Signature problems after 2024-02-10 unstable update

So … uh …

After this:

[2024-02-10T14:23:10-0800] [ALPM] upgraded archlinux-keyring (20231222-1 -> 20240208-1)
[2024-02-10T14:23:10-0800] [ALPM-SCRIPTLET] ==> Appending keys from archlinux.gpg...
[2024-02-10T14:23:13-0800] [ALPM-SCRIPTLET] ==> Updating trust database...
[2024-02-10T14:23:13-0800] [ALPM-SCRIPTLET] gpg: next trustdb check due at 2024-04-10
[2024-02-10T14:23:13-0800] [ALPM] transaction completed

We start to get this:

error: libfakekey: signature from "Felix Yan <felixonmars@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/libfakekey-0.3-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: kcontacts5: signature from "Antonio Rojas <arojas@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/kcontacts5-5.115.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: kpeoplevcard: signature from "Antonio Rojas <arojas@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/kpeoplevcard-0.1-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: pulseaudio-qt: signature from "Antonio Rojas <arojas@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/pulseaudio-qt-1.4.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: kirigami-addons5: signature from "Antonio Rojas <arojas@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/kirigami-addons5-0.11.0-7-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: kdeconnect: signature from "Antonio Rojas <arojas@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/kdeconnect-23.08.4-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

Not upon upgrade. That looks normal. But trying to install a new package results in the above.

(yes, I also tried doing the silly thing and removing the #SigLevel = PackageRequired lines, running pacman --refresh-keys, and so on.)

I tried to do this after the upgrade with already installed kdeconnect – so it’s just a reinstall – and it seems I’m not affected by the issue you describing. But I haven’t dealt with pacman.conf.pacnew yet.

The pacman.conf pacnew pretty much introduced (I might be wrong on a point or two because I keep my own so hard to tell what exactly is new)

  • ILoveCandy (makes the pacman loading dots appear to be ‘eaten’ by C and c emulating a ‘pacman’ like animation)
  • A modest setting of simultaneous downloads. 4.
  • Removal of SigLevel lines

( i tried with and without having the sig level lines, as I never quite agreed with the ideas they are unnecessary as outlined in some threads here, so they have continued to exist til now )

That was almost a year ago:

Huh?

Here showing my current pacnew diff, after adding the comments for good measure;

(EDIT - heres the top, though its mostly comments)

… Maybe my mirror is messed up ? I tried resorting a few times.

As far as I can tell, theres nothing wrong with anything here. Just update. Then keys broken and no ability to install new packages. A sync and update appears normal though.

Those do not look like they would be responsible for your signature problems.
This also doesn’t look like a general problem to me - I’ve updated multiple machines yesterday/today and not experienced anything like this.

I agree that those confs should probably have nothing to do with those responses.

I have also manually selected mirrors (explicitly avoiding fcix, as those happened to be the fastest and used previously).

Same result.

I am happy to be told I’m an ■■■■■… I just dont see any reason.

ex:

[S] sudo pacman -Syyu
:: Synchronizing package databases...
 core                                                                              148.9 KiB   399 KiB/s 00:00 [##################################################################] 100%
 extra                                                                               8.6 MiB  2.28 MiB/s 00:04 [##################################################################] 100%
 multilib                                                                          144.5 KiB   374 KiB/s 00:00 [##################################################################] 100%
:: Starting full system upgrade...
 there is nothing to do
[$] sudo pacman -Syu kdeconnect
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 multilib is up to date
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (6) kcontacts5-5.115.0-1  kirigami-addons5-0.11.0-7  kpeoplevcard-0.1-2  libfakekey-0.3-2  pulseaudio-qt-1.4.0-1  kdeconnect-23.08.4-2

