PGP Issues for Kernel Package and Nvidia Package

Hi,

I initially encountered this issue earlier today:

error: linux515: signature from "Manjaro Build Server <build@manjaro.org>" is unknown trust
:: File /var/cache/pacman/pkg/linux515-5.15.75-1-x86_64.pkg.tar.zst is corrupte
d (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: linux515-nvidia: signature from "Manjaro Build Server <build@manjaro.org
" is unknown trust
:: File /var/cache/pacman/pkg/linux515-nvidia-520.56.06-5-x86_64.pkg.tar.zst is
corrupted (invalid or corrupted package (PGP signature)).

After scouring the forums for solutions and trying a bunch, nothing working I attempted the wiki fix which seemed promising, but I just ended up getting the same errors regarding these 2 packages:

linux515-5.15.75-1-x86_64
linux515-nvidia-520.56.06-5-x86_64

It’s worth noting that I am on the testing branch of Manjaro.

All I want to know if this is an issue on my side or not. I haven’t fiddled with the mirrors before except for changing to the testing branch as per the wiki.

You selected no when you should have selected yes.

I used pacman -Sc afterwards instead, I don’t know if that makes any difference.

I don’t know. Anyway, rerun your update, but first maybe make sure mirrors are all updated
sudo pacman-mirrors --fasttrack 5 && sudo pacman -Syyu
then if it asks to delete any invalid or corrupted package (PGP signature) - select Y (yes).

I currently have the same error message for the kernel files (however on unstable, not testing).

This looks like someone messed up the files somehow.

Usually this fixes these issues:

sudo rm -r /etc/pacman.d/gnupg
sudo pacman-key --init
sudo pacman-key --populate archlinux manjaro 
sudo pacman -Sy archlinux-keyring manjaro-keyring
sudo pacman -Sc
sudo pacman -Syu

Sadly I get the same error after doing this, as stated above I tried many solutions for the errors, tried the Wiki solution which seemed most promising.

I guess I’ll have to wait and see a bit later if something comes of it.

The build server certificate is expired:

$ gpg --verify --verbose linux60-6.0.5-1-x86_64.pkg.tar.zst.sig
gpg: assuming signed data in 'linux60-6.0.5-1-x86_64.pkg.tar.zst'
gpg: Signature made Wed Oct 26 22:09:16 2022 CEST
gpg:                using RSA key 3B794DE6D4320FCE594F4171279E7CF5D8D56EC8
gpg: Note: signature key 0x279E7CF5D8D56EC8 expired Fri Oct 28 12:21:43 2022 CEST
gpg: Note: signature key 0x279E7CF5D8D56EC8 expired Fri Oct 28 12:21:43 2022 CEST
gpg: Note: signature key 0x279E7CF5D8D56EC8 expired Fri Oct 28 12:21:43 2022 CEST
gpg: using pgp trust model
gpg: Good signature from "Manjaro Build Server <build@manjaro.org>" [expired]
gpg: Note: signature key 0x279E7CF5D8D56EC8 expired Fri Oct 28 12:21:43 2022 CEST
gpg: Note: This key has expired!
Primary key fingerprint: 3B79 4DE6 D432 0FCE 594F  4171 279E 7CF5 D8D5 6EC8
gpg: binary signature, digest algorithm SHA512, key algorithm rsa3072

With the example file for linux60 from my current mirror.

1 Like

Ah so its ye olde server certificate issues. How does this keep happening?

Paging Dr. @philm . To the emergency room please :ambulance::ambulance:

1 Like

olde server certificate issues

This problem has nothing to do with server certificate, like at all.

1 Like

Semantically they are the same: a certificate was not renewed on time.

I have the same issue

error: linux419: signature from "Manjaro Build Server <build@manjaro.org>" is unknown trust
:: File /var/cache/pacman/pkg/linux419-4.19.261-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
[...]
error: linux419-r8168: signature from "Manjaro Build Server <build@manjaro.org>" is unknown trust
:: File /var/cache/pacman/pkg/linux419-r8168-8.050.03-10-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).

I just updated and there is an update for manjaro-keyring, perhaps that fixes your issue? Although I’m on unstable branch it’s available for all branches now. Packages

The key has been renewed and manjaro-keyring 20221028-2 is available. However, you may need to refresh your keys afterward:

sudo pacman-key --refresh-keys

Note: It may take several minutes to complete.

2 Likes

We are still working on the manjaro-keyring packages as our CIs still fail. The workaround with refresh-keys works for installed systems.

1 Like

manjaro-kerying 20221028-4 should now also fix this on installed systems …

5 Likes

Thanks for the prompt response and work guys! Have an amazing weekend :blush:

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.