Error with Keyring update

Support
1

This is my first error after more than a year with Manjaro, so I thought I’d mention it.

Preparing...
Synchronizing package databases...
Refreshing community.db...
Resolving dependencies...
Checking inter-conflicts...
Resolving dependencies...
Checking inter-conflicts...
Download of manjaro-keyring (20230615-1) started
Download of manjaro-keyring (20230615-1) finished
Checking keyring...
Checking integrity...
Loading packages files...
Checking file conflicts...
Checking available disk space...
==> skipping timeshift-autosnap due skipRsyncAutosnap in /etc/timeshift-autosnap.conf set to TRUE.
==> Delete expired Key by Jonas Strassel
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:  20  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:  20  signed:  96  trust: 0-, 0q, 0n, 20m, 0f, 0u
gpg: depth: 2  valid:  73  signed:  27  trust: 73-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2023-07-12
Configuring manjaro-keyring...
==> Appending keys from manjaro.gpg...
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
==> Locally signing trusted keys in keyring...
  -> Locally signed 3 keys.
==> Importing owner trust values...
gpg: setting ownertrust to 4
==> Disabling revoked keys in keyring...
  -> Disabled 8 keys.
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:  21  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:  21  signed:  96  trust: 0-, 0q, 0n, 21m, 0f, 0u
gpg: depth: 2  valid:  73  signed:  27  trust: 73-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2023-07-07
Running post-transaction hooks...
Arming ConditionNeedsUpdate...
Refreshing PackageKit...
Transaction successfully finished.
2

Yes, i have exactly the same problem. Since i am new to manjaro i thought i messed up and even followed the troubleshooting wiki here - (no links allowed for new users of the forum)/Pacman_troubleshooting#Errors_about_Keys
but then i found a similar topic here (no links for me, can i have an icecream instead?)t/update-of-manjaro-keyring-gave-errors/108968 and realised it is probably a bug.

After the manual install as per troubleshooter i can install packages, i am still waiting for a an update to test if that works but i guess everything was ok at the first place and we can ignore the errors in the buggy keyring till next version. It will be nice if an experienced user confirms?

3

I’m running Big Linux which has the Manjaro keyrings in it and it already has a fix. I’m assuming the fix came directly from Manjaro.

4

Just installed today’s update but it’s still giving the same error:

gpg: error reading key: No public key
Error while configuring manjaro-keyring

5

The fix is already in Unstable branch. It should be in Stable and testing soon.

manjaro-keyring:

stable20230615-1

testing20230615-1

unstable20230616-1
3 Likes
6

You might dislike this answer, but I think you should focus on the last line:

I might be wrong here, but I think the last keys are implemented correctly and next check is 2023-07-07.
Correct me if I’m wrong because I had the EXACT same errors.

3 Likes
7

You are not.

The messages is thrown by gpg when processing the keys.

The message is simply informing that while processing a key (not displayed) there was no public key available - the key is likely skipped

13:41:00 ○ [fh@tiger] ~
 $ sudo pacman -Syu
[...]
gpg: next trustdb check due at 2023-07-12
(1/1) upgrading manjaro-keyring         [-------------------------] 100%
==> Appending keys from manjaro.gpg...
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
==> Locally signing trusted keys in keyring...
  -> Locally signed 3 keys.
==> Importing owner trust values...
gpg: setting ownertrust to 4
[....]
:: Running post-transaction hooks...
( 1/10) Arming ConditionNeedsUpdate...
( 2/10) Updating the MIME type database...
( 3/10) Updating module dependencies...
( 4/10) Install DKMS modules
[...]
( 8/10) Registering Haskell modules...
( 9/10) Updating icon theme caches...
(10/10) Updating the desktop file MIME type cache...

The important thing is that the transaction is not being broken and the post transaction hooks is exected without errors.

Which means there was no breaking in the transaction - didliduhdah - work done.

4 Likes
8

Unfortunatelly i already tried to repair what was not broken…so is it broken now?

