My keyring is broken (but not really)

ARM Technical Assistance
1

I installed btrfsmanager via pamac… and there was a manjaro keyring update.

021-06-24T19:03:56-0500] [ALPM] upgraded manjaro-keyring (20201216-1 -> 20210622-1)

But there were errors during the keyring update

[2021-06-24T19:03:56-0500] [ALPM-SCRIPTLET] ==> Appending keys from manjaro.gpg...
[2021-06-24T19:03:56-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:57-0500] [ALPM-SCRIPTLET] ==> Locally signing trusted keys in keyring...
[2021-06-24T19:03:57-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:57-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:57-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:57-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:58-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:58-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:58-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:58-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:58-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:58-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:58-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:58-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:59-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:59-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:59-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:59-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:59-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:59-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:59-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:59-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:59-0500] [ALPM-SCRIPTLET] ==> Importing owner trust values...
[2021-06-24T19:03:59-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:59-0500] [ALPM-SCRIPTLET] ==> Disabling revoked keys in keyring...
[2021-06-24T19:03:59-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:03:59-0500] [ALPM-SCRIPTLET] gpg: error reading key: No public key
[2021-06-24T19:03:59-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: checking the trustdb
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: marginals needed: 3  completes needed: 1  trust model: pgp
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: depth: 0  valid:   1  signed:  32  trust: 0-, 0q, 0n, 0m, 0f, 1u
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: depth: 1  valid:  32  signed:  83  trust: 0-, 0q, 0n, 29m, 0f, 0u
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: depth: 2  valid:  77  signed:  25  trust: 77-, 0q, 0n, 0m, 0f, 0u
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: next trustdb check due at 2021-08-02
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: error reading key: No public key
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET]   -> Disabled 3 keys.
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] ==> Updating trust database...
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: WARNING: standard input reopened
[2021-06-24T19:04:00-0500] [ALPM-SCRIPTLET] gpg: next trustdb check due at 2021-08-02
[2021-06-24T19:04:00-0500] [ALPM] transaction completed

If you missed them:

gpg: error reading key: No public key

The process continued and it updated two other packages and installed buttermanager successfully.

[2021-06-24T19:04:36-0500] [ALPM] upgraded libldap (2.4.58-3 -> 2.4.59-1)
[2021-06-24T19:04:36-0500] [ALPM] upgraded libcanberra (0.30+2+gc0620e4-4 -> 0.30+2+gc0620e4-5)
[2021-06-24T19:04:36-0500] [ALPM] installed python-yaml (5.4.1.1-2)
[2021-06-24T19:04:36-0500] [ALPM] installed python-pyaml (20.4.0-4)
[2021-06-24T19:04:36-0500] [ALPM] installed python-pyqt5-sip (12.9.0-1)
[2021-06-24T19:04:38-0500] [ALPM] installed python-pyqt5 (5.15.4-1)
[2021-06-24T19:04:39-0500] [ALPM] installed tk (8.6.11.1-1)
[2021-06-24T19:04:39-0500] [ALPM] installed grub-btrfs (4.9-1)
[2021-06-24T19:04:39-0500] [ALPM] installed buttermanager (2.4.1-1)

So I try to fix it…

First I renamed /etc/gnupg and created a new dir.

$ sudo pacman-key --init

gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: key F8D3E0EB966934CD marked as ultimately trusted
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/4D5A53CBA98BFD0754716364F8D3E0EB966934CD.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u

So far so good, but…

$ sudo pacman -Sy archlinux-keyring manjaro-keyring

:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
warning: archlinux-keyring-20210616-1 is up to date -- reinstalling
warning: manjaro-keyring-20210622-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (2) archlinux-keyring-20210616-1  manjaro-keyring-20210622-1

Total Installed Size:  1.49 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] y
(2/2) checking keys in keyring                                         [########################################] 100%
downloading required keys...
:: Import PGP key 77193F152BDBE6A6, "Arch Linux ARM Build System <builder+n1@archlinuxarm.org>"? [Y/n] y
error: key "77193F152BDBE6A6" could not be looked up remotely
:: Import PGP key 084A7FC0035B1D49, "Dan Johansen <strit@manjaro.org>"? [Y/n] y
error: key "084A7FC0035B1D49" could not be looked up remotely
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.

So, what to do now?

3

Will this help any?

https://wiki.manjaro.org/index.php/Pacman_troubleshooting#Option_2:_Comprehensive_Resolution

4

Sadly no. It fails to import the arch key when I attempt the update.

$ sudo pacman -Su

:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (2) archlinux-keyring-20210616-1  manjaro-keyring-20210622-1

Total Download Size:   1.07 MiB
Total Installed Size:  1.49 MiB
Net Upgrade Size:      0.01 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 archlinux-keyring-20210616-1-any          964.0 KiB   229 KiB/s 00:04 [########################################] 100%
 manjaro-keyring-20210622-1-any            126.6 KiB   278 KiB/s 00:00 [########################################] 100%
 Total (2/2)                              1090.7 KiB   228 KiB/s 00:05 [########################################] 100%
(2/2) checking keys in keyring                                         [########################################] 100%
downloading required keys...
:: Import PGP key 77193F152BDBE6A6, "Arch Linux ARM Build System <builder+n1@archlinuxarm.org>"? [Y/n] y
error: key "77193F152BDBE6A6" could not be looked up remotely
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.

I will try restoring the gnupg directory from snapshots.

5

I restored the gnupg directory and re-ran the update. Again I got the error:

gpg: error reading key: No public keygpg

I noticed the errors during the install and pamac pop’ed up the errors after… but evidently, this is NOT a real issue. Nothing to be “fixed”, I can install packages without error.

Interesting that the recovery options did not result in a working keyring for me.

Edit: I believe the reason the recovery steps did not work, they are not complete. At least for the steps I reviewed. It appears the best way to fix the keyring is by running:

$ sudo systemctl start pacman-init

The process does not produce output while it runs, just be patient. The output can be reviewed via journalctl.

6

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.