Skip to main content
Topic solved
This topic has been marked as solved and requires no further attention.
Topic: [SOLVED] Unknown Trust error on signatures in pacman (Read 4220 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

[SOLVED] Unknown Trust error on signatures in pacman

Just installed the community gtk openrc.

Tried a system upgrade and got a number of packages kicking back the 'signature from  "so-and-so <[email protected]>" is unknown trust. Tried gpg --refresh-keys, no luck.

Tried: sudo pacman-key --refresh-keys. This returns many instances of [  unknown] next to individuals names and many 'error retrieving ... via WKD: No data'. Some keys refresh, some do not, problem persists.

I had fixed this issue on a different system (base Artix openrc) some months ago, but forget how I did it, may have involved something with synching the system clock

any help is appreciated

Re: Unknown Trust error on signatures in pacman

Reply #1
maybe:
sudo pacman-key --populate archlinux artix

Re: Unknown Trust error on signatures in pacman

Reply #2
Quote from: gavincc – on
maybe:
sudo pacman-key --populate archlinux artix


Interesting, I get:

Quote
gpg: key 14EA29932173D311 was created 5110 seconds in the future (time warp or clock problem)
==> Appending keys from archlinux.gpg...
==> Appending keys from artix.gpg...
gpg: key 14EA29932173D311 was created 5109 seconds in the future (time warp or clock problem)
gpg: key 14EA29932173D311 was created 5109 seconds in the future (time warp or clock problem)
gpg: key 14EA29932173D311 was created 5109 seconds in the future (time warp or clock problem)
gpg: key 14EA29932173D311 was created 5109 seconds in the future (time warp or clock problem)
gpg: key 14EA29932173D311 was created 5109 seconds in the future (time warp or clock problem)
gpg: key 14EA29932173D311 was created 5109 seconds in the future (time warp or clock problem)
gpg: key 14EA29932173D311 was created 5109 seconds in the future (time warp or clock problem)
gpg: key 14EA29932173D311 was created 5109 seconds in the future (time warp or clock problem)
gpg: key 14EA29932173D311 was created 5109 seconds in the future (time warp or clock problem)
gpg: key 14EA29932173D311 was created 5109 seconds in the future (time warp or clock problem)
gpg: key 14EA29932173D311 was created 5109 seconds in the future (time warp or clock problem)
gpg: key 14EA29932173D311 was created 5109 seconds in the future (time warp or clock problem)
gpg: key 14EA29932173D311 was created 5109 seconds in the future (time warp or clock problem)
gpg: key 14EA29932173D311 was created 5109 seconds in the future (time warp or clock problem)
gpg: key 14EA29932173D311 was created 5109 seconds in the future (time warp or clock problem)
gpg: key 14EA29932173D311 was created 5109 seconds in the future (time warp or clock problem)
==> Locally signing trusted keys in keyring...
==> ERROR: 75BD80E4D834509F6E740257B1B73B02CC52A02A could not be locally signed.
==> ERROR: 2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E could not be locally signed.
==> ERROR: 0E8B644079F599DFC1DDC3973348882F6AC6A4C2 could not be locally signed.
==> ERROR: 69E6471E3AE065297529832E6BA0F5A2037F4F41 could not be locally signed.
==> ERROR: D8AFDDA07A5B6EDFA7D8CCDAD6D055F927843F1C could not be locally signed.
==> ERROR: 91FFE0700E80619CEB73235CA88E23E377514E00 could not be locally signed.

So this looks like it is consistent with my hazy memory of this being a system clock issue. My system somehow has an asynchronous clock, and that's making keys look like they are from the future, throwing an error

Re: Unknown Trust error on signatures in pacman

Reply #3
ok I fixed it. Followed instructions here: https://bbs.archlinux.org/viewtopic.php?id=201776 and here: https://wiki.gentoo.org/wiki/Ntp

Not sure if these steps aren't redundant but:

# sync time with a gentoo server
ntpdate -b -u 0.gentoo.pool.ntp.org

# start some time sync service, why not?
rc-service ntp-client start

# nuke pacman master key
rm -fr /etc/pacman.d/gnupg

# create pacman master key
pacman-key --init

# reload keys from keyring resources
pacman-key --populate


Re: Unknown Trust error on signatures in pacman

Reply #4
Your hardware clock was off. Also, artix-keyring must be updated first and separately, not together with archlinux-keyring.