Linux-rpi4-headers: signature from Ray Sherwin is unknown trust

Blarg · 10 February 2022 00:02

I can’t complete this upgrade because of an expired PGP key:

(416/416) checking package integrity                                                                       [################################################################] 100%
error: linux-rpi4: signature from "Ray Sherwin <slick517d@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/linux-rpi4-5.10.92-1-aarch64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: linux-rpi4-headers: signature from "Ray Sherwin <slick517d@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/linux-rpi4-headers-5.10.92-1-aarch64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: raspberrypi-bootloader-x: signature from "Ray Sherwin <slick517d@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/raspberrypi-bootloader-x-20220117-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: raspberrypi-bootloader: signature from "Ray Sherwin <slick517d@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/raspberrypi-bootloader-20220117-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.

pacman-key --list-sigs Sherwin
gpg: Note: trustdb not writable
pub   rsa2048 2020-02-10 [SC] [expired: 2022-02-09]
      1A4C34D8D427021A011245DF1F358118A07ACF57
uid           [ expired] Ray Sherwin <slick517d@gmail.com>
sig 3        1F358118A07ACF57 2020-02-10  Ray Sherwin <slick517d@gmail.com>

This key expired today. pacman-key --populate does not resolve the issue.

Yochanan · 10 February 2022 00:12

Welcome to the forum!

Your first post missed the spot. I think you were looking for this thread:

No one else has reported the issue there, so it’s possible it could be a local issue. Therefore I’ve moved your post to a separate thread.

Blarg · 10 February 2022 00:14

Ah OK thanks for the note.

As the key only expired 24 hours ago it’s not surprising that nobody else has reported it though, probably?

I’ve tried deleting the key and repopulating but that didn’t help either.

padovani · 10 February 2022 01:09

I am having the same issue!
Have tried this:

sudo pacman -S manjaro-arm-keyring
sudo pacman-key --populate manjaro-arm
sudo pacman -Syyu

I get the same log.

mitchejj · 10 February 2022 04:06

+1

firmware-raspberrypi: signature from "Ray Sherwin <slick517d@gmail.com>" is unknown trust

$ pacman-key --list-sigs "Ray Sherwin"
gpg: Note: trustdb not writable
pub   rsa2048 2020-02-10 [SC] [expired: 2022-02-09]
      1A4C34D8D427021A011245DF1F358118A07ACF57
uid           [ expired] Ray Sherwin <slick517d@gmail.com>
sig 3        1F358118A07ACF57 2020-02-10  Ray Sherwin <slick517d@gmail.com>
sig   L      E67235EDA2F6EB1F 2021-07-07  Pacman Keyring Master Key <pacman@localhost>

$ timedatectl
               Local time: Wed 2022-02-09 22:55:33 EST
           Universal time: Thu 2022-02-10 03:55:33 UTC
                 RTC time: n/a
                Time zone: America/Detroit (EST, -0500)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

Strit · 10 February 2022 05:48

The key expire date was extended last week.

Try

sudo pacman-key --refresh-keys

linux-aarhus · 10 February 2022 11:20

Pi has no cmos clock - so ensure the rpi clock is correct by syncing with a time service

sudo systemctl enable --now systemd-timesyncd

mitchejj · 10 February 2022 13:28

Thank you.

nl.smart · 10 February 2022 17:52

Ok, it’s solved now

[nlc4@c4 ~]$ sudo pacman -Syu
[sudo] password for nlc4: 
:: Synchronising package databases...
 core                                         258,4 KiB   266 KiB/s 00:01 [##########################################] 100%
 extra                                          2,4 MiB   497 KiB/s 00:05 [##########################################] 100%
 community                                      6,4 MiB   632 KiB/s 00:10 [##########################################] 100%
:: Some packages should be upgraded first...
resolving dependencies...
looking for conflicting packages...

Packages (1) manjaro-system-20220210-1

Total Download Size:   0,01 MiB
Total Installed Size:  0,00 MiB
Net Upgrade Size:      0,00 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 manjaro-system-20220210-1-any                  7,0 KiB  19,4 KiB/s 00:00 [##########################################] 100%
(1/1) checking keys in keyring                                            [##########################################] 100%
(1/1) checking package integrity                                          [##########################################] 100%
(1/1) loading package files                                               [##########################################] 100%
(1/1) checking for file conflicts                                         [##########################################] 100%
(1/1) checking available disk space                                       [##########################################] 100%
:: Processing package changes...
(1/1) upgrading manjaro-system                                            [##########################################] 100%
==> Refreshing gpg keys...
gpg: error retrieving 'furkan@fkardame.com' via WKD: General error
gpg: error reading key: General error
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key 1BF79786E554EF5D: "Furkan Kardame <furkan@fkardame.com>" 2 new signatures
gpg: key 1BF79786E554EF5D: "Furkan Kardame <furkan@fkardame.com>" 1 signature cleaned
gpg: Total number processed: 1
gpg:         new signatures: 2
gpg:     signatures cleaned: 1
gpg: error retrieving 'slick517d@gmail.com' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key 1F358118A07ACF57: "Ray Sherwin <slick517d@gmail.com>" 3 new signatures
gpg: key 1F358118A07ACF57: "Ray Sherwin <slick517d@gmail.com>" 1 signature cleaned
gpg: Total number processed: 1
gpg:         new signatures: 3
gpg:     signatures cleaned: 1
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:  34  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:  34  signed:  96  trust: 0-, 0q, 0n, 34m, 0f, 0u
gpg: depth: 2  valid:  88  signed:  33  trust: 88-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2022-04-20
:: Running post-transaction hooks...
(1/1) Arming ConditionNeedsUpdate...

:: Starting full system upgrade...
 there is nothing to do
[nlc4@c4 ~]$

was buggy today to build image
error: ifuse: signature from "Ray Sherwin

(705/705) checking keys in keyring                 [######################] 100%
(705/705) checking package integrity               [######################] 100%
error: ifuse: signature from "Ray Sherwin <slick517d@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/ifuse-1.1.3-6-aarch64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.
==> ERROR: Aborting...
==> Finishing image for on2 lxqt edition...

Strit · 10 February 2022 18:16

Yes. I updated our keyring and created a new rootfs to fix this. So next build try passing -n to get the newest rootfs to build from.

nl.smart · 10 February 2022 18:46

Thanks for your reply, my command line to build the image is looking so

sudo buildarmimg -d on2 -e lxqt -v 2022.02.10 -b testing -n

Is there any way to build an ISO image for the arm devices ?

Strit · 10 February 2022 18:48

You mean one that is read-only to be used as a live session?
Currently no.

nl.smart · 10 February 2022 18:52

you’re right, read only like a live session, and to test the image on a arm device who is able to launch a virtual machine.

device softwares are here
https://floss.freebox.fr/freebox_server_delta/4.2.10/index.html

Is it thinkable in the future to develop an ISO image able to run on every Manjaro arm devices ?

Blarg · 10 February 2022 18:58

It’s fixed for me now, seemingly thanks to a new manjaro keyring package. Just FYI I tried sudo pacman-key --refresh keys first, and that did not help.