Hello,
I've just been updating my manjaro -> artix machine, and I've run into a bit of a problem: The libsodium and imagemagick packages don't want to update because their PGP signature is apparently invalid. Here's the complaint in full:
error: imagemagick: signature from "Cromnix (Buildbot) <cromnix@cromnix.org>" is invalid
:: File /var/cache/pacman/pkg/imagemagick-6.9.9.20-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: libsodium: signature from "Cromnix (Buildbot) <cromnix@cromnix.org>" is invalid
:: File /var/cache/pacman/pkg/libsodium-1.0.15-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package)
Thoughts? I don't really want to install them without a valid signature, as I believe that's a security risk.
(Also, the last "What's your favourite colour?" verification question whilst registering was rather confusing, and I ended up guessing!)
--Starbeamrainbowlabs
You can find the answer in Announcements, [Re: New primary mirror] open from thefallenrat. :D
This should have been fixed with the recent update. Please refresh the databse (-Syy) and re-update again.
Relevant topic :
https://artixlinux.org/forum/index.php?topic=148.0
error: failed retrieving file 'yelp-tools-3.18.0+1+g193c2bd-2-any.pkg.tar.xz' from www.uex.dk : The requested URL returned error: 404
error: failed retrieving file 'yelp-tools-3.18.0+1+g193c2bd-2-any.pkg.tar.xz' from www.uex.dk : The requested URL returned error: 404
warning: failed to retrieve some files
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
Is this a mirror error?
I have been away for a few days and just logged in and tried to update. Even ignoring the pkg doesn't help, No updates could be done.
Putting yelp-tools in pacman.conf as ignored-pkgs seems to free up the upgrade.
Synchronizing package databases...
Starting full system upgrade...
Warning: yelp-tools: ignoring package upgrade (3.18.0+1+g193c2bd-1 => 3.18.0+1+g193c2bd-2)
Resolving dependencies...
Checking inter-conflicts...
Downloading...
Downloading at-spi2-core-2.26.2-1-x86_64.pkg.tar.xz...
Checking keyring...
Checking integrity...
Error: at-spi2-core: signature from "Cromnix (Buildbot) <cromnix@cromnix.org>" is invalid
Failed to commit transaction:
invalid or corrupted package:
I fixed that.
Refresh your local repo dbs
pacman -Syyu
Solved!
@artoo Any idea why that keeps happening to some packages?
Yes, we know what causes it, it is related to the build pipeline (https://github.com/artix-linux/system/blob/master/Jenkinsfile) and parsing the git changeset.There was also a bug on the jenkins plugin side that has been fixed by the jenkins devs.
In short, it happens, if the team push to a repo at the same time, and someone does has to do a pull again before he can push, because someone else pushed a wee bit earlier. This causes then a rebuild of already built packages, and they get signed again, and on the user end, this is what throws signature errors.
I get this signature error this time with fzf, qutebrowser and udiskie
(134/134) checking package integrity [###################################################################################] 100%
error: fzf: signature from "Ambrevar <ambrevar@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/fzf-0.17.1-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: qutebrowser: signature from "Ambrevar <ambrevar@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/qutebrowser-1.0.3-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: udiskie: signature from "Ambrevar <ambrevar@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/udiskie-1.7.2-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.
how to solve it.
"Ambrevar <ambrevar@gmail.com>" is unknown trust
Refresh your arch's keyring
sudo pacman -Sy archlinux-keyring
sudo pacman-key --populate archlinux
sudo pacman-key --refresh-keys
libbytesize: signature from "Cromnix (Buildbot) <cromnix@cromnix.org>" is invalid
unixodbc: signature from "Artix Buildbot <buildbot@artixlinux.org>" is invalid
:: File /var/cache/pacman/pkg/unixodbc-2.3.4-2-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
jemalloc: signature from "Artix Buildbot <buildbot@artixlinux.org>" is invalid
:: File /var/cache/pacman/pkg/jemalloc-1:5.0.1-3-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
portaudio: signature from "Artix Buildbot <buildbot@artixlinux.org>" is invalid
:: File /var/cache/pacman/pkg/portaudio-190600_20161030-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
I just repeated the above procedure that Falling Angel prescribes a few minutes ago.
Only the first error from Cromnix went away.
Sorry can't reproduce it ( Or maybe it has been fixed by other team member) :
world/jemalloc 1:5.0.1-3 1:5.0.1-3 0.00 MiB 0.27 MiB
galaxy-testing/portaudio 190600_20161030-1 190600_20161030-1 0.00 MiB 0.09 MiB
world-testing/unixodbc 2.3.4-2 2.3.4-2 0.00 MiB 0.21 MiB
Total Download Size: 0.57 MiB
Total Installed Size: 2.82 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n] y
:: Retrieving packages...
unixodbc-2.3.4-2-x86_64 219.0 KiB 178K/s 00:01 [------------------------------------------------------------] 100%
jemalloc-1:5.0.1-3-x86_64 272.9 KiB 800K/s 00:00 [------------------------------------------------------------] 100%
portaudio-190600_20161030-1-x86_64 93.6 KiB 306K/s 00:00 [------------------------------------------------------------] 100%
(3/3) checking keys in keyring [------------------------------------------------------------] 100%
(3/3) checking package integrity [------------------------------------------------------------] 100%
(3/3) loading package files [------------------------------------------------------------] 100%
(3/3) checking for file conflicts [------------------------------------------------------------] 100%
(3/3) checking available disk space [------------------------------------------------------------] 100%
:: Processing package changes...
(1/3) reinstalling unixodbc [------------------------------------------------------------] 100%
(2/3) reinstalling jemalloc [------------------------------------------------------------] 100%
(3/3) reinstalling portaudio [------------------------------------------------------------] 100%
You may try to delete the faulty packages at first try and redo the pacman command again
I retried it now and the problem is gone in all four.
And probably while I refreshed the db and keys someone fixed the 1st problem too.
If I can not reproduce my own problem with binary systems magic and lack are never a variable.
Meanwhile I tried a different pkg with different dependencies and it worked, so I ended up removing all but portaudio.
Thanks fallenrat