[Assist] Fwd: Problem with gpg key && iceweasel
Franco Masotti
franco.masotti at student.unife.it
Wed Dec 6 14:45:06 GMT 2017
Hello,
have you tried <https://wiki.archlinux.org/index.php/Pacman/Package_
signing#Cannot_import_keys>
The part related to changing to the ipv4 gpg server address? I'd do
something like this:
cp -r /etc/pacman.d/gnupg /etc/pacman.d/gnupg.bak
rm -rf /etc/pacman.d/gnupg
pacman-key --init
<edit the address>
pacman-key populate archlinux parabola
pacman-key --refresh-keys
[Although not directly related with your issue, I had some problems myself
lately while i was installing the 32 bit version. Turned out that I had to
install the archlinux transitional keyring instead of the other arch
keyring as suggested here: <https://www.parabola.nu/news/
continuation-of-i686-support/>]
On 6 December 2017 at 15:16, Ben <uaqben at disroot.org> wrote:
> On 12/06/2017 01:43 AM, bill-auger wrote:
> > ben-
> >
> > pbot says: reset-keyring is: sometimes necessary - see this wiki article
> > https://wiki.parabola.nu/Parabola_Keyring
> >
>
> Thanks Bill & Megver83
>
>
> Here's what I've tried:
>
>
> I. Resetting_the_Parabola_Keyring
> (https://wiki.parabola.nu/Parabola_Keyring#Resetting_the_Parabola_Keyring)
>
> + `pacman -Scc`
>
> I was not comfortable removing all pkgs from my local cache, so I
> didn't go through with it.
>
> + `pacman -Syy`
>
> ~~~
> sudo pacman -Syy archlinux-keyring archlinux32-keyring
> archlinuxarm-keyring parabola-keyring
> :: Synchronizing package databases...
> libre 336.5 KiB 794K/s 00:00
> [######################] 100%
> core 108.2 KiB 636K/s 00:00
> [######################] 100%
> extra 1490.2 KiB 661K/s 00:02
> [######################] 100%
> community 3.9 MiB 944K/s 00:04
> [######################] 100%
> pcr 595.0 KiB 955K/s 00:01
> [######################] 100%
> warning: archlinux-keyring-20171130-1 is up to date -- reinstalling
> warning: archlinux32-keyring-20171113-2 is up to date -- reinstalling
> warning: archlinuxarm-keyring-20140119-1 is up to date -- reinstalling
> warning: parabola-keyring-20170912-1 is up to date -- reinstalling
> resolving dependencies...
> looking for conflicting packages...
>
> Packages (4) archlinux-keyring-20171130-1 archlinux32-keyring-20171113-2
> archlinuxarm-keyring-20140119-1 parabola-keyring-20170912-1
>
> Total Installed Size: 1.09 MiB
> Net Upgrade Size: 0.86 MiB
>
> :: Proceed with installation? [Y/n] y
> (4/4) checking keys in keyring
> [######################] 100%
> downloading required keys...
> :: Import PGP key 2048R/02FD1C7A934E614545849F19A6234074498E9CEE,
> "Christian Hesse (Arch Linux Package Signing) <arch at eworm.de>", created:
> 2011-08-12? [Y/n] y
> :: Import PGP key 4096R/38D33EF29A7691134357648733466E12EC7BA943, "Isaac
> David <isacdaavid at isacdaavid.info>", created: 2015-06-25? [Y/n] y
> (4/4) checking package integrity
> [######################] 100%
> error: archlinux-keyring: signature from "Christian Hesse (Arch Linux
> Package Signing) <arch at eworm.de>" is invalid
> :: File
> /var/cache/pacman/pkg/archlinux-keyring-20171130-1-any.pkg.tar.xz is
> corrupted (invalid or corrupted package (PGP signature)).
> Do you want to delete it? [Y/n] n
> error: archlinux32-keyring: signature from "Isaac David
> <isacdaavid at isacdaavid.info>" is unknown trust
> :: File
> /var/cache/pacman/pkg/archlinux32-keyring-20171113-2-any.pkg.tar.xz is
> corrupted (invalid or corrupted package (PGP signature)).
> Do you want to delete it? [Y/n] n
> error: archlinuxarm-keyring: signature from "Isaac David
> <isacdaavid at isacdaavid.info>" is unknown trust
> :: File
> /var/cache/pacman/pkg/archlinuxarm-keyring-20140119-1-any.pkg.tar.xz is
> corrupted (invalid or corrupted package (PGP signature)).