Here is my initial log

Download of manjaro-keyring (20230615-1) started
Download of manjaro-keyring (20230615-1) finished
Checking keyring...
Checking integrity...
Loading packages files...
Checking file conflicts...
Checking available disk space...
==> skipping timeshift-autosnap due skipRsyncAutosnap in /etc/timeshift-autosnap.conf set to TRUE.
==> Delete expired Key by Jonas Strassel
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:  20  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:  20  signed:  96  trust: 0-, 0q, 0n, 20m, 0f, 0u
gpg: depth: 2  valid:  73  signed:  27  trust: 73-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2023-07-12
Configuring manjaro-keyring...
==> Appending keys from manjaro.gpg...
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
==> Locally signing trusted keys in keyring...
  -> Locally signed 3 keys.
==> Importing owner trust values...
gpg: setting ownertrust to 4
==> Disabling revoked keys in keyring...
  -> Disabled 8 keys.
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:  21  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:  21  signed:  96  trust: 0-, 0q, 0n, 21m, 0f, 0u
gpg: depth: 2  valid:  73  signed:  27  trust: 73-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2023-07-07
Transaction successfully finished.

Then i followed the steps in the troubleshooter about downloading locally in cache and installing from there…
And now, if i open the pamac gui and try to reinstall keyring from there it trows an error

Preparing...
Warning: manjaro-keyring-20230615-1 is up to date -- reinstalling
Resolving dependencies...
Checking inter-conflicts...
Checking keyring...
Checking integrity...
Loading packages files...
Checking file conflicts...
Checking available disk space...
==> skipping timeshift-autosnap due skipRsyncAutosnap in /etc/timeshift-autosnap.conf set to TRUE.
Reinstalling manjaro-keyring (20230615-1)...
==> Appending keys from manjaro.gpg...
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
gpg: error reading key: No public key
Error while configuring manjaro-keyring
==> Locally signing trusted keys in keyring...
==> ERROR: 3B794DE6D4320FCE594F4171279E7CF5D8D56EC8 could not be locally signed.
Error while configuring manjaro-keyring
Error: manjaro-keyring: command failed to execute correctly
Transaction successfully finished.

Is it normal? Will it be ok with the next update or i created myself a problem whith the local install and cannot update the keyring from pamac gui anymore?

9

A thorough guide about keyring is found at

This screenshot is 2023-06-16T11:57:00Z

image
image850×102 32.2 KB

Pick the latest

sudo pacman -U https://mirror.easyname.at/manjaro/pool/overlay/manjaro-keyring-20230616-1-any.pkg.tar.xz
1 Like
10

Dont want to step on the toes of the Danish guru above but…

If you open a terminal and type pamac upgrade do you get any errors? If not, you are most likely fine.

If you DO get errors, this would be a perfect time to use timeshift (if you have that setup).
Restore to a last working session and do not manually update the keys. :smiley:

But the above solution by @linux-aarhus looks way more fun. xD

1 Like
11

It was fine (well now with 20230616-1 is newer than core)

12 
sudo pacman -U https://mirror.easyname.at/manjaro/pool/overlay/manjaro-keyring-20230616-1-any.pkg.tar.xz
[sudo] password for teo: 
:: Retrieving packages...
 manjaro-keyring-...   562,9 KiB  2,11 MiB/s 00:00 [######################] 100%
loading packages...
resolving dependencies...
looking for conflicting packages...

Packages (1) manjaro-keyring-20230616-1

Total Installed Size:  0,73 MiB
Net Upgrade Size:      0,00 MiB

:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring                     [######################] 100%
(1/1) checking package integrity                   [######################] 100%
(1/1) loading package files                        [######################] 100%
(1/1) checking for file conflicts                  [######################] 100%
(1/1) checking available disk space                [######################] 100%
:: Running pre-transaction hooks...
(1/1) Creating Timeshift snapshot before upgrade...
==> skipping timeshift-autosnap due skipRsyncAutosnap in /etc/timeshift-autosnap.conf set to TRUE.
:: Processing package changes...
==> Delete expired Key by Jonas Strassel
==> Updating trust database...
gpg: next trustdb check due at 2023-07-07
(1/1) upgrading manjaro-keyring                    [######################] 100%
==> Appending keys from manjaro.gpg...
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
==> Locally signing trusted keys in keyring...
==> ERROR: 3B794DE6D4320FCE594F4171279E7CF5D8D56EC8 could not be locally signed.
error: command failed to execute correctly
:: Running post-transaction hooks...
(1/1) Arming ConditionNeedsUpdate...

Does it look ok? I mean the

==> ERROR: 3B794DE6D4320FCE594F4171279E7CF5D8D56EC8 could not be locally signed.
error: command failed to execute correctly

part?

