Help installing Guix (Error Missing OpenPGP key)

Hi,

I would like to install Guix but I'm running into issues.

I'm new to GNU/Linux world so bear with me...

I'm simply running the install script from: https://git.savannah.gnu.org/cgit/guix.git/plain/etc/guix-install.sh

I run these commands in the terminal

sudo ./guix-install.sh

<RET>

Keep I'm mind the script have executable permissions.

I get this error right afterwards

[1558146877.678]: [ FAIL ] Missing OpenPGP public key.  Fetch it with this command:
  gpg --keyserver pool.sks-keyservers.net --recv-keys 3CE464558A84FDC69DB40CFB090B11993D9AEBB5

Ok, so I run

  gpg --keyserver pool.sks-keyservers.net --recv-keys 3CE464558A84FDC69DB40CFB090B11993D9AEBB5

Then I get stuck with this message:

gpg: keyserver receive failed: Server indicated a failure

Of course, I have Googled it these past couple days -- yet, I cannot really grasp what's wrong.

What am I doing wrong?

Please help.

Try instead

gpg --keyserver hkp://pool.sks-keyservers.net --recv-key 3CE464558A84FDC69DB40CFB090B11993D9AEBB5

I would install the AUR package instead:
sudo pacman -S trizen base-devel --needed
then
trizen -S guix
or
trizen -S guix-git

Also read the comments on the AUR page.
Hope this helps!

1 Like

can't get it to work :confused: have tried both the AUR as well as the two options you wrote down...

Where is failing? Same issue with the keys or something else?
Have a look here


here

and here

This seems to be contradictory.

Why are you installing Guix if you are new to Linux?

Because I want to learn

although, been using Emacs for over a year now

Ok, I think I'm getting closer....

I nano /etc/resolv.conf changed my DNS to 1.1.1.1 as said in Cannot upgrade dropbox, key issue

then I ran gpg --keyserver pool.sks-keyservers.net --recv-keys 3CE464558A84FDC69DB40CFB090B11993D9AEBB5

but got this message

gpg: key 090B11993D9AEBB5: 129 signatures not checked due to missing keys
gpg: key 090B11993D9AEBB5: "Ludovic Courtès <ludo@gnu.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

then I went back to running the install script with sudo ./guix-install.sh
but keep running into the same Error about the keys not being set

....
This script installs GNU Guix on your system

https://www.gnu.org/software/guix/
Press return to continue...
[1558321746.928]: Starting installation (Sun 19 May 2019 09:09:06 PM CST)
[1558321746.932]: [ PASS ] verification of required commands completed
[1558321746.940]: [ FAIL ] Missing OpenPGP public key.  Fetch it with this command:

Ran into the same issue (albeit on a different distro). Afaik the given response from PGP is basically saying that the key for the person who signed the guix binary is stored on your machine.

Beyond that, you could try to install the binary manually? I gave up on the script, and followed the steps outlined here:

https://www.gnu.org/software/guix/manual/en/guix.html#Binary-Installation

So for me that looked like:

$> wget https://ftp.gnu.org/gnu/guix/guix-binary-1.0.1.x86_64-linux.tar.xz
$> gpg --verify guix-binary-1.0.1.x86_64-linux.tar.xz.sig

and then used tar to unpack it. If all else fails, you could download the unsigned tarball from here: https://ftp.gnu.org/gnu/guix/

I am also new to this :stuck_out_tongue: hope it helps

-J

from:

https://www.gnu.org/software/guix/manual/en/guix.html#Binary-Installation
If that command fails because you do not have the required public key, then run this command to import it:

then I

$  gpg --verify guix-binary-1.0.1.x86_64-linux.tar.xz.sig
gpg: no signed data
gpg: can't hash datafile: No data
$ gpg --keyserver pool.sks-keyservers.net \
>       --recv-keys 3CE464558A84FDC69DB40CFB090B11993D9AEBB5
gpg: keyserver receive failed: Server indicated a failure

I'm not sure what's going I'll need to investigate how gpg works

EDIT:

I type
$ nmcli dev show | grep DNS and the output does not match what I edited in

/etc/resolv.conf

which is

$ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 1.1.1.1

Ok. I was able to solve my issue. Here are the steps:

  1. Watched this video to understand signing with gpg: https://www.youtube.com/watch?v=4bbyMEuTW7Y

  2. Issue with gpg using IPv6 as said here https://github.com/rvm/rvm/issues/4215

  3. Solved with this method: https://github.com/rvm/rvm/issues/4215#issuecomment-435221616

Therefore, my steps where:

  1. Download x86_64 binary: wget https://ftp.gnu.org/gnu/guix/guix-binary-1.0.1.x86_64-linux.tar.xz
  2. Download signature wget https://ftp.gnu.org/gnu/guix/guix-binary-1.0.1.x86_64-linux.tar.xz.sig
  3. move files to a ~/guix/ directory
  4. run host pool.sks-keyservers.net
  5. choose the first addres from the previous results to fetch the public key: gpg --keyserver hkp://46.4.246.179 --recv-keys 3CE464558A84FDC69DB40CFB090B11993D9AEBB5
  6. at last, verify the key with this command gpg --verify guix-binary-1.0.1.x86_64-linux.tar.xz.sig

Last step messages this to the prompt:

gpg: assuming signed data in 'guix-binary-1.0.1.x86_64-linux.tar.xz'
gpg: Signature made Sun May 19 14:47:35 2019 CST
gpg:                using RSA key 3CE464558A84FDC69DB40CFB090B11993D9AEBB5
gpg: conversion from 'utf-8' to 'US-ASCII' failed: Illegal byte sequence
gpg: Good signature from "Ludovic Court?s <ludo@gnu.org>" [unknown]
gpg:                 aka "Ludovic Court?s <ludo@chbouib.org>" [unknown]
gpg:                 aka "Ludovic Court?s (Inria) <ludovic.courtes@inria.fr>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5

I'm not understanding the warning messages because before that it says that the signature is good?

GPG is telling you that you don't trust any of the signatures which have signed the key.

I suspect the easier way of doing this would have been to use the AUR package, https://aur.archlinux.org/packages/guix/

GPG is telling you that you don't trust any of the signatures which have signed the key.

but why?

I have tried installing from AUR (before I could fetch the key) and failed. I'll try again.

Because that's how GPG works. You have to set your level of trust in order to tell GPG that you trust that key, otherwise it is by default "untrusted".

but as long as the signature is "good" and it matches the name from the website where I downloaded the binary, then it should be good?

As long as the signature matches and you trust the person who signed it, then yes.

1 Like

Hi.
I was able to compile guix from AUR but in the end I get:

Some deprecated features have been used.  Set the environment
variable GUILE_WARN_DEPRECATED to "detailed" and rerun the
program to get more information.  Set it to "no" to suppress
this message.
  GEN      etc/guix-daemon.service
  GEN      etc/guix-publish.service
  GEN      etc/guix-daemon.conf
  GEN      etc/guix-publish.conf
make[2]: выход из каталога «/var/tmp/pamac-build-test/guix/src/guix-1.0.1»
make[1]: выход из каталога «/var/tmp/pamac-build-test/guix/src/guix-1.0.1»
==> Запускается check()...
==> ОШИБКА: /var/tmp/pamac-build-test/guix/src/guix-1.0.1 is too long.
==> ОШИБКА: The working directory cannot be longer than 36 bytes.
==> ОШИБКА: Произошел сбой в check().
    Прерывание...

Forum kindly sponsored by Bytemark