> Do you want to delete it? [Y/n] n
> error: parabola-keyring: signature from "Isaac David
> <isacdaavid at isacdaavid.info>" is unknown trust
> :: File /var/cache/pacman/pkg/parabola-keyring-20170912-1-any.pkg.tar.xz
> is corrupted (invalid or corrupted package (PGP signature)).
> Do you want to delete it? [Y/n] n
> error: failed to commit transaction (invalid or corrupted package (PGP
> signature))
> Errors occurred, no packages were upgraded.
> [ben at gnupad ~]$ sudo pacman-key --refresh-keys
> gpg: refreshing 3 keys from hkp://pool.sks-keyservers.net
> gpg: key 33466E12EC7BA943: 4 signatures not checked due to missing keys
> gpg: key 33466E12EC7BA943: "Isaac David <isacdaavid at isacdaavid.info>"
> not changed
> gpg: key A6234074498E9CEE: 71 signatures not checked due to missing keys
> gpg: key A6234074498E9CEE: "Christian Hesse (Arch Linux Package Signing)
> <arch at eworm.de>" not changed
> gpg: key 7171986E4B745536: 2 signatures not checked due to missing keys
> gpg: key 7171986E4B745536: "Andreas Grapentin
> <andreas.grapentin at hpi.uni-potsdam.de>" not changed
> gpg: Total number processed: 3
> gpg: unchanged: 3
> ~~~
>
>
>
> II. pacman-key --populate does not work
>
>
> I made a fresh USB LiveISO, and booted into it
>
> Here I took some photos with cell phone, but basically:
>
> 1. `pacstrap /mnt archlinux-keyring archlinux32-keyring
> archlinuxarm-keyring parabola-keyring`
>
> it complained about `archlinux-keyring-20171130-1-any.pkg.tar.xz`
> and
> signing key `Christian Hesse - arch at eworm.de`
>
> 2. `rm
> /mnt/var/cache/pacman/pkg/archlinux-keyring-20171130-1-any.pkg.tar.xz`
>
> 3. `pacstrap /mnt archlinux-keyring archlinux32-keyring
> archlinuxarm-keyring parabola-keyring`
>
> it complains that the following already exist
>
> `/mnt/usr/share/pacman/keyrings/archlinux.gpg`
> `/mnt/usr/share/pacman/keyrings/archlinux-trusted`
> `/mnt/usr/share/pacman/keyrings/archlinux-revoked`
>
>
> it doesn't complain about other keyring dbs/files in that location,
> just specifically the three above.
>
> it still went through attempts at locally signing keys (I guess for
> other keyrings), but with failed to sign locally messages.
> when finalized, there was a message saying (more or less) `command
> failed to execute properly`
>
> 3. I figure that I should remove all those "old/corrupt" keyring files
>
> I rm all of them, excapt `parabola-keyring` ones which I rename by
> appending `.old` (mainly because this is my work machine; and I really
> can't afford to make my situation worse than it currently is [unable to
> use Iceweasel, and no longer able to update anything via `pacman -Syu`])
>
> 4. I re-run the pacstrap command to install the four keyring packages
>
> pacstrap fails to chroot.
>
> it says /mnt is busy
>
> I search; come across recommendation to run `lsof | grep mnt`
>
> lsof is not available on the LiveISO.. i give up trying to figue
> who/what was squatting /mnt
>
> I manage to `umount -l /mnt`
>
> I remount it
>
> I run pacstrap; it goes through ok, but does complain all the way
> through its routine of locally signing keys.. saying it fails sign them.
>
> 5. I check keyrings are present in `/mnt/usr/share/pacman/keyrings/`,
> and yes they are all back (plus the `.old` ones for parabola-keyring)
>
> 6. I umount and reboot and write this email.
>
> 7. I also just tried the following two commands
>
>
> ~~~
> $ sudo pacman-key --populate parabola archlinux
> ==> Appending keys from parabola.gpg...
> ==> Appending keys from archlinux.gpg...
> ==> Locally signing trusted keys in keyring...
> -> Locally signing key DE8B63715BAA521666340836A763C29157A016B6...
