|
# (отредактировано 2 года, 8 месяцев назад) |
|
|
Темы: 17 Сообщения: 86 Участник с: 25 февраля 2017 |
Обновил систему после очень долго перерыва через
Все вроде прошло без ошибок, только почему-то зеркала при установке пакетов не сразу подхватываются(вначале выскакивает ошибка, о том, что не получилось достать пакет на зеркале), а так же ключи не обновляются, ибо один из пакетов хотел заимпортить ключ, но я получил следующую ошибку Пытался обновить ключи через Помогите решить проблему |
|
redix |
# |
|
Темы: 34 Сообщения: 3433 Участник с: 11 марта 2013 |
Добавить ключ In Tux We Trust |
|
RusWolf |
# (отредактировано 2 года, 8 месяцев назад) |
|
Темы: 11 Сообщения: 2413 Участник с: 16 июля 2016 |
Обновление ключей: # pacman-key —init # pacman-key —refresh-keys # pacman-key —populate archlinux мля. опоздал |
|
redix |
# |
|
Темы: 34 Сообщения: 3433 Участник с: 11 марта 2013 |
Могу уступить первенство. )
In Tux We Trust |
|
RusWolf |
# |
|
Темы: 11 Сообщения: 2413 Участник с: 16 июля 2016 |
не-не, всё должно быть по честному |
|
vs220 |
# |
|
Темы: 22 Сообщения: 8090 Участник с: 16 августа 2009 |
Зеркала попробуйте обновить на актуальные в /etc/pacman.d/mirrorlist
Список актуальных https://www.archlinux.org/mirrorlist/ если не поможет смотрите |
|
wh75er |
# |
|
Темы: 17 Сообщения: 86 Участник с: 25 февраля 2017 |
не помогло |
|
vs220 |
# |
|
Темы: 22 Сообщения: 8090 Участник с: 16 августа 2009 |
Зеркала
? |
|
wh75er |
# |
|
Темы: 17 Сообщения: 86 Участник с: 25 февраля 2017 |
Все, проблема с зеркалами ушла, когда я добавил файл более новый mirrorlist, но с ключами таже проблема. Попробовал сделать Не помогло. Сейчас попробую сделать предложенное |
|
vs220 |
# |
|
Темы: 22 Сообщения: 8090 Участник с: 16 августа 2009 |
Обновление идет? Или на ключи ругается? |
- Index
- » Pacman & Package Upgrade Issues
- » Problem refreshing pacman keys
#1 2017-05-31 18:53:59
- catnap
- Member
- Registered: 2016-10-03
- Posts: 131
Problem refreshing pacman keys
I recently attempted a general system upgrade with
the upgrade failed because some of the keys were not recognized.
virhe: key "94657AB20F2A092B" could not be looked up remotely
virhe: key "E62F853100F0D0F0" could not be looked up remotely
virhe: key "3C1C876030B65FE2" could not be looked up remotely
virhe: key "BBE43771487328A9" could not be looked up remotely
virhe: key "A91764759326B440" could not be looked up remotely
virhe: key "A6234074498E9CEE" could not be looked up remotely
virhe: key "A5E9288C4FA415FA" could not be looked up remotely
virhe: key "786C63F330D7CB92" could not be looked up remotely
virhe: key "7A4E76095D8A52E4" could not be looked up remotely
virhe: key "FC1B547C8D8172C8" could not be looked up remotely
virhe: key "06096A6AD1CEDDAC" could not be looked up remotely
virhe: key "51E8B148A9999C34" could not be looked up remotely
virhe: key "976AC6FA3B94FA10" could not be looked up remotely
virhe: key "771DF6627EDF681F" could not be looked up remotely
virhe: key "7F2D434B9741E8AC" could not be looked up remotely
virhe: key "B02854ED753E0F1F" could not be looked up remotely
virhe: key "A3D9562A589874AB" could not be looked up remotely
virhe: key "C06086337C50773E" could not be looked up remotely
virhe: key "396E3E25BAB142C1" could not be looked up remotely
virhe: key "AFF5D95098BC6FF5" could not be looked up remotely
virhe: key "BE01EC22A04E2E46" could not be looked up remotely
virhe: key "65C110C1EA433FC7" could not be looked up remotely
virhe: key "2E89012331361F01" could not be looked up remotely
virhe: key "DB323392796CA067" could not be looked up remotely
virhe: key "1EB2638FF56C0C53" could not be looked up remotely
virhe: key "39E4B877E62EB915" could not be looked up remotely
virhe: key "FCF3C8CB5CF9C8D4" could not be looked up remotely
virhe: key "E613C09CB4440678" could not be looked up remotely
virhe: key "6D1655C14CE1C13E" could not be looked up remotely
virhe: key "24E4CDB0013C2580" could not be looked up remotely
virhe: key "206CBC892D1493D2" could not be looked up remotely
virhe: vaadittu avain puuttuu avainrenkaasta
virhe: latauksen suorittaminen epäonnistui (odottamaton virhe)
Yhtään pakettia ei päivitetty tapahtuneiden virheiden vuoksi.After reading up on the issue at ArchLinux Wiki, I attempted to
resolve the problem by refreshing the key database.
# pacman-key --init
# pacman-key --refreshThe last of these commands failed with the following output.
gpg: refreshing 91 keys from hkp://pool.sks-keyservers.net
gpg: keyserver refresh failed: No keyserver available
==> ERROR: A specified local key could not be updated from a keyserver.I’m using Privoxy to supply an add-blocker to my Vimprobable browser.
