PGP Issues for Kernel Package and Nvidia Package

Moppawife · 28 October 2022 11:47

Hi,

I initially encountered this issue earlier today:

error: linux515: signature from "Manjaro Build Server <build@manjaro.org>" is unknown trust
:: File /var/cache/pacman/pkg/linux515-5.15.75-1-x86_64.pkg.tar.zst is corrupte
d (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: linux515-nvidia: signature from "Manjaro Build Server <build@manjaro.org
" is unknown trust
:: File /var/cache/pacman/pkg/linux515-nvidia-520.56.06-5-x86_64.pkg.tar.zst is
corrupted (invalid or corrupted package (PGP signature)).

After scouring the forums for solutions and trying a bunch, nothing working I attempted the wiki fix which seemed promising, but I just ended up getting the same errors regarding these 2 packages:

linux515-5.15.75-1-x86_64
linux515-nvidia-520.56.06-5-x86_64

It’s worth noting that I am on the testing branch of Manjaro.

All I want to know if this is an issue on my side or not. I haven’t fiddled with the mirrors before except for changing to the testing branch as per the wiki.

ydar · 28 October 2022 11:52

You selected no when you should have selected yes.

Moppawife · 28 October 2022 11:54

I used pacman -Sc afterwards instead, I don’t know if that makes any difference.

ydar · 28 October 2022 12:03

I don’t know. Anyway, rerun your update, but first maybe make sure mirrors are all updated
sudo pacman-mirrors --fasttrack 5 && sudo pacman -Syyu
then if it asks to delete any invalid or corrupted package (PGP signature) - select Y (yes).

mithrial · 28 October 2022 12:07

I currently have the same error message for the kernel files (however on unstable, not testing).

This looks like someone messed up the files somehow.

Usually this fixes these issues:

sudo rm -r /etc/pacman.d/gnupg
sudo pacman-key --init
sudo pacman-key --populate archlinux manjaro 
sudo pacman -Sy archlinux-keyring manjaro-keyring
sudo pacman -Sc
sudo pacman -Syu

Moppawife · 28 October 2022 12:07

Sadly I get the same error after doing this, as stated above I tried many solutions for the errors, tried the Wiki solution which seemed most promising.

I guess I’ll have to wait and see a bit later if something comes of it.

mithrial · 28 October 2022 12:14

The build server certificate is expired:

$ gpg --verify --verbose linux60-6.0.5-1-x86_64.pkg.tar.zst.sig
gpg: assuming signed data in 'linux60-6.0.5-1-x86_64.pkg.tar.zst'
gpg: Signature made Wed Oct 26 22:09:16 2022 CEST
gpg:                using RSA key 3B794DE6D4320FCE594F4171279E7CF5D8D56EC8
gpg: Note: signature key 0x279E7CF5D8D56EC8 expired Fri Oct 28 12:21:43 2022 CEST
gpg: Note: signature key 0x279E7CF5D8D56EC8 expired Fri Oct 28 12:21:43 2022 CEST
gpg: Note: signature key 0x279E7CF5D8D56EC8 expired Fri Oct 28 12:21:43 2022 CEST
gpg: using pgp trust model
gpg: Good signature from "Manjaro Build Server <build@manjaro.org>" [expired]
gpg: Note: signature key 0x279E7CF5D8D56EC8 expired Fri Oct 28 12:21:43 2022 CEST
gpg: Note: This key has expired!
Primary key fingerprint: 3B79 4DE6 D432 0FCE 594F  4171 279E 7CF5 D8D5 6EC8
gpg: binary signature, digest algorithm SHA512, key algorithm rsa3072

With the example file for linux60 from my current mirror.

Moppawife · 28 October 2022 12:15

Ah so its ye olde server certificate issues. How does this keep happening?

mithrial · 28 October 2022 12:16

Paging Dr. @philm . To the emergency room please

LordTermor · 28 October 2022 13:25

olde server certificate issues

This problem has nothing to do with server certificate, like at all.

mithrial · 28 October 2022 14:10

Semantically they are the same: a certificate was not renewed on time.

dr_fuzz_muff · 28 October 2022 15:00

I have the same issue

error: linux419: signature from "Manjaro Build Server <build@manjaro.org>" is unknown trust
:: File /var/cache/pacman/pkg/linux419-4.19.261-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
[...]
error: linux419-r8168: signature from "Manjaro Build Server <build@manjaro.org>" is unknown trust
:: File /var/cache/pacman/pkg/linux419-r8168-8.050.03-10-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).

ydar · 28 October 2022 15:20

I just updated and there is an update for manjaro-keyring, perhaps that fixes your issue? Although I’m on unstable branch it’s available for all branches now. Packages

Yochanan · 28 October 2022 15:23

The key has been renewed and manjaro-keyring 20221028-2 is available. However, you may need to refresh your keys afterward:

sudo pacman-key --refresh-keys

Note: It may take several minutes to complete.

philm · 28 October 2022 16:00

We are still working on the manjaro-keyring packages as our CIs still fail. The workaround with refresh-keys works for installed systems.

philm · 28 October 2022 17:54

manjaro-kerying 20221028-4 should now also fix this on installed systems …

Moppawife · 28 October 2022 22:50

Thanks for the prompt response and work guys! Have an amazing weekend

system · 31 October 2022 12:50

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.