13

The key which you have trouble with is the buildserver key

 $ gpg --list-keys 3B794DE6D4320FCE594F4171279E7CF5D8D56EC8
pub   rsa3072/0x279E7CF5D8D56EC8 2020-10-28 [SC]
      3B794DE6D4320FCE594F4171279E7CF5D8D56EC8
uid                   [ unknown] Manjaro Build Server <build@manjaro.org>
sub   rsa3072/0x890DF5D5A286BBC1 2020-10-28 [E]

I recommend resetting the keys using the above linked wiki page.

14

It did not make any difference. I followed the “improved version” of the troubleshooter, even replaced the manjaro keyring with the new version… still

[teo@teo-lenovo-v15 ~]$ sudo pacman -U $HOME/.cache/pkg/*.tar.xz
loading packages...
warning: manjaro-keyring-20230616-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (1) manjaro-keyring-20230616-1

Total Installed Size:  0,73 MiB
Net Upgrade Size:      0,00 MiB

:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring                                                                 [########################################################] 100%
(1/1) checking package integrity                                                               [########################################################] 100%
(1/1) loading package files                                                                    [########################################################] 100%
(1/1) checking for file conflicts                                                              [########################################################] 100%
(1/1) checking available disk space                                                            [########################################################] 100%
:: Running pre-transaction hooks...
(1/1) Creating Timeshift snapshot before upgrade...
==> skipping timeshift-autosnap due skipRsyncAutosnap in /etc/timeshift-autosnap.conf set to TRUE.
:: Processing package changes...
(1/1) reinstalling manjaro-keyring                                                             [########################################################] 100%
==> Appending keys from manjaro.gpg...
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
==> Locally signing trusted keys in keyring...
==> ERROR: 3B794DE6D4320FCE594F4171279E7CF5D8D56EC8 could not be locally signed.
error: command failed to execute correctly
:: Running post-transaction hooks...
(1/1) Arming ConditionNeedsUpdate...
[teo@teo-lenovo-v15 ~]$
15

I have this same error today, and also had a similar one a few months back.

Linux-aarhus,

Regarding the Pacman troubleshooting link you posted. It’s not terribly obvious that the first set of commands does not work. The blue info box further down certainly states this, but I have to question why those original commands that no longer work are still posted there?

I tried the first set of commands, and it absolutely posted errors on the second one.

I have to assume the updated info commands worked on my system. I don’t know enough about this to know one way or another unless more error messages show on Pamac GUI when updating.

16

I actually even did populate as per the old guide. Same result (archlinux fine, manjaro - 37B…error). Than i did refresh. If i now run populate, i get even more errors. So much said for the Wiki…

[teo@teo-lenovo-v15 ~]$ sudo pacman-key --populate archlinux manjaro
[sudo] password for teo: 
==> Appending keys from archlinux.gpg...
gpg: public key DB323392796CA067 is 3037 days newer than the signature
==> Appending keys from manjaro.gpg...
gpg: public key DB323392796CA067 is 3037 days newer than the signature
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
==> Locally signing trusted keys in keyring...
==> ERROR: 3B794DE6D4320FCE594F4171279E7CF5D8D56EC8 could not be locally signed.
[teo@teo-lenovo-v15 ~]$
17

Guys, we have it. Just update normally with sudo pacman -Syu

The new version 20230616-3 that appeared seconds ago resolves the errors (expired key by Jonas Strassel i guess).

I know this is open source but still, sometimes it is better to just say in advance “We are sorry we have a BUG and we are working on it”…instead of waiting the users to panic, post topics, and break their systems attempting to fix what is not broken. That is the Microsoft approach…

18

hmmmm…

Yeah, not sure your anger is 100% valid here. xD

I get you though, it’s frustrating sometimes, but it usually also gets solved in the end.

Get some precautions setup like timeshift and a backup solution so if something happens in the future, you have simple ways out of it so you can retry whatever was happening. :smiley:
There is a ton of good stuff to learn from browsing Tutorials - Manjaro Linux Forum

19

I agree the information the page contained was less than optimal.

I have validated the process of fixing the keyrings and I have edited the English page source - translators will have to followup on their translations.

2 Likes
20

manjaro-keyring 20230616-3 still produces the error messages