keyserver)
>>>
>>>> `pacman-key --refresh-keys --keyserver 
>>>> hkps://hkps.pool.sks-keyservers.net`
>>>
>>>> It syncs thru.. but then at the end I get:
>>>
>>>> gpg: Total number processed: 122 gpg:              unchanged:
>>>> 76 gpg:         new signatures: 989 gpg: [don't know]: invalid
>>>> packet (ctb=14) gpg: keyring_get_keyblock: read error: Invalid
>>>> packet gpg: keyring_get_keyblock failed: Invalid keyring gpg:
>>>> failed to rebuild keyring cache: Invalid keyring gpg: marginals
>>>> needed: 3  completes needed: 1  trust model: pgp gpg: DBG:
>>>> ooops: invalid pkttype 2 encountered gpg: DBG: node
>>>> 0x00000000045a98d0 00/00 type=signature class=18 keyid=753E0F1F
>>>> ts=1491154407 gpg: DBG: node 0x000000000439b370 00/00
>>>> type=signature  class=10 keyid=FFF979E7 ts=1392858312 gpg: DBG:
>>>> node 0x000000000427e9c0 00/00 type=signature  class=13
>>>> keyid=753E0F1F ts=1410205174 gpg: DBG: node 0x0000000004220b50
>>>> 01/00 type=public-subkey keyid=DECF1D91 a=1 u=0 .... gpg: DBG:
>>>> node 0x000000000421d0a0 00/00 type=signature class=18
>>>> keyid=753E0F1F ts=1410205222 gpg: DBG: node 0x000000000421bdc0
>>>> 00/00 type=signature  class=18 keyid=753E0F1F ts=1491154407
>>>> gpg: DBG: node 0x000000000421d3e0 00/00 type=signature
>>>> class=10 keyid=FFF979E7 ts=1392858312 gpg: DBG: node
>>>> 0x00000000041feca0 00/00 type=signature  class=13 
>>>> keyid=753E0F1F ts=1410205174 gpg: DBG: node 0x00000000041fed30 
>>>> 00/00 type=public-subkey keyid=DECF1D91 a=1 u=0 .... gpg: DBG:
>>>> node 0x000000000431d450 00/00 type=signature  class=18
>>>> keyid=753E0F1F ts=1410205222 gpg: DBG: node 0x000000000431d6f0
>>>> 00/00 type=signature  class=18 keyid=753E0F1F ts=1491154407
>>>> gpg: DBG: node 0x0000000004215740 00/00 type=signature
>>>> class=13 keyid=753E0F1F ts=1491154341 gpg: DBG: node
>>>> 0x00000000042154a0 00/00 type=public-subkey keyid=DECF1D91 a=1
>>>> u=0 .... gpg: DBG: node 0x000000000421cb60 00/00 type=signature
>>>> class=18 keyid=753E0F1F ts=1410205222 gpg: DBG: node
>>>> 0x00000000045b9fc0 00/00 type=signature  class=18
>>>> keyid=753E0F1F ts=1491154407 gpg: DBG: node 0x000000000421ce00
>>>> 00/00 type=signature  class=10 keyid=CDFD6BB0 ts=1423442788
>>>> gpg: DBG: node 0x000000000421c3b0 00/00 type=signature
>>>> class=10 keyid=FFF979E7 ts=1392858312 gpg: DBG: node
>>>> 0x00000000041fd270 00/00 type=signature  class=13 
>>>> keyid=753E0F1F ts=1410205174 gpg: DBG: node 0x00000000041fcce0 
>>>> 00/00 type=public-subkey keyid=DECF1D91 a=1 u=0 .... gpg: DBG:
>>>> node 0x00000000045b6a20 00/00 type=signature  class=18
>>>> keyid=753E0F1F ts=1410205222 gpg: DBG: node 0x000000000431d1b0
>>>> 00/00 type=signature  class=18 keyid=753E0F1F ts=1491154407
>>>> gpg: DBG: node 0x00000000045b6c10 00/00 type=signature
>>>> class=13 keyid=753E0F1F ts=1410205174 gpg: DBG: node
>>>> 0x000000000430a390 00/00 type=public-subkey keyid=DECF1D91 a=1
>>>> u=0 .... gpg: DBG: node 0x00000000045a9080 00/00 type=signature
>>>> class=18 keyid=753E0F1F ts=1410205222 gpg: DBG: node
>>>> 0x000000000431d990 00/00 type=signature  class=18
>>>> keyid=753E0F1F ts=1491154407 gpg: DBG: node 0x00000000044167a0
>>>> 00/00 type=signature  class=13 keyid=753E0F1F ts=1491154341
>>>> gpg: DBG: node 0x00000000041fdd70 00/00 type=public-subkey
>>>> keyid=DECF1D91 a=1 u=0 .... gpg: DBG: node 0x00000000043dc8d0
>>>> 00/00 type=signature  class=18 keyid=753E0F1F ts=1410205222
>>>> gpg: DBG: node 0x000000000427e480 00/00 type=signature
>>>> class=18 keyid=753E0F1F ts=1491154407 gpg: DBG: node
>>>> 0x000000000427e1e0 00/00 type=signature  class=10 
>>>> keyid=CDFD6BB0 ts=1423442788 gpg: DBG: node 0x00000000041fed90 
>>>> 00/00 type=signature  class=10 keyid=FFF979E7 ts=1392858312