Total Download Size:   2.28 MiB
Total Installed Size:  8.86 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
 kpeoplevcard-0.1-2-x86_64                                                          17.8 KiB  62.0 KiB/s 00:00 [##################################################################] 100%
 libfakekey-0.3-2-x86_64                                                             6.6 KiB  22.2 KiB/s 00:00 [##################################################################] 100%
 pulseaudio-qt-1.4.0-1-x86_64                                                      278.4 KiB   851 KiB/s 00:00 [##################################################################] 100%
 kirigami-addons5-0.11.0-7-x86_64                                                  149.2 KiB   369 KiB/s 00:00 [##################################################################] 100%
 kcontacts5-5.115.0-1-x86_64                                                       837.1 KiB  1372 KiB/s 00:01 [##################################################################] 100%
 kdeconnect-23.08.4-2-x86_64                                                      1044.3 KiB  1322 KiB/s 00:01 [##################################################################] 100%
 Total (6/6)                                                                         2.3 MiB  2.69 MiB/s 00:01 [##################################################################] 100%
(6/6) checking keys in keyring                                                                                 [##################################################################] 100%
(6/6) checking package integrity                                                                               [##################################################################] 100%
error: libfakekey: signature from "Felix Yan <felixonmars@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/libfakekey-0.3-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: kcontacts5: signature from "Antonio Rojas <arojas@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/kcontacts5-5.115.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: kpeoplevcard: signature from "Antonio Rojas <arojas@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/kpeoplevcard-0.1-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: pulseaudio-qt: signature from "Antonio Rojas <arojas@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/pulseaudio-qt-1.4.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: kirigami-addons5: signature from "Antonio Rojas <arojas@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/kirigami-addons5-0.11.0-7-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: kdeconnect: signature from "Antonio Rojas <arojas@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/kdeconnect-23.08.4-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

I already said I dont follow the upstream exactly. (also … really, ILoveCandy is default? … I thought it might be a mistake or something very early for aprilsfools or … dunno … that its a true default for people …kinda silly)

EDIT

Further showing:

$ sudo pacman -Syu manjaro-keyring
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 multilib is up to date
warning: manjaro-keyring-20230719-2 is up to date -- reinstalling
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (1) manjaro-keyring-20230719-2

Total Download Size:   0.08 MiB
Total Installed Size:  0.09 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
 manjaro-keyring-20230719-2-any                                                     84.7 KiB   314 KiB/s 00:00 [##################################################################] 100%
(1/1) checking keys in keyring                                                                                 [##################################################################] 100%
downloading required keys...
:: Import PGP key CAA6A59611C7F07E, "Philip Müller <philm@manjaro.org>"? [Y/n] 
(1/1) checking package integrity                                                                               [##################################################################] 100%
error: manjaro-keyring: signature from "Philip Müller (Called Little) <philm@manjaro.org>" is unknown trust
:: File /var/cache/pacman/pkg/manjaro-keyring-20230719-2-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

(also note I have manually removed package cache, refreshed keys, etc)

I had this issue 2 or 3 updates ago, also on unstable branch, and because i found no report about, and nobody else mentioned it, i thought i was the only one … Apparently the issue was not with the signature, but the actual package on a particular mirror was corrupted, smaller in size.

OK … so … I did even further nukes and its fine now.

sudo pacman -Scc
sudo rm -f /etc/pacman.d/gnupg/*
sudo pacman -Sy gnupg archlinux-keyring manjaro-keyring
sudo pacman-key --init
sudo pacman-key --populate archlinux manjaro
sudo pacman-key --refresh-keys
sudo pacman -Sc
sudo pacman -Syu manjaro-keyring

… All is well again. :person_in_lotus_position:

( I do not say that these steps are the exact correct approach, but I quote them as the exact steps and sequence that remedied my situation in this case )

[ also note that the ‘refresh keys’ took a decent amount of time refreshing … for any future viewers. ]

PS.

Sorry for the self-solve. but it be like that this time :innocent:

4 Likes

When in doubt go nuclear :stuck_out_tongue_winking_eye:

We used to have a dedicated wiki page for such things, but I couldnt find it.
(also sad because it was one of the last @Jonathon records too :cry:)

There is one wiki page linked in that howto I mentioned above.
You yourself mentioned it in that thread.

Ah, yes it does, but heavily edited … it no longer contains steps like above.
Well … sorta … but, at least in my experience … they were both too involved (YY_DDMM? [I get it, but its not something you can for example type into tty, and even more difficult for a nooby]), and not as complete.

If I have the time I might try to grab an old snapshot or an example from the wayback machine to better show my meaning.

EDIT.
Also, if anyone thnks there is a ‘proper’ way between whats posted here, the wiki, or anything else … let me know … I think I might add a function to cscs / mapare · GitLab

And from orbit!

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.