I hope this does not prevent me from connecting to the key servers normally.
When I try to ping the key server, the server responds as expected.
Last edited by catnap (2017-06-01 11:57:38)
#3 2017-06-01 12:14:48
- catnap
- Member
- Registered: 2016-10-03
- Posts: 131
Re: Problem refreshing pacman keys
I was eventually able to update the system after installing the keys from the package repository with
# pacman -S archlinux-keyringThis, however, does not solve the problem with
which still gives the same error.
I edited accordingly.
#4 2017-06-01 13:29:35
- Lone_Wolf
- Member
- From: Netherlands, Europe
- Registered: 2005-10-04
- Posts: 10,652
Re: Problem refreshing pacman keys
does something like gpg —search-keys abcdefghij work ?
The hkp protocol goes over http port 11371 , can you configure privoxy to let that port through ?
There are hkp servers that use port 80, maybe you can use one of them.
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
(A works at time B) && (time C > time B ) ≠ (A works at time C)
#5 2017-06-15 21:46:13
- catnap
- Member
- Registered: 2016-10-03
- Posts: 131
Re: Problem refreshing pacman keys
Lone_Wolf wrote:
does something like gpg —search-keys abcdefghij work ?
It gives the following result
gpg: no keyserver known (use option --keyserver)
gpg: keyserver search failed: No keyserver availableI also attempted to follow the instructions in https://wiki.archlinux.org/index.php/Pa … _via_proxy
by trying the commands
pacman-key --refresh-keys --keyserver hkp://keyserver.kjsl.com:80pacman-key --refresh-keys --keyserver hkp://pgp.mit.edu:11371pacman-key --refresh-keys --keyserver hkp://ipv4.pool.sks-keyservers.net:11371with the following results
gpg: refreshing 91 keys from hkp://keyserver.kjsl.com:80
gpg: keyserver refresh failed: No keyserver available
==> ERROR: A specified local key could not be updated from a keyserver.gpg: refreshing 91 keys from hkp://pgp.mit.edu:11371
gpg: keyserver refresh failed: No keyserver available
==> ERROR: A specified local key could not be updated from a keyserver.gpg: refreshing 91 keys from hkp://ipv4.pool.sks-keyservers.net:11371
gpg: keyserver refresh failed: No keyserver available
==> ERROR: A specified local key could not be updated from a keyserver.#6 2017-06-16 13:42:11
- Lone_Wolf
- Member
- From: Netherlands, Europe
- Registered: 2005-10-04
- Posts: 10,652
Re: Problem refreshing pacman keys
pacman-key uses gpg to verify signatures, and «gpg —search-keys» showed the problem is present when using gpg directly.
One gpg works, pacman-key should function automagickally so let’s focus on troubleshooting gpg .
Post your /etc/gnupg/dirmngr.conf and /etc/pacman.d/gnupg/dirmngr.conf .
Verify they have the honor-http-proxy option set as mentioned in the wiki .
Check the debug-level sectiobn of man gpg , and run «gpg —search-keys» with the highest debug-level .
post the exact command and the output .
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
(A works at time B) && (time C > time B ) ≠ (A works at time C)
#7 2017-06-16 17:58:00
- catnap
- Member
- Registered: 2016-10-03
- Posts: 131
Re: Problem refreshing pacman keys
Lone_Wolf wrote:
Post your /etc/gnupg/dirmngr.conf and /etc/pacman.d/gnupg/dirmngr.conf.
Verify they have the honor-http-proxy option set as mentioned in the wiki .
We seem to be close to isolating the problem. Those files do not exist. However
the file ~/.gnupg/dirmngr.conf exists and has the following content
keyserver hkp://jirk5u4osbsr34t5.onion
keyserver hkp://keys.gnupg.netThere were more lines, but in comments.
Lone_Wolf wrote:
Check the debug-level sectiobn of man gpg , and run «gpg —search-keys» with the highest debug-level .
post the exact command and the output .
The command
gpg --debug-level guru --search-keys abcgives the following output
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /home/tommi/.gnupg
gpg: DBG: chan_3 <- # Config: /home/tommi/.gnupg/dirmngr.conf
gpg: DBG: chan_3 <- OK Dirmngr 2.1.21 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.1.21
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- abc
gpg: DBG: chan_3 <- S PROGRESS tick ? 0 0I worry that gpg expects the key search to be run without extra modifiers
because, after I specify the debug level, the program does not search the
keys but expects further input from the user.
#8 2017-06-17 11:49:18
- Lone_Wolf
- Member
- From: Netherlands, Europe
- Registered: 2005-10-04
- Posts: 10,652
Re: Problem refreshing pacman keys
Run gpg —debug-level guru —keyserver hkp://keys.gnupg.net —search-keys abcdefghij as root .
The reason for using abcdefghij as search term is that there’s exactly 1 key that uses it on that specific keyserver network.
Below is the full output of that command ran on my main system.
# gpg --debug-level guru --keyserver hkp://keys.gnupg.net --search-keys abcdefghij
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /root/.gnupg
gpg: DBG: chan_3 <- # Config: [none]
gpg: DBG: chan_3 <- OK Dirmngr 2.1.21 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.1.21
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkp://keys.gnupg.net
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- abcdefghij
gpg: DBG: chan_3 <- S SOURCE http://[2a03:b0c0:1:d0::18c2:6001]:11371
gpg: DBG: chan_3 <- D info:1:1%0Apub:6923CE7991ABF7338DB1C9AA5F0142A080E4A9A0:1:2048:1442278921::%0Auid:AbCdEfGhIj <Sagichbestimmtnet@t-online.de>:1442278921::%0A%0D%0A
gpg: data source: http://[2a03:b0c0:1:d0::18c2:6001]:11371
gpg: DBG: chan_3 <- OK
gpg: DBG: iobuf-1.0: close '?'