>>>> gpg: DBG: node 0x0000000004416650 00/00 type=signature
>>>> class=13 keyid=753E0F1F ts=1410205174 gpg: DBG: node
>>>> 0x00000000041d7ba0 00/00 type=public-subkey keyid=DECF1D91 a=1
>>>> u=0 .... gpg: DBG: node 0x000000000427d4c0 00/00 type=signature
>>>> class=18 keyid=753E0F1F ts=1410205222 gpg: DBG: node
>>>> 0x00000000043dcba0 00/00 type=signature  class=18
>>>> keyid=753E0F1F ts=1491154407 gpg: DBG: node 0x00000000045ab040
>>>> 00/00 type=signature  class=13 keyid=753E0F1F ts=1491154341
>>>> gpg: DBG: node 0x00000000045aaed0 00/00 type=public-subkey
>>>> keyid=DECF1D91 a=1 u=0 .... gpg: DBG: node 0x00000000045aacc0
>>>> 00/00 type=signature  class=18 keyid=753E0F1F ts=1410205222
>>>> gpg: DBG: node 0x00000000043702f0 00/00 type=signature
>>>> class=18 keyid=753E0F1F ts=1491154407 gpg: DBG: node
>>>> 0x0000000004370590 00/00 type=signature  class=10 
>>>> keyid=CDFD6BB0 ts=1423442788 gpg: DBG: node 0x000000000421f150 
>>>> 00/00 type=signature  class=10 keyid=FFF979E7 ts=1392858312
>>>> gpg: DBG: node 0x00000000042e1800 00/00 type=signature
>>>> class=13 keyid=753E0F1F ts=1410205174 gpg: DBG: node
>>>> 0x00000000042e1aa0 00/00 type=public-subkey keyid=DECF1D91 a=1
>>>> u=0 .... gpg: DBG: node 0x00000000042e1d40 00/00 type=signature
>>>> class=18 keyid=753E0F1F ts=1410205222 gpg: DBG: node
>>>> 0x0000000004200f60 00/00 type=signature  class=18
>>>> keyid=753E0F1F ts=1491154407 gpg: DBG: node 0x00000000041fe780
>>>> 00/00 type=signature  class=10 keyid=CDFD6BB0 ts=1423442788
>>>> gpg: DBG: node 0x00000000042e1fe0 00/00 type=signature
>>>> class=10 keyid=FFF979E7 ts=1392858312 gpg: DBG: node
>>>> 0x000000000440dfb0 00/00 type=signature  class=13 
>>>> keyid=753E0F1F ts=1410205174 gpg: DBG: node 0x00000000041d7710 
>>>> 00/00 type=public-subkey keyid=DECF1D91 a=1 u=0 .... gpg: DBG:
>>>> node 0x00000000042e2280 00/00 type=signature  class=18
>>>> keyid=753E0F1F ts=1410205222 gpg: DBG: node 0x000000000421ef60
>>>> 00/00 type=signature  class=18 keyid=753E0F1F ts=1491154407
>>>> gpg: DBG: node 0x000000000421b570 00/00 type=signature
>>>> class=10 keyid=FFF979E7 ts=1392858312 gpg: DBG: node
>>>> 0x000000000421b500 00/00 type=signature  class=13
>>>> keyid=753E0F1F ts=1410205174 gpg: DBG: node 0x000000000421a530
>>>> 00/00 type=public-subkey keyid=DECF1D91 a=1 u=0 .... gpg: DBG:
>>>> node 0x000000000421a320 00/00 type=signature  class=18
>>>> keyid=753E0F1F ts=1410205222 gpg: DBG: node 0x000000000421a110
>>>> 00/00 type=signature  class=18 keyid=753E0F1F ts=1491154407
>>>> gpg: DBG: node 0x0000000004203b70 00/00 type=signature
>>>> class=13 keyid=753E0F1F ts=1491154341 gpg: DBG: node
>>>> 0x00000000042037e0 00/00 type=public-subkey keyid=DECF1D91 a=1
>>>> u=0 .... gpg: DBG: node 0x00000000042a3eb0 00/00 type=signature
>>>> class=18 keyid=753E0F1F ts=1410205222 gpg: DBG: node
>>>> 0x00000000042186e0 00/00 type=signature  class=18 
>>>> keyid=753E0F1F ts=1491154407 gpg: DBG: node 0x00000000042183c0 
>>>> 00/00 type=signature  class=10 keyid=CDFD6BB0 ts=1423442788
>>>> gpg: DBG: node 0x00000000042180a0 00/00 type=signature
>>>> class=10 keyid=FFF979E7 ts=1392858312 gpg: DBG: node
>>>> 0x00000000042b20f0 00/00 type=signature  class=13
>>>> keyid=753E0F1F ts=1410205174 gpg: DBG: node 0x00000000042c1960
>>>> 00/00 type=public-subkey keyid=DECF1D91 a=1 u=0 .... gpg: DBG:
>>>> node 0x00000000042d2170 00/00 type=signature  class=18
>>>> keyid=753E0F1F ts=1410205222 gpg: [don't know]: invalid packet
>>>> (ctb=5e) gpg: keyring_get_keyblock: read error: Invalid packet
>>>> gpg: keydb_get_keyblock failed: Invalid keyring gpg:
>>>> validate_key_list failed ==> ERROR: A specified local key could
>>>> not be updated from a keyserver.
