I have tried various work around steps and other suggestions made in the forum.
Bottom line - a couple of packages have problematic pgp signatures and pacman refuses to install.
Tried...
1) Ensured mirror list is up to date w/ pacman -Syyu
2) Ensured keyring is update w/ pacman -Syyu
3) marked "galaxy" and "world" with siglevel TrustAll in /etc/pacman.conf w/ pacman -Syyu
...all failed
Problems are with galaxy/libsodium and world/imagemagic.
Extract from command line:
resolving dependencies...
looking for conflicting packages...
Packages (2) imagemagick-6.9.9.20-1 libsodium-1.0.15-1
Total Download Size: 2.39 MiB
Total Installed Size: 10.45 MiB
Net Upgrade Size: 0.42 MiB
:: Proceed with installation? [Y/n] y
:: Retrieving packages...
imagemagick-6.9.9.20-1-x86_64 2.2 MiB 187K/s 00:12 [#############################################] 100%
libsodium-1.0.15-1-x86_64 152.9 KiB 184K/s 00:01 [#############################################] 100%
(2/2) checking keys in keyring [#############################################] 100%
(2/2) checking package integrity [#############################################] 100%
error: imagemagick: signature from "Cromnix (Buildbot) <cromnix@cromnix.org>" is invalid
:: File /var/cache/pacman/pkg/imagemagick-6.9.9.20-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: libsodium: signature from "Cromnix (Buildbot) <cromnix@cromnix.org>" is invalid
:: File /var/cache/pacman/pkg/libsodium-1.0.15-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
Suggestions?
You may try to download the package only using -Sw option (Press 'N' when asked to remove) , then install them locally using -U option, therefore bypassing signature checking
Addendum to original post...
I tried suggestions being made in the thread about mirror updating:
$ sudo pacman -Sy gnupg archlinux-keyring artix-keyring
$ sudo pacman-key --populate archlinux artix
$ sudo pacman -Syyu
Still no joy - I'm taking the easy out w/ thefallenrat's suggestion.
I have the some problem
This save my day!
I think artix team is not doing well at communicating news about bugs and new things. hoping for the best
thank you both.
And the latest suggestion from the New primary mirrorlist post (https://artixlinux.org/forum/index.php?topic=27.msg1059#msg1059) about re-installing/re-initializing the keyring didn't work for me. Manual method it is...
@artoo @ nous
Yeah, I can confirm that that these packages are wrongly signed. And therefore scottfurry's pacman keys are not to blame.
Could these packages be rebuilt/signed and uploaded to the repos?
I can do that, but I need artoo's permissions first
Might want to add bash-4.4.012-2 to that list. It was updated after I posted originally.
The solution is to simply delete these packages from the pacman cache in
/var/cache/pacman/pkgThe inconsistency was caused by rebuilding/resigning.
or do a full pacman cache cleaning with
pacman -Scc
More specific cache tasks can be done
paccache -h
I deleted the package cache in between different attempts.
Package (4) New Version Net Change Download Size
world/liblqr 0.4.2-1 0.11 MiB
world/libraqm 0.3.0-2 0.16 MiB
extra/ocl-icd 2.2.11-1 0.18 MiB
world-testing/imagemagick 6.9.9.20-1 9.96 MiB 2.24 MiB
Total Download Size: 2.24 MiB
:: Proceed with download? [Y/n] Y
:: Retrieving packages...
imagemagick-6.9.9.20-1-x86_64 2.2 MiB 223K/s 00:10 [########################################################] 100%
(4/4) checking keys in keyring [########################################################] 100%
(4/4) checking package integrity
Package (4) New Version Net Change Download Size
world/liblqr 0.4.2-1 0.11 MiB
world/libraqm 0.3.0-2 0.16 MiB
extra/ocl-icd 2.2.11-1 0.18 MiB
world/imagemagick 6.9.9.20-1 9.96 MiB 2.24 MiB
Total Download Size: 2.24 MiB
:: Proceed with download? [Y/n] Y
:: Retrieving packages...
imagemagick-6.9.9.20-1-x86_64 2.2 MiB 361K/s 00:06 [########################################################] 100%
(4/4) checking keys in keyring [########################################################] 100%
(4/4) checking package integrity [########################################################] 100%
error: imagemagick: signature from "Cromnix (Buildbot) <cromnix@cromnix.org>" is invalid
:: File /var/cache/pacman/pkg/imagemagick-6.9.9.20-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
@artoo @nous @thefallenrat
Thanks. :D
I haven't done anything yet
Both
libsodium and
imagemagick signature issues are fixed now
~ >>> sudo pacman -S imagemagick
warning: imagemagick-6.9.9.20-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...
Package (1) Old Version New Version Net Change Download Size
world/imagemagick 6.9.9.20-1 6.9.9.20-1 0.00 MiB 2.24 MiB
Total Download Size: 2.24 MiB
Total Installed Size: 9.96 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n] y
:: Retrieving packages...
imagemagick-6.9.9.20-1-x86_64 2.2 MiB 453K/s 00:05 [------------------------------------------------------------] 100%
(1/1) checking keys in keyring [------------------------------------------------------------] 100%
(1/1) checking package integrity [------------------------------------------------------------] 100%
(1/1) loading package files [------------------------------------------------------------] 100%
(1/1) checking for file conflicts [------------------------------------------------------------] 100%
(1/1) checking available disk space [------------------------------------------------------------] 100%
:: Processing package changes...
(1/1) reinstalling imagemagick [------------------------------------------------------------] 100%
~ >>> sudo pacman -S libsodium
warning: libsodium-1.0.15-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...
Package (1) Old Version New Version Net Change Download Size
galaxy/libsodium 1.0.15-1 1.0.15-1 0.00 MiB 0.15 MiB
Total Download Size: 0.15 MiB
Total Installed Size: 0.50 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n] y
:: Retrieving packages...
libsodium-1.0.15-1-x86_64 152.9 KiB 192K/s 00:01 [------------------------------------------------------------] 100%
(1/1) checking keys in keyring [------------------------------------------------------------] 100%
(1/1) checking package integrity [------------------------------------------------------------] 100%
(1/1) loading package files [------------------------------------------------------------] 100%
(1/1) checking for file conflicts [------------------------------------------------------------] 100%
(1/1) checking available disk space [------------------------------------------------------------] 100%
:: Processing package changes...
(1/1) reinstalling libsodium [------------------------------------------------------------] 100%
@thefallenrat - I mentioned bash earlier. That one may need to updating as well.
I tried to reinstall packages imagemagick and libsodium to test. I'm still receiving the error message that the Artix Buildbot is marginal trust. I have...
- cleared pacakge cache
- pacman -Syyuu
The error has propagated out to any package now as I just tried to do an update. I suspect the key signing of the packages does not agree with the package security setting in my pacman.conf.
That version of bash were already in
[system] stable few weeks ago. Please check your mirrors
@thefallenrat - that seems to have done the trick.
In searching the web with the error message I ended up on an arch linux wiki page about package signing (https://wiki.archlinux.org/index.php/Pacman/Package_signing). The page talked about
web of trust. Since the buildbot key was "self-signed", I suspected that was the source of my problems - gpg didn't know what to do causing pacman to choke.
I suspect bash was a "marginal trust" issue as well and not a package signing error like imagemagick. The bash package was a harbinger of the problems to come.
So - huge thank you to
@thefallenrat for helping me fix this.