(1) AbCdEfGhIj <Sagichbestimmtnet@t-online.de>
2048 bit RSA key 5F0142A080E4A9A0, created: 2015-09-15
Keys 1-1 of 1 for "abcdefghij". Enter number(s), N)ext, or Q)uit > Q
gpg: error searching keyserver: Operation cancelled
gpg: keyserver search failed: Operation cancelled
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg: build=0 update=0 insert=0 delete=0
gpg: reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: secmem usage: 0/32768 bytes in 0 blocks
#Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
(A works at time B) && (time C > time B ) ≠ (A works at time C)
#9 2017-06-17 21:52:05
- catnap
- Member
- Registered: 2016-10-03
- Posts: 131
Re: Problem refreshing pacman keys
Lone_Wolf wrote:
Run gpg —debug-level guru —keyserver hkp://keys.gnupg.net —search-keys abcdefghij as root .
This gives
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /root/.gnupg
gpg: DBG: chan_3 <- # Config: [none]
gpg: DBG: chan_3 <- OK Dirmngr 2.1.21 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.1.21
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkp://keys.gnupg.net
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- abcdefghij
gpg: DBG: chan_3 <- ERR 167772346 No keyserver available <Dirmngr>
gpg: no keyserver known (use option --keyserver)
gpg: keyserver search failed: No keyserver available
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg: build=0 update=0 insert=0 delete=0
gpg: reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: secmem usage: 0/32768 bytes in 0 blocks#10 2017-06-18 11:42:20
- Lone_Wolf
- Member
- From: Netherlands, Europe
- Registered: 2005-10-04
- Posts: 10,652
Re: Problem refreshing pacman keys
That is what i kinda expected, Dirmngr isn’t able to contact the keyserver .
edit or create /etc/gnupg/dirmngr.conf and /etc/pacman.d/gnupg/dirmngr.conf .
Make sure they have the honor-http-proxy option set as mentioned in the wiki .
run «echo $http_proxy» to verify it points to your privoxy setup .
(if it’s not set, just set it temporarily with export )
Then run the gpg debug-level command again and post output.
Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
(A works at time B) && (time C > time B ) ≠ (A works at time C)
#11 2017-06-18 20:36:48
- catnap
- Member
- Registered: 2016-10-03
- Posts: 131
Re: Problem refreshing pacman keys
Lone_Wolf wrote:
Then run the gpg debug-level command again and post output.
The output was the same as before.
I believe to have ruled out one possible source of the problem because
disabling Privoxy had no effect.
systemctl status privoxy.serviceprivoxy.service - Privoxy Web Proxy With Advanced Filtering Capabilities
Loaded: loaded (/usr/lib/systemd/system/privoxy.service; disabled; vendor preset: disabled)
Active: inactive (dead)After this I globally unset the http_proxy variable and tried
gpg --debug-level guru --keyserver hkp://keys.gnupg.net --search-keys abcdefghijas before, and still received the same error messages
gpg: enabled debug flags: packet mpi crypto filter iobuf memory cache memstat trust hashing ipc clock lookup extprog
gpg: DBG: [not enabled in the source] start
gpg: DBG: chan_3 <- # Home: /root/.gnupg
gpg: DBG: chan_3 <- # Config: [none]
gpg: DBG: chan_3 <- OK Dirmngr 2.1.21 at your service
gpg: DBG: connection to the dirmngr established
gpg: DBG: chan_3 -> GETINFO version
gpg: DBG: chan_3 <- D 2.1.21
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KEYSERVER --clear hkp://keys.gnupg.net
gpg: DBG: chan_3 <- OK
gpg: DBG: chan_3 -> KS_SEARCH -- abcdefghij
gpg: DBG: chan_3 <- ERR 167772346 No keyserver available <Dirmngr>
gpg: no keyserver known (use option --keyserver)
gpg: keyserver search failed: No keyserver available
gpg: DBG: chan_3 -> BYE
gpg: DBG: [not enabled in the source] stop
gpg: keydb: handles=0 locks=0 parse=0 get=0
gpg: build=0 update=0 insert=0 delete=0
gpg: reset=0 found=0 not=0 cache=0 not=0
gpg: kid_not_found_cache: count=0 peak=0 flushes=0
gpg: sig_cache: total=0 cached=0 good=0 bad=0
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: secmem usage: 0/32768 bytes in 0 blocksIt seems odd that the files /etc/gnupg/dirmngr.conf and /etc/pacman.d/gnupg/dirmngr.conf did not exist in my system before I created them. It might be worth the try to get these files from their standard packages. What packages should I (re)install?
#12 2017-06-18 21:28:15
- eschwartz
- Fellow
- Registered: 2014-08-08
- Posts: 4,097
Re: Problem refreshing pacman keys
There are no such default configuration files at all, since they are usually not needed.
/etc/pacman.d/gnupg is the $GNUPGHOME used internally by pacman-key, and /etc/gnupg AFAIK should not exist at all, because the gpg manpage doesn’t indicate that GnuPG respects any system configurations whatsoever. dirmngr does seem to respect /etc/gnupg/trusted-certs though, which is of course totally different and as such has nothing to do with this thread. 