>>>
>>>
>>>> On 04/28/2017 02:03 PM, Megver83 wrote:
>>>>> Regarding the thing of the library you do not have, it's on 
>>>>> package core/openssl, you could download it from the
>>>>> parabola website and manually move the file to /usr/lib, then
>>>>> pacman should work.
>>>>>
>>>>> To solve the problem of the keyring:
>>>>>
>>>>> # pacman-key --init # pacman-key --refresh-keys # pacman-key 
>>>>> --populate parabola archlinux
>>>>>
>>>>> If that didn't work, try what I suggested here --> 
>>>>> https://lists.parabola.nu/pipermail/dev/2017-April/005192.html
>>>>>
>>>>>
>>>>>
> Maybe I could, soon, create an script to fix all of this.
>>>>>
>>>>> El 28/04/17 a las 06:24, Ben escribió:
>>>>>> Thanks Franco & Megver for your feedback.
>>>>>
>>>>>> @Megver83 - if I understand, I ran the commands in the
>>>>>> correct order?
>>>>>
>>>>>> I initally ran:
>>>>>
>>>>>> pacman -Syu # complains about signature for `linux-libre` 
>>>>>> pacman -S pacman-keyring pacman-key --refresh-keys
>>>>>
>>>>>> So that was the correct thing to do..?
>>>>>
>>>>>> @Franco
>>>>>
>>>>>> I feel uncomfortable following your steps - especially 
>>>>>> deleting all the keys manually.
>>>>>
>>>>>> @Megver83 & @Franco
>>>>>
>>>>>> Seeing I broke my pacman, by running `pacman -S` on those 
>>>>>> packages; what do you recommend I do?
>>>>>
>>>>>> The 2010 thread I came across on Arch forums was this[1] -
>>>>>> but it references different versions of `libssl.so`
>>>>>
>>>>>> Thanks in advance for your input/recommendations
>>>>>
>>>>>> Ben
>>>>>
>>>>>> [1] https://bbs.archlinux.org/viewtopic.php?id=94902
>>>>>
>>>>>> On 04/28/2017 01:44 AM, Megver83 wrote:
>>>>>>> Parabola's latest News is wrong, and you got the correct
>>>>>>>  command!
>>>>>>>
>>>>>>> El 27/04/17 a las 19:29, Franco Masotti escribió:
>>>>>>>> The strange thing is that the update worked fine on
>>>>>>>> another computer (without any intervention)...
>>>>>>>
>>>>>>>> The news on Parabola's homepage should be fixed
>>>>>>>> anyway:
>>>>>>>
>>>>>>>> $ sudo pacman -S parabola-keyring $ sudo pacman -S 
>>>>>>>> pacman-key --refresh-keys
>>>>>>>
>>>>>>>> to
>>>>>>>
>>>>>>>> $ sudo pacman -S parabola-keyring $ sudo pacman-key 
>>>>>>>> --refresh-keys
>>>>>>>
>>>>>>>> Cheers.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> _______________________________________________ Assist 
>>>>>>>> mailing list Assist at lists.parabola.nu 
>>>>>>>> https://lists.parabola.nu/mailman/listinfo/assist
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________ Assist 
>>>>>>> mailing list Assist at lists.parabola.nu 
>>>>>>> https://lists.parabola.nu/mailman/listinfo/assist
>>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> _______________________________________________ Assist
>>>>>> mailing list Assist at lists.parabola.nu 
>>>>>> https://lists.parabola.nu/mailman/listinfo/assist
>>>>>
>>>>>
>>>>> _______________________________________________ Assist
>>>>> mailing list Assist at lists.parabola.nu 
>>>>> https://lists.parabola.nu/mailman/listinfo/assist
>>>>>
>>>
>>>
>>>
>>>> _______________________________________________ Assist mailing 
>>>> list Assist at lists.parabola.nu 
>>>> https://lists.parabola.nu/mailman/listinfo/assist
>>>
>>>
>>> _______________________________________________ Assist mailing
>>> list Assist at lists.parabola.nu 
>>> https://lists.parabola.nu/mailman/listinfo/assist
>>>
> 
> 
> 
>> _______________________________________________ Assist mailing
>> list Assist at lists.parabola.nu 
>> https://lists.parabola.nu/mailman/listinfo/assist
> 
> 
> _______________________________________________
> Assist mailing list
> Assist at lists.parabola.nu
> https://lists.parabola.nu/mailman/listinfo/assist
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.parabola.nu/pipermail/assist/attachments/20170428/9b58efea/attachment-0001.bin>

More information about the Assist mailing list