> -> Locally signing key DDB867B92AA789C165EEFA799B729B06A680C281...
> ==> ERROR: DDB867B92AA789C165EEFA799B729B06A680C281 could not be locally
> signed.
> -> Locally signing key B15F27D6FB402E1839BA97C619C87254F41DB195...
> ==> ERROR: B15F27D6FB402E1839BA97C619C87254F41DB195 could not be locally
> signed.
> -> Locally signing key 560B3DEC2F13E822ACED475B2EC52AC76AEEB6A0...
> ==> ERROR: 560B3DEC2F13E822ACED475B2EC52AC76AEEB6A0 could not be locally
> signed.
> -> Locally signing key 1B8C5E87702444D3D825CC8086ED62396D5DBA58...
> ==> ERROR: 1B8C5E87702444D3D825CC8086ED62396D5DBA58 could not be locally
> signed.
> -> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
> ==> ERROR: 684148BB25B49E986A4944C55184252D824B18E8 could not be locally
> signed.
> -> Locally signing key 49F707A1CB366C580E625B3C456032D717A4CD9C...
> ==> ERROR: 49F707A1CB366C580E625B3C456032D717A4CD9C could not be locally
> signed.
> -> Locally signing key DC7E500D8D4407641EA82893476DC656262FB1AE...
> ==> ERROR: DC7E500D8D4407641EA82893476DC656262FB1AE could not be locally
> signed.
> -> Locally signing key 91FFE0700E80619CEB73235CA88E23E377514E00...
> ==> ERROR: 91FFE0700E80619CEB73235CA88E23E377514E00 could not be locally
> signed.
> -> Locally signing key 6DB9C4B4F0D8C0DC432CF6E4227CA7C556B2BA78...
> ==> ERROR: 6DB9C4B4F0D8C0DC432CF6E4227CA7C556B2BA78 could not be locally
> signed.
> -> Locally signing key 8C3F8ABD30DF2AFAC6C039A45906AB5E9AAD00E5...
> ==> ERROR: 8C3F8ABD30DF2AFAC6C039A45906AB5E9AAD00E5 could not be locally
> signed.
> -> Locally signing key 3954A7AB837D0EA9CFA9798925DB7D9B5A8D4B40...
> ==> ERROR: 3954A7AB837D0EA9CFA9798925DB7D9B5A8D4B40 could not be locally
> signed.
> -> Locally signing key D3EAD7F9D076EB9AF650149DA170D6A0B669E21A...
> ==> ERROR: D3EAD7F9D076EB9AF650149DA170D6A0B669E21A could not be locally
> signed.
> -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
> ==> ERROR: AB19265E5D7D20687D303246BA1DFB64FFF979E7 could not be locally
> signed.
> -> Locally signing key 2DFFE834A07FC9A06F4AAAF444BC7D7F49B9A5A4...
> ==> ERROR: 2DFFE834A07FC9A06F4AAAF444BC7D7F49B9A5A4 could not be locally
> signed.
> -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
> ==> ERROR: 0E8B644079F599DFC1DDC3973348882F6AC6A4C2 could not be locally
> signed.
> -> Locally signing key DE00C1C500DDCC4AAF06EA99B238ADC68BE13357...
> ==> ERROR: DE00C1C500DDCC4AAF06EA99B238ADC68BE13357 could not be locally
> signed.
> -> Locally signing key 1285E187FDE4EF93444F75F9A3CDCDE939A264EE...
> ==> ERROR: 1285E187FDE4EF93444F75F9A3CDCDE939A264EE could not be locally
> signed.
> -> Locally signing key C90B027951EB38B7FA25E2E73052D5B24E10CAF9...
> ==> ERROR: C90B027951EB38B7FA25E2E73052D5B24E10CAF9 could not be locally
> signed.
> -> Locally signing key ACFD80729A8CE443544A2C7ADF672798D2CF9D7D...
> ==> ERROR: ACFD80729A8CE443544A2C7ADF672798D2CF9D7D could not be locally
> signed.
> -> Locally signing key CB6E213A349B8DF9E96B622AC3F4FFCF3EAE8697...
> ==> ERROR: CB6E213A349B8DF9E96B622AC3F4FFCF3EAE8697 could not be locally
> signed.
> -> Locally signing key 38D33EF29A7691134357648733466E12EC7BA943...