Managing AUR repos The Right Way — aurpublish (now a standalone tool)
#13 2017-06-18 22:25:19
- catnap
- Member
- Registered: 2016-10-03
- Posts: 131
Re: Problem refreshing pacman keys
It seems that GPG simply does not find the specified servers with the DNS configuration because
ping hkp://keys.gnupg.net gives
ping: hkp://keys.gnupg.net: Name or service not knownMy DNS settings in /etc/resolv.conf are
# Generated by resolvconf
domain dhcp.inet.fi
nameserver 127.0.0.1
nameserver 193.210.18.18
nameserver 193.210.19.19Last edited by catnap (2017-06-18 22:33:49)
#14 2017-06-18 22:28:47
- eschwartz
- Fellow
- Registered: 2014-08-08
- Posts: 4,097
Re: Problem refreshing pacman keys
hkp is not a protocol ping understands, so this has nothing to do with the problem.
Try a different keyserver, or check the recent gnupg connectivity bugs to see if one of the magic solutions works for you (because things have been somewhat unpredictable lately, fixing and then breaking again).
Last edited by eschwartz (2017-06-18 22:30:44)
Managing AUR repos The Right Way — aurpublish (now a standalone tool)
#15 2021-03-14 19:16:23
- ymougenel
- Member
- Registered: 2021-03-14
- Posts: 1
Re: Problem refreshing pacman keys
Hello,
I also encountered the «virhe: key «XXXX» could not be looked up remotely», a friend of mine helped me through the issue:
1. I temporary bypassed the key check on pacman:
In /etc/pacman.conf
# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Never
2. I updated my system:
3. Few hooks were broken (error: hook /usr/share/libalpm/hooks/XXX.hook line 2: invalid value Path)
I had to update pacman and relunch each hooks:
pacman -S pacman
pacman -S $(pacman -Qq)note: my aur packager was also broken due to the python upgrade, I ended up by re-installing pikaur completely and run
)
4. Once updated, I reset the keyring to the default value in /etc/pacman.conf
(SigLevel = Required DatabaseOptional)
I hope it helps
#16 2021-03-15 01:32:24
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 19,010
Re: Problem refreshing pacman keys
Using this opportunity to close this old thread.
Nothing is too wonderful to be true, if it be consistent with the laws of nature — Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. — Alan Turing
—
How to Ask Questions the Smart Way
I’m currently having issues with installing a package due to a missing key. My first plan was to updating my keyring however «pacman-key —refresh-keys» fails:
[user@hostname ~]$ sudo pacman-key --refresh-keys
gpg: refreshing 134 keys from hkp://pool.sks-keyservers.net
gpg: keyserver refresh failed: Permission denied
==> ERROR: A specified local key could not be updated from a keyserver.
Also tried running it under «su».
[user@hostname ~]$ su
Password:
[root@hostname user]# pacman-key --refresh-keys
gpg: refreshing 134 keys from hkp://pool.sks-keyservers.net
gpg: keyserver refresh failed: Permission denied
==> ERROR: A specified local key could not be updated from a keyserver.
Tried running dirmngr manually to see if there are any errors.
[user@hostname ~]$ sudo dirmngr < /dev/null
dirmngr[25316]: error opening '/root/.gnupg/dirmngr_ldapservers.conf': No such file or directory
dirmngr[25316.0]: permanently loaded certificates: 141
dirmngr[25316.0]: runtime cached certificates: 0
dirmngr[25316.0]: trusted certificates: 141 (140,0,0,1)
# Home: /root/.gnupg
# Config: [none]
OK Dirmngr 2.2.3 at your service
I noticed the «error opening ‘/root/.gnupg/dirmngr_ldapservers.conf'» which had been mentioned on the Arch Linux forums. So I created a blank «/root/.gnupg/dirmngr_ldapservers.conf» and ran dirmngr again. I also get a similar error if I run dirmngr without sudo so I created a blank «/home/user/.gnupg/dirmngr_ldapservers.conf» too.
[user@hostname ~]$ sudo dirmngr < /dev/null
dirmngr[28763.0]: permanently loaded certificates: 141
dirmngr[28763.0]: runtime cached certificates: 0
dirmngr[28763.0]: trusted certificates: 141 (140,0,0,1)
# Home: /root/.gnupg
# Config: [none]
OK Dirmngr 2.2.3 at your service
[user@hostname ~]$ dirmngr < /dev/null
dirmngr[32757.0]: permanently loaded certificates: 141
dirmngr[32757.0]: runtime cached certificates: 0
dirmngr[32757.0]: trusted certificates: 141 (140,0,0,1)
# Home: /home/user/.gnupg
# Config: [none]
OK Dirmngr 2.2.3 at your service
Removed both the «.gnupg» folders, ran «pacman-key —init» and then tried «pacman-key —refresh-keys».
[user@hostname ~]$ sudo rm -rf /root/.gnupg
[user@hostname ~]$ sudo rm -rf /home/user/.gnupg
[user@hostname ~]$ sudo pacman-key --init
[user@hostname ~]$ sudo pacman-key --refresh-keys
gpg: refreshing 134 keys from hkp://pool.sks-keyservers.net
gpg: keyserver refresh failed: Permission denied
==> ERROR: A specified local key could not be updated from a keyserver
After removing both «.gnupg» directories I ran dirmngr again.
