Cannot upgrade Python 3.8

mosesontheweb · 29 September 2021 18:30

Hi,

I’ve installed several Python versions from AUR. I also have Python 3.8 with version 3.8.11-3 on my system and wanted to update it with the now available 3.8.12-1. The download succeeds but it fails by checking the PGP signature:

==> Verifying source file signatures with gpg...
    Python-3.8.12.tar.xz ... cat: write error: Broken pipe
FAILED
==> ERROR: One or more PGP signatures could not be verified!

The maintainer key in the keystore of root:

pub   rsa4096 2015-05-11 [SC] [expires: 2025-05-11]
      E3FF2839C048B25C084DEBE9B26995E310250568
uid           [ unknown] Łukasz Langa (GPG langa.pl) <lukasz@langa.pl>
uid           [ unknown] Łukasz Langa <lukasz@edgedb.com>
uid           [ unknown] Łukasz Langa <lukasz@python.org>
uid           [ unknown] Łukasz Langa (Work e-mail account) <ambv@fb.com>
uid           [ unknown] [jpeg image of size 24479]
sub   rsa4096 2015-05-11 [E] [expires: 2025-05-11]

PKGBUILD:

validpgpkeys=('E3FF2839C048B25C084DEBE9B26995E310250568')

I tried to verify the tar.gz on my own under /var/cache/pamac/python38:

$ gpg --show-keys Python-3.8.12.tar.xz.asc
gpg: no valid OpenPGP data found.
$ gpg --with-fingerprint Python-3.8.12.tar.xz.asc

gpg: WARNING: no command supplied.  Trying to guess what you mean ...
gpg: assuming signed data in 'Python-3.8.12.tar.xz'
gpg: Signature made Mo 30 Aug 2021 18:43:21 CEST
gpg:                using RSA key E3FF2839C048B25C084DEBE9B26995E310250568
gpg: Good signature from "Łukasz Langa (GPG langa.pl) <lukasz@langa.pl>" [unknown]
gpg:                 aka "Łukasz Langa <lukasz@edgedb.com>" [unknown]
gpg:                 aka "Łukasz Langa <lukasz@python.org>" [unknown]
gpg:                 aka "Łukasz Langa (Work e-mail account) <ambv@fb.com>" [unknown]
gpg:                 aka "[jpeg image of size 24479]" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: E3FF 2839 C048 B25C 084D  EBE9 B269 95E3 1025 0568

So, could it be, that the .asc file which is downloaded from python.org is invalid? From my point of view everything else on my system seems to be alright, since I was able to install other versions like 3.6 or 3.10 without any failure.

Any help appreciated, thanks in advance, regards, Thomas

Yochanan · 29 September 2021 18:35

mithrial · 29 September 2021 18:57

For Python, I’d recommend pyenv because it doesn’t mess with your system’s Python installation.

kossak · 29 September 2021 19:25

I use asdf for few years now and am very happy with it. It can install different versions of not only python, but also other languages.

mosesontheweb · 29 September 2021 21:33

Hi,

thanks for the answer, but the error message is slightly different. The public key isn’t the problem, it says cat: write error: Broken pipe. Anyway, I try to head forward to Lukasz, maybe he might have an idea. I still guess that it has something to do with the .asc from the Python repo.

Regards, Thomas

Yochanan · 29 September 2021 22:05

So you ignored the tutorial?

That could be part of your issue. You do not add it to the system keyring, you add it to your user keyring.

Please don’t bother him with an issue that’s local to your machine. There’s nothing wrong with his key:

❯ gpg --recv-key E3FF2839C048B25C084DEBE9B26995E310250568
gpg: key B26995E310250568: public key "Łukasz Langa (GPG langa.pl) <lukasz@langa.pl>" imported
gpg: Total number processed: 1
gpg:               imported: 1

mosesontheweb · 30 September 2021 06:46

I did, however, it does not work. And I still point to the error message:

Python-3.8.12.tar.xz ... cat: write error: Broken pipe
FAILED

The longer I look at the message, I more believe that it isn’t a PGP problem, it’s something else. I try to find out what’s wrong.

Regards, Thomas

mithrial · 30 September 2021 10:40

You’ll have to provide the full error message.

mosesontheweb · 30 September 2021 18:15

Building python38...
Running as unit: run-u714.service
Press ^] three times within 1s to disconnect TTY.
==> Making package: python38 3.8.12-1 (Do 30 Sep 2021 20:15:39 CEST)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Downloading Python-3.8.12.tar.xz...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 17.5M  100 17.5M    0     0  4411k      0  0:00:04  0:00:04 --:--:-- 4412k
  -> Downloading Python-3.8.12.tar.xz.asc...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   833  100   833    0     0   9815      0 --:--:-- --:--:-- --:--:--  9916
  -> Found mpdecimal-2.5.1.patch
==> Validating source files with sha256sums...
    Python-3.8.12.tar.xz ... Passed
    Python-3.8.12.tar.xz.asc ... Skipped
    mpdecimal-2.5.1.patch ... Passed
==> Verifying source file signatures with gpg...
    Python-3.8.12.tar.xz ... cat: write error: Broken pipe
FAILED
==> ERROR: One or more PGP signatures could not be verified!
Finished with result: exit-code
Main processes terminated with: code=exited/status=1
Service runtime: 8.485s
CPU time consumed: 5.908s
Error: Failed to build python38

mithrial · 30 September 2021 22:24

The AUR comment AUR (en) - python38 indicates that it might be a PGP error.
You have to run the key import as the same user who builds the package.

Could you try another AUR helper like yay? Or makepkg the package directly?

mosesontheweb · 1 October 2021 16:43

Thanks for pointing to yay! This little thing did the trick!

Many thanks!

system · 4 October 2021 06:43

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.