> ==> ERROR: 38D33EF29A7691134357648733466E12EC7BA943 could not be locally
> signed.
> -> Locally signing key BFA8008A8265677063B11BF47171986E4B745536...
> ==> ERROR: BFA8008A8265677063B11BF47171986E4B745536 could not be locally
> signed.
> -> Locally signing key C9297FDFA44D416DEBF0948365BDCFF76F0F94D7...
> ==> ERROR: C9297FDFA44D416DEBF0948365BDCFF76F0F94D7 could not be locally
> signed.
> -> Locally signing key B70107A3E6A744682A22208D7D19D1AFDD312BBE...
> ==> ERROR: B70107A3E6A744682A22208D7D19D1AFDD312BBE could not be locally
> signed.
> -> Locally signing key 99195DD3BB6FE10A2F36ED8445698744D4FFBFC9...
> ==> ERROR: 99195DD3BB6FE10A2F36ED8445698744D4FFBFC9 could not be locally
> signed.
> -> Locally signing key 8CD7227DA467D3ED404F6EEFDB590F739E5AC458...
> ==> ERROR: 8CD7227DA467D3ED404F6EEFDB590F739E5AC458 could not be locally
> signed.
> -> Locally signing key 6A02EFFEEE2464AD376E05A81A677766EBE25A09...
> ==> ERROR: 6A02EFFEEE2464AD376E05A81A677766EBE25A09 could not be locally
> signed.
> -> Locally signing key EBDF658E5A72B7B8BD5FB0F46DB12E6B3CE04A86...
> ==> ERROR: EBDF658E5A72B7B8BD5FB0F46DB12E6B3CE04A86 could not be locally
> signed.
> -> Locally signing key 916FFBC76D2E641BA416BA53364F4E1483446AC5...
> ==> ERROR: 916FFBC76D2E641BA416BA53364F4E1483446AC5 could not be locally
> signed.
> -> Locally signing key 0EF5D686FC13831A54874C275FC681B4822DABB0...
> ==> ERROR: 0EF5D686FC13831A54874C275FC681B4822DABB0 could not be locally
> signed.
> ~~~
>
>
> ~~~
> $ sudo pacman -S parabola-keyring archlinux-keyring
> warning: parabola-keyring-20170912-1 is up to date -- reinstalling
> warning: archlinux-keyring-20171130-1 is up to date -- reinstalling
> resolving dependencies...
> looking for conflicting packages...
>
> Packages (2) archlinux-keyring-20171130-1 parabola-keyring-20170912-1
>
> Total Installed Size: 1.01 MiB
> Net Upgrade Size: 0.00 MiB
>
> :: Proceed with installation? [Y/n] y
> (2/2) checking keys in keyring
> [################################################] 100%
> (2/2) checking package integrity
> [################################################] 100%
> error: parabola-keyring: signature from "Isaac David
> <isacdaavid at isacdaavid.info>" is unknown trust
> :: File /var/cache/pacman/pkg/parabola-keyring-20170912-1-any.pkg.tar.xz
> is corrupted (invalid or corrupted package (PGP signature)).
> Do you want to delete it? [Y/n] n
> error: archlinux-keyring: signature from "Christian Hesse (Arch Linux
> Package Signing) <arch at eworm.de>" is unknown trust
> :: File
> /var/cache/pacman/pkg/archlinux-keyring-20171130-1-any.pkg.tar.xz is
> corrupted (invalid or corrupted package (PGP signature)).
> Do you want to delete it? [Y/n] n
> error: failed to commit transaction (invalid or corrupted package (PGP
> signature))
> Errors occurred, no packages were upgraded.
> ~~~
>
>
> III. Next steps
>
> Any suggestions welcome! :)
>
> I don't mind re-doing something I've done, be it in different order or
> if you recommend that it's worth trying again.
>
> Also, if there's a way to not remove all pkg.tar.xz from my cache, but
> only the keyring ones, then yes I don't mind doing that (or educate me
> on why I shouldn't be scared of zapping all my pkgs cache :) )
>
> Thanks again for your help!
>
> Ben
>
>
> _______________________________________________
> Assist mailing list
> Assist at lists.parabola.nu
> https://lists.parabola.nu/mailman/listinfo/assist
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.parabola.nu/pipermail/assist/attachments/20171206/5c151f41/attachment-0001.html>
More information about the Assist
mailing list