[user@hostname ~]$ dirmngr --debug-level guru
dirmngr[18151]: enabled debug flags: x509 crypto memory cache memstat hashing ipc dns network lookup extprog
dirmngr[18151]: error opening '/home/user/.gnupg/dirmngr_ldapservers.conf': No such file or directory
dirmngr[18151.0]: permanently loaded certificates: 141
dirmngr[18151.0]: runtime cached certificates: 0
dirmngr[18151.0]: trusted certificates: 141 (140,0,0,1)
dirmngr[18151.0]: failed to open cache dir file '/home/user/.gnupg/crls.d/DIR.txt': No such file or directory
dirmngr[18151.0]: creating directory '/home/user/.gnupg'
dirmngr[18151.0]: creating directory '/home/user/.gnupg/crls.d'
dirmngr[18151.0]: new cache dir file '/home/user/.gnupg/crls.d/DIR.txt' created
dirmngr[18151.0]: DBG: chan_3 -> # Home: /home/user/.gnupg
# Home: /home/user/.gnupg
dirmngr[18151.0]: DBG: chan_3 -> # Config: [none]
# Config: [none]
dirmngr[18151.0]: DBG: chan_3 -> OK Dirmngr 2.2.3 at your service
OK Dirmngr 2.2.3 at your service
And now I’m completely stuck. I suspected there might be some kind of permissions issue with a file needed by GPG but given that I’ve deleted both «.gnupg» directories and that they’ve been regenerated I don’t see what’s wrong.
I’ve also tried everything on this wiki page: https://wiki.parabola.nu/Parabola_Keyring everything worked including the «sudo pacman-key —populate archlinux archlinux32 archlinuxarm parabola» command but «pacman-key —refresh-keys» still gave me the permissions error.
Just tried refreshing my keyring with gpg directly:
[user@hostname ~]$ sudo gpg2 --refresh-keys
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
Then tried to do it with pacman-key:
[user@hostname ~]$ sudo pacman-key --refresh-keys
gpg: refreshing 135 keys from hkp://pool.sks-keyservers.net
gpg: keyserver refresh failed: Permission denied
==> ERROR: A specified local key could not be updated from a keyserver.
So that failed. Tried with gpg2 to see if the output was the same:
[user@hostname ~]$ sudo gpg2 --refresh-keys
There wasn’t any output so I doubt that the files it created are related to my current issue.
As a last ditch effort I tried without sudo and got no output:
[user@hostname ~]$ gpg2 --refresh-keys
Still stuck with this. Even installed kgpg to manually generate a config file for gpg. However, I’m still getting this damn permissions error.
07 September 2020, 19:41:41
$ doas pacman-key --refresh-keys
==> ERROR: A specified local key could not be updated from a keyserver.
After researching a bit I found this solution but the error remains:
[asus-artix glats]# rm -R /etc/pacman.d/gnupg/ && rm -R /root/.gnupg/ && gpg --refresh-keys && pacman-key --init && nvim /etc/pacman.d/gnupg/gpg.conf && pacman-key --populate archlinux artix && pacman-key --refresh-keys
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
gpg: Generating pacman keyring master key...
gpg: key 0039C159C955627F marked as ultimately trusted
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/BE3AE0DC3D13458F65CFE0BB0039C159C955627F.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
==> Appending keys from archlinux.gpg...
==> Appending keys from artix.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signing key 8AC1470E584E6AAB0BBBAC3FED587B6247A4152D...
-> Locally signing key D8AFDDA07A5B6EDFA7D8CCDAD6D055F927843F1C...
-> Locally signing key 9CBF2CD86DB1BA4F278C69C260448B45A4ECBA8D...
-> Locally signing key DDB867B92AA789C165EEFA799B729B06A680C281...
-> Locally signing key 80E461C30BE40AD3EFB57E18EA690BC73A4F1094...
-> Locally signing key 2C69BCE8163847BC56401FD2CF18A351C0705F6A...
-> Locally signing key 664187F32A958D0ED06530067BFAD0C0864DA8E8...
-> Locally signing key 91FFE0700E80619CEB73235CA88E23E377514E00...
-> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
-> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
==> Importing owner trust values...
gpg: inserting ownertrust of 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
==> Disabling revoked keys in keyring...
-> Disabling key 8F76BEEA0289F9E1D3E229C05F946DED983D4366...
-> Disabling key 63F395DE2D6398BBE458F281F2DBB4931985A992...
-> Disabling key 50F33E2E5B0C3D900424ABE89BDCF497A4BBCC7F...
-> Disabling key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
-> Disabling key 39F880E50E49A4D11341E8F939E4F17F295AFBF4...
-> Disabling key 8840BD07FC24CB7CE394A07CCF7037A4F27FB7DA...
-> Disabling key 5559BC1A32B8F76B3FCCD9555FA5E5544F010D48...
-> Disabling key 0B20CA1931F5DA3A70D0F8D2EA6836E1AB441196...
-> Disabling key 07DFD3A0BC213FA12EDC217559B3122E2FA915EC...
-> Disabling key 4FCF887689C41B09506BE8D5F3E1D5C5D30DB0AD...
-> Disabling key 5A2257D19FF7E1E0E415968CE62F853100F0D0F0...
-> Disabling key D921CABED130A5690EF1896E81AF739EC0711BF1...
-> Disabling key 7FA647CD89891DEDC060287BB9113D1ED21E1A55...
-> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
-> Disabling key 4A8B17E20B88ACA61860009B5CED81B7C2E5C0D2...
-> Disabling key 5696C003B0854206450C8E5BE613C09CB4440678...
-> Disabling key 684148BB25B49E986A4944C55184252D824B18E8...
