I have suddenly noticed that I can’t update core packages. After following every bit of advice here Pacman troubleshooting - Manjaro I had a look with gpg directly and noticed that reinstalling the keyring(s) is of no use, because the keys are expired as of today (02. August 2021).
What is the error message that you see when you want to update?
You can use sudo pacman-key --refresh-keys to refresh the keys from the keyserver. For both keys you mentioned, there should be new valid versions available.
Yeah, it seems Helmut has a slight problem with the keys. The keyserver now lists only outdated keys. I guess he misconfigured the expiration date and accidentally typed 2021 instead of 2022.
Currently, I can’t install hd-probe because of this.
Hmm - refreshing with keyserver.ubuntu.com does not fix this for me, and there are more keys invalid/untrusted, the two mentioned were just examples.
I had problems in the past, but then the normal dance of refreshing/reinstalling/repopulating the keybase worked as expected, this time nothing of the normal steps changes the situation.
did fetch changes to bretts key (fully valid now, no longer expired, but trust is unkown), as for @nightmare-2021 and @mithrial helmuts key stays expired – I’ll check back tomorrow to see if the situation changed somehow.
From the link in my previous post, you can see the “live” status of the key. Pacman will fetch from this linked source, so unless this specific user publishes a new key there, packages signed by this user with the old key won’t work.
In order to fix this, you must not refresh the keys manually. Apparently, the user locally changed the key to expire on Aug. 2 and published this expiration date change to the keyserver.
I have this problem too. I went and upgraded my system using the --ignore switch for pacman (pacman -Syu --ignore [comma seperated list]) to ignore cherrytree and some other packages including linux510. List is below. Now I can’t install or run those packages. I’m going to try rebooting now because I still see files for my kernel in /boot. Not sure if I did something rash, I just wanted to install a package (libaacs) and I felt blocked.
SNIP
(6/6) checking package integrity [##################] 100%
error: cherrytree: signature from "Brett Cornwall <brett@i--b.com>" is unknown trust
:: File /var/cache/pacman/pkg/cherrytree-0.99.39-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: libxnvctrl: signature from "Helmut Stult (schinfo) <helmut.stult@schinfo.de>" is unknown trust
:: File /var/cache/pacman/pkg/libxnvctrl-470.57.02-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: linux510: signature from "Helmut Stult (schinfo) <helmut.stult@schinfo.de>" is unknown trust
:: File /var/cache/pacman/pkg/linux510-5.10.53-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: linux54: signature from "Helmut Stult (schinfo) <helmut.stult@schinfo.de>" is unknown trust
:: File /var/cache/pacman/pkg/linux54-5.4.135-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: snapd: signature from "Helmut Stult (schinfo) <helmut.stult@schinfo.de>" is unknown trust
:: File /var/cache/pacman/pkg/snapd-2.51.3-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: xapp: signature from "Helmut Stult (schinfo) <helmut.stult@schinfo.de>" is unknown trust
:: File /var/cache/pacman/pkg/xapp-2.2.3-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
Well you’re lucky. I have core packages from Helmet not installable or upgradable anymore.
error: linux54: signature from "Helmut Stult (schinfo) <helmut.stult@schinfo.de>"
^^^ I need this package and I can boot into Manjaro with it still but this seems a little serious. Anybody else have this problem? Also I couldn’t get cherrytree to run at all now it bombs with an error so removed it.
Hi All, I am having the same issue with the 428F7ECC7117F726, key. I’ve tried the steps listed on the wiki link above.
The second step fails due to the keys not being initialized.
I’ve skipped it and ran the other steps to reinitialize the keys which pulls the expired key again. the new keys are signed by the expired key so I’m unable to install them as well.
I am having similar issues and have tried the solution suggested in the above post by @mithrial which has failed. Specifically:
Step 2 - Reinstalling keyrings including the latest keys failed with:
warning: Public keyring not found; have you run ‘pacman-key --init’?
downloading required keys…
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
Therefore I ran
pacman-key -init
as suggested (which is step 3 in the trouble shooting guide)
Ran Step 2 again with the errors such as:
error: gnupg: signature from “Levente Polyak anthraxx@archlinux.org” is unknown trust
:: File /var/cache/pacman/pkg/gnupg-2.2.29-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
Completed the remaining steps in the trouble shooting guide but issues remain and unable to upgrade.
I hope I’ve provided sufficient information in an appropriate format.
The problem is refreshing all keys. Brett’s key is good and published in a good state, so you could and should update his key. Helmut’s key, however, is not valid on the keyserver but only from the repos keyring package.
Yikes, I tried that and the other workarounds suggested in this thread (aside from the date hacking – that just seemed a bridge too far) and nothing has worked for me, Helmut and Brett’s keys are still of unknown trust.
Not sure I’ve seen the keyring this busted since signing came to Arch…
I just updated the archlinux-keyring package also on stable branch. All the packages by Helmut should have replaced signatures from our Build-Server. Simply delete Helmut’s signatures from /var/cache/pacman/pkg and redownload the replacements.
Thanks @philm, it’s still not working for me but I think I just need to wait for the package to propagate to my mirror… Looks like the US mirrors are all partially out of date at the moment (from https://repo.manjaro.org/):