-> Disabling key 8CF934E339CAD8ABF342E822E711306E3C4F88BC...
-> Disabling key F5A361A3A13554B85E57DDDAAF7EF7873CFD4BB6...
-> Disabling key 5E7585ADFF106BFFBBA319DC654B877A0864983E...
-> Disabling key 65EEFE022108E2B708CBFCF7F9E712E59AF5F22A...
-> Disabling key 40440DC037C05620984379A6761FAD69BA06C6A9...
-> Disabling key 34C5D94FE7E7913E86DC427E7FB1A3800C84C0A5...
-> Disabling key 81D7F8241DB38BC759C80FCE3A726C6170E80477...
-> Disabling key EAC3F71CBAA5B0A0FCCA1BDE8BB9E048A9CAC259...
-> Disabling key E7210A59715F6940CF9A4E36A001876699AD6E84...
-> Disabling key 5357F3B111688D88C1D88119FCF2CB179205AC90...
-> Disabling key 4D913AECD81726D9A6C74F0ADA6426DD215B37AD...
-> Disabling key FB871F0131FEA4FB5A9192B4C8880A6406361833...
-> Disabling key 66BD74A036D522F51DD70A3C7F2A16726521E06D...
-> Disabling key B1F2C889CB2CCB2ADA36D963097D629E437520BD...
-> Disabling key 9515D8A8EAB88E49BB65EDBCE6B456CAF15447D5...
-> Disabling key 76B4192E902C0A52642C63C273B8ED52F1D357C1...
-> Disabling key 40776A5221EF5AD468A4906D42A1DB15EC133BAD...
-> Disabling key D4DE5ABDE2A7287644EAC7E36D1A9E70E19DAA50...
-> Disabling key 44D4A033AC140143927397D47EFD567D4C7EA887...
==> Updating trust database...
gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 10 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 10 signed: 94 trust: 0-, 0q, 0n, 10m, 0f, 0u
gpg: depth: 2 valid: 91 signed: 28 trust: 91-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2020-09-13
gpg: refreshing 139 keys from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: General error
==> ERROR: A specified local key could not be updated from a keyserver.
I thought that my local machine was the problem so I installed a new installation on a virtual machine and when running the command it comes out with the same error:
first:
glats-standardpcq35ich92009:[root]:~# pacman-key --refresh-keys
gpg: refreshing 139 keys from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: General error
==> ERROR: A specified local key could not be updated from a keyserver.
Then:
glats-standardpcq35ich92009:[root]:~# rm -R /etc/pacman.d/gnupg/ && rm -R /root/.gnupg/ && gpg --refresh-keys && pacman-key --init && pacman-key --populate archlinux artix && pacman-key --refresh-keys
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
gpg: Generating pacman keyring master key...
gpg: key 3340B78F278B860A marked as ultimately trusted
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/D1A33369D7E75333F52B45AC3340B78F278B860A.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
==> Appending keys from archlinux.gpg...
==> Appending keys from artix.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signing key 8AC1470E584E6AAB0BBBAC3FED587B6247A4152D...
-> Locally signing key D8AFDDA07A5B6EDFA7D8CCDAD6D055F927843F1C...
-> Locally signing key 9CBF2CD86DB1BA4F278C69C260448B45A4ECBA8D...
-> Locally signing key DDB867B92AA789C165EEFA799B729B06A680C281...
-> Locally signing key 80E461C30BE40AD3EFB57E18EA690BC73A4F1094...
-> Locally signing key 2C69BCE8163847BC56401FD2CF18A351C0705F6A...
-> Locally signing key 664187F32A958D0ED06530067BFAD0C0864DA8E8...
-> Locally signing key 91FFE0700E80619CEB73235CA88E23E377514E00...
-> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
-> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
==> Importing owner trust values...
gpg: inserting ownertrust of 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
==> Disabling revoked keys in keyring...
-> Disabling key 8F76BEEA0289F9E1D3E229C05F946DED983D4366...
-> Disabling key 63F395DE2D6398BBE458F281F2DBB4931985A992...
-> Disabling key 50F33E2E5B0C3D900424ABE89BDCF497A4BBCC7F...
-> Disabling key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
-> Disabling key 39F880E50E49A4D11341E8F939E4F17F295AFBF4...
-> Disabling key 8840BD07FC24CB7CE394A07CCF7037A4F27FB7DA...
-> Disabling key 5559BC1A32B8F76B3FCCD9555FA5E5544F010D48...
-> Disabling key 0B20CA1931F5DA3A70D0F8D2EA6836E1AB441196...
-> Disabling key 07DFD3A0BC213FA12EDC217559B3122E2FA915EC...
-> Disabling key 4FCF887689C41B09506BE8D5F3E1D5C5D30DB0AD...
-> Disabling key 5A2257D19FF7E1E0E415968CE62F853100F0D0F0...
-> Disabling key D921CABED130A5690EF1896E81AF739EC0711BF1...
-> Disabling key 7FA647CD89891DEDC060287BB9113D1ED21E1A55...
-> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
-> Disabling key 4A8B17E20B88ACA61860009B5CED81B7C2E5C0D2...
-> Disabling key 5696C003B0854206450C8E5BE613C09CB4440678...
-> Disabling key 684148BB25B49E986A4944C55184252D824B18E8...
-> Disabling key 8CF934E339CAD8ABF342E822E711306E3C4F88BC...
-> Disabling key F5A361A3A13554B85E57DDDAAF7EF7873CFD4BB6...
-> Disabling key 5E7585ADFF106BFFBBA319DC654B877A0864983E...
-> Disabling key 65EEFE022108E2B708CBFCF7F9E712E59AF5F22A...
-> Disabling key 40440DC037C05620984379A6761FAD69BA06C6A9...
-> Disabling key 34C5D94FE7E7913E86DC427E7FB1A3800C84C0A5...
-> Disabling key 81D7F8241DB38BC759C80FCE3A726C6170E80477...
-> Disabling key EAC3F71CBAA5B0A0FCCA1BDE8BB9E048A9CAC259...
-> Disabling key E7210A59715F6940CF9A4E36A001876699AD6E84...
-> Disabling key 5357F3B111688D88C1D88119FCF2CB179205AC90...
-> Disabling key 4D913AECD81726D9A6C74F0ADA6426DD215B37AD...
-> Disabling key FB871F0131FEA4FB5A9192B4C8880A6406361833...
-> Disabling key 66BD74A036D522F51DD70A3C7F2A16726521E06D...
-> Disabling key B1F2C889CB2CCB2ADA36D963097D629E437520BD...
-> Disabling key 9515D8A8EAB88E49BB65EDBCE6B456CAF15447D5...
-> Disabling key 76B4192E902C0A52642C63C273B8ED52F1D357C1...
-> Disabling key 40776A5221EF5AD468A4906D42A1DB15EC133BAD...
-> Disabling key D4DE5ABDE2A7287644EAC7E36D1A9E70E19DAA50...
-> Disabling key 44D4A033AC140143927397D47EFD567D4C7EA887...
==> Updating trust database...
gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 10 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 10 signed: 94 trust: 0-, 0q, 0n, 10m, 0f, 0u
gpg: depth: 2 valid: 91 signed: 28 trust: 91-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2020-09-13
gpg: refreshing 139 keys from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: General error
==> ERROR: A specified local key could not be updated from a keyserver.
I don’t know how to debug it if anyone knows please let me know.
Thanks.
I ran into an issue running through Arch Linux package upgrades on 2021-01-06, after neglecting to install package upgrades for a few months:
[miliarch@arch ~]$ sudo pacman -Syu
:: Synchronizing package databases...
core 132.8 KiB 18.5 MiB/s 00:00 [##################################] 100%
extra 1637.1 KiB 28.0 MiB/s 00:00 [##################################] 100%
community 5.3 MiB 65.3 MiB/s 00:00 [##################################] 100%
sublime-text 1827.0 B 0.00 B/s 00:00 [##################################] 100%
sublime-text.sig 543.0 B 0.00 B/s 00:00 [##################################] 100%
:: Starting full system upgrade...
... -truncated- ...
(541/541) checking keys in keyring [##################################] 100%
(541/541) checking package integrity [##################################] 100%
error: cdrtools: signature from "Jerome Leclanche <jerome@leclan.ch>" is unknown trust
:: File /var/cache/pacman/pkg/cdrtools-3.02a09-4-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.It turns out the developer’s GPG key, which determines whether the author of the package is trusted, had expired:
[miliarch@arch ~]$ pacman-key --list-sigs Jerome
gpg: Note: trustdb not writable
pub rsa4096 2013-10-16 [SC] [expired: 2021-01-01]
169704C6FB490C6892C7F23C37E0AF1FDA48F373
uid [ expired] Jerome Leclanche <jerome@leclan.ch>
sig 3348882F6AC6A4C2 2015-02-10 Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sig BA1DFB64FFF979E7 2015-02-12 Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig A88E23E377514E00 2015-12-23 Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sig 3 37E0AF1FDA48F373 2018-06-10 Jerome Leclanche <jerome@leclan.ch>
sig D6D055F927843F1C 2019-09-29 Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>After some searching, I came across this thread, which contained the solution. I did try using pacman-key --refresh-keys, as suggested by Scimmia, and while it did refresh many keys (see command output below), it didn’t pull in an update of the problematic key.
[miliarch@arch ~]$ sudo pacman-key --refresh-keys
gpg: refreshing 121 keys from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: Server indicated a failure
==> ERROR: A specified local key could not be updated from a keyserver.After further review of the thread, and some more tinkering in the terminal, I discovered that the archlinux-keyring package required an update to pull in updated GPG keys. I’m very thankful that these folks took the time to both ask the question and drop in guidance on how to validate and fix the problem.
Now, the main crux of the issue was that while archlinux-keyring was part of the list of distribution packages to update, the one package associated with an expired key (cdrtools) «clogged up the works» and prevented the upgrade from completing. To work around that, I pulled this package separately with pacman -S archlinux-keyring:
[miliarch@arch ~]$ sudo pacman -S archlinux-keyring
resolving dependencies...
looking for conflicting packages...
Packages (1) archlinux-keyring-20201210-1
Total Installed Size: 1.30 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring [############################################] 100%
(1/1) checking package integrity [############################################] 100%
(1/1) loading package files [############################################] 100%
(1/1) checking for file conflicts [############################################] 100%
(1/1) checking available disk space [############################################] 100%
:: Processing package changes...
(1/1) upgrading archlinux-keyring [############################################] 100%
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signing key D8AFDDA07A5B6EDFA7D8CCDAD6D055F927843F1C...
-> Locally signing key DDB867B92AA789C165EEFA799B729B06A680C281...
-> Locally signing key 91FFE0700E80619CEB73235CA88E23E377514E00...
-> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
-> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
-> Disabling key 8F76BEEA0289F9E1D3E229C05F946DED983D4366...
-> Disabling key 63F395DE2D6398BBE458F281F2DBB4931985A992...
-> Disabling key 50F33E2E5B0C3D900424ABE89BDCF497A4BBCC7F...
-> Disabling key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
-> Disabling key 779CD2942629B7FA04AB8F172E89012331361F01...
-> Disabling key 39F880E50E49A4D11341E8F939E4F17F295AFBF4...
-> Disabling key 8840BD07FC24CB7CE394A07CCF7037A4F27FB7DA...
-> Disabling key 5559BC1A32B8F76B3FCCD9555FA5E5544F010D48...
-> Disabling key 0B20CA1931F5DA3A70D0F8D2EA6836E1AB441196...
-> Disabling key 07DFD3A0BC213FA12EDC217559B3122E2FA915EC...
-> Disabling key 4FCF887689C41B09506BE8D5F3E1D5C5D30DB0AD...
-> Disabling key 5A2257D19FF7E1E0E415968CE62F853100F0D0F0...
-> Disabling key D921CABED130A5690EF1896E81AF739EC0711BF1...
-> Disabling key 7FA647CD89891DEDC060287BB9113D1ED21E1A55...
-> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
-> Disabling key 4A8B17E20B88ACA61860009B5CED81B7C2E5C0D2...
-> Disabling key 5696C003B0854206450C8E5BE613C09CB4440678...
-> Disabling key 684148BB25B49E986A4944C55184252D824B18E8...
-> Disabling key 8CF934E339CAD8ABF342E822E711306E3C4F88BC...
-> Disabling key F5A361A3A13554B85E57DDDAAF7EF7873CFD4BB6...
-> Disabling key 5E7585ADFF106BFFBBA319DC654B877A0864983E...
-> Disabling key 65EEFE022108E2B708CBFCF7F9E712E59AF5F22A...
-> Disabling key 40440DC037C05620984379A6761FAD69BA06C6A9...
-> Disabling key 34C5D94FE7E7913E86DC427E7FB1A3800C84C0A5...
-> Disabling key 1A60DC44245D06FEF90623D6EEEEE2EEEE2EEEEE...
-> Disabling key 81D7F8241DB38BC759C80FCE3A726C6170E80477...
-> Disabling key E7210A59715F6940CF9A4E36A001876699AD6E84...
-> Disabling key 5357F3B111688D88C1D88119FCF2CB179205AC90...
-> Disabling key 4D913AECD81726D9A6C74F0ADA6426DD215B37AD...
-> Disabling key FB871F0131FEA4FB5A9192B4C8880A6406361833...
-> Disabling key 66BD74A036D522F51DD70A3C7F2A16726521E06D...
-> Disabling key 487EACC08557AD082088DABA1EB2638FF56C0C53...
-> Disabling key B1F2C889CB2CCB2ADA36D963097D629E437520BD...
-> Disabling key 9515D8A8EAB88E49BB65EDBCE6B456CAF15447D5...
-> Disabling key 76B4192E902C0A52642C63C273B8ED52F1D357C1...
-> Disabling key 40776A5221EF5AD468A4906D42A1DB15EC133BAD...
-> Disabling key D4DE5ABDE2A7287644EAC7E36D1A9E70E19DAA50...
-> Disabling key 44D4A033AC140143927397D47EFD567D4C7EA887...
==> Updating trust database...
gpg: next trustdb check due at 2021-08-02
:: Running post-transaction hooks...
(1/1) Arming ConditionNeedsUpdate...After checking the public GPG key for this author again, it was clear that it had been updated with an expiration date in the future in my local keyring:
[miliarch@arch ~]$ pacman-key --list-sigs Jerome
gpg: Note: trustdb not writable
pub rsa4096 2013-10-16 [SC] [expires: 2023-01-01]
169704C6FB490C6892C7F23C37E0AF1FDA48F373
uid [ full ] Jerome Leclanche <jerome@leclan.ch>
sig 3348882F6AC6A4C2 2015-02-10 Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sig BA1DFB64FFF979E7 2015-02-12 Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig A88E23E377514E00 2015-12-23 Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sig 3 37E0AF1FDA48F373 2018-06-10 Jerome Leclanche <jerome@leclan.ch>
sig D6D055F927843F1C 2019-09-29 Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>
sig 3 37E0AF1FDA48F373 2020-10-28 Jerome Leclanche <jerome@leclan.ch>
sub rsa4096 2013-10-16 [E] [expires: 2023-01-01]
sig 37E0AF1FDA48F373 2018-06-10 Jerome Leclanche <jerome@leclan.ch>
sig 37E0AF1FDA48F373 2020-10-28 Jerome Leclanche <jerome@leclan.ch>My next attempt to run a full distro upgrade finished without an issue.
The lesson to take from this is that it may be wise to run a standalone upgrade of the archlinux-keyring package prior to running a full distribution upgrade, especially if it’s been a while since you’ve upgraded packages. Alternatively, it’s certainly a valid strategy to wait until an error is presented to address a problem; it’s good to keep this package in mind if you encounter a GPG key signing issue on a core package when working with pacman.
Finding documentation on archlinux-keyring wasn’t trivial, but the Adding Developer Keys section of the pacman/Package signing page in the Arch Wiki touches on the purpose of the package, which is effectively a collection of Trusted User (TU) GPG keys.
Until next time
— miliarch
- Tidbits
Subscribe to our newsletter
Get the latest posts delivered right to your inbox.
Now check your inbox and click the link to confirm your subscription.
Please enter a valid email address
Oops! There was an error sending the email, please try later.