I'm trying to fix my keys using https://forum.artixlinux.org/index.php/topic,5944.msg37013.html#msg37013 this resource but I get errors when I try to run these commands.
Commands:
sudo pacman-key --init
sudo pacman-key --populate artix
sudo pacman-key --refresh-keys
sudo pacman -Syu
Errors:
gpg: keydb_search failed: Invalid packet
gpg: [don't know]: invalid packet (ctb=56)
Have you tried this procedure:
https://wiki.artixlinux.org/Main/Troubleshooting#Invalid_or_corrupted_packages_.28PGP_signature.29
Just tried it and I've got the same issue.
By any chance, do you have gpgme:
pacman -Ss gpg
system/gpgme 1.23.2-1 [installed]
A C wrapper library for GnuPG
system/libgpg-error 1.47-1 [installed]
[user@101 ~]$ pacman -Ss gpg
system/gpgme 1.23.2-1 [installed]
A C wrapper library for GnuPG
system/libgpg-error 1.47-1 [installed]
system/gpgme 1.23.2-1 [installed]
A C wrapper library for GnuPG
system/libgpg-error 1.47-1 [installed]
Support library for libgcrypt
system/python-gpgme 1.23.2-1 [installed]
Python bindings for GPGme
system/qgpgme-qt5 1.23.2-1 [installed]
Qt5 bindings for GPGme
system/qgpgme-qt6 1.23.2-1
Qt6 bindings for GPGme
world/kgpg 23.08.4-1 (kde-applications kde-utilities)
A GnuPG frontend
world/python-gnupg 0.5.2-1 [installed]
A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
lib32/lib32-libgpg-error 1.47-1 [installed]
Support library for libgcrypt (32-bit)
extra/gpg-crypter 0.4.1-4
A graphical front-end to GnuPG(GPG) using the GTK3 toolkit and libgpgme
extra/gpg-tui 0.10.0-1
A terminal user interface for GnuPG
extra/gpgit 1:1.5.0-2
A shell script that automates the process of signing Git sources via GPG
extra/jetring 0.30-1
gpg keyring maintenance using changesets
extra/keybase 6.0.2-4
CLI tool for GPG with keybase.io
extra/keybase-gui 6.0.2-4
GUI frontend for GPG with keybase.io
extra/kgpg 23.08.4-1 (kde-applications kde-utilities)
A GnuPG frontend
extra/python-gnupg 0.5.2-1 [installed]
A wrapper for the Gnu Privacy Guard (GPG or GnuPG)
extra/ruby-gpgme 2.0.23-1
Ruby interface to GnuPG Made Easy (GPGME)
extra/ruby-mail-gpg 0.4.4-2
GPG/MIME extension for the Ruby Mail Library
extra/sequoia-chameleon-gnupg 0.3.2-1 (sequoia)
A re-implementation and drop-in replacement of gpg and gpgv
multilib/lib32-libgpg-error 1.47-1 [installed]
Support library for libgcrypt (32-bit)
chaotic-aur/agent-transfer 0.44-1
Copy a secret key from GnuPG's gpg-agent to OpenSSH's ssh-agent
bash: system/gpgme: No such file or directory
bash: A: command not found
bash: system/libgpg-error: No such file or directory
This is the dialog which was generated.
[EDITed by a moderator: code tags]
It's weird, can packages gpgme 1.23.2-1 and libgpg-error 1.47-1 be installed twice?
I have this:
pacman -Ss gpg
system/gpgme 1.23.2-1 [installed]
A C wrapper library for GnuPG
system/libgpg-error 1.47-1 [installed]
Support library for libgcrypt
system/python-gpgme 1.23.2-1
Python bindings for GPGme
system/qgpgme-qt5 1.23.2-1
Qt5 bindings for GPGme .../... etc.
Anyone got any ideas on how to fix this?
Not too many ideas.
Can you give us the result of:
cat /etc/pacman.conf
Sure
#
# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives
#
# GENERAL OPTIONS
#
[options]
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir = /
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto
#IgnorePkg =
#IgnorePkg =
#IgnoreGroup =
#NoUpgrade =
#NoExtract =
# Misc options
#UseSyslog
Color
#NoProgressBar
CheckSpace
#VerbosePkgLists
ParallelDownloads = 15
# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Never DatabaseNever
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required
# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Artix Linux
# packagers with `pacman-key --populate artix`.
#
# REPOSITORIES
# - can be defined here or included from another file
# - pacman will search repositories in the order defined here
# - local/custom mirrors can be added here or in separate files
# - repositories listed first will take precedence when packages
# have identical names, regardless of version number
# - URLs will have $repo replaced by the name of the current repo
# - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
# [repo-name]
# Server = ServerName
# Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#
# The gremlins repositories are disabled by default. To enable, uncomment the
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.
# Artix
#[gremlins]
#Include = /etc/pacman.d/mirrorlist
[system]
Include = /etc/pacman.d/mirrorlist
[world]
Include = /etc/pacman.d/mirrorlist
#[galaxy-gremlins]
#Include = /etc/pacman.d/mirrorlist
[galaxy]
Include = /etc/pacman.d/mirrorlist
[omniverse]
Server = http://omniverse.artixlinux.org/$arch
# If you want to run 32 bit applications on your x86_64 system,
# enable the lib32 repositories as required here.
#[lib32-gremlins]
#Include = /etc/pacman.d/mirrorlist
[lib32]
Include = /etc/pacman.d/mirrorlist
# Arch
[testing]
Include = /etc/pacman.d/mirrorlist-arch
[extra]
Include = /etc/pacman.d/mirrorlist-arch
#[community-testing]
#Include = /etc/pacman.d/mirrorlist-arch
[community]
Include = /etc/pacman.d/mirrorlist-arch
#[multilib-testing]
#Include = /etc/pacman.d/mirrorlist-arch
[multilib]
Include = /etc/pacman.d/mirrorlist-arch
#[blackarch]
#Include = /etc/pacman.d/blackarch-mirrorlist
[chaotic-aur]
Include = /etc/pacman.d/chaotic-mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs
Below is what I have.
I see differences from the start (SigLevel etc.).
Unless you are a gamer (wine, steam) you will probably not need 32 bit repositories.
Note that there have been changes at Arch and therefore community is obsolete:
https://wiki.artixlinux.org/Main/Repositories
You haven't activated the artix gremling repository, which would already be risky, but I see that you have activated testing from arch ! ? :o
cat /etc/pacman.conf
#
# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives
#
# GENERAL OPTIONS
#
[options]
#IgnorePkg =
#IgnorePkg =
#IgnorePkg =
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir = /
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto
#IgnorePkg =
#IgnoreGroup =
#NoUpgrade =
#NoExtract =
# Misc options
#UseSyslog
Color
#TotalDownload
CheckSpace
VerbosePkgLists
# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseOptional
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required
# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Artix Linux
# packagers with `pacman-key --populate artix`.
#
# REPOSITORIES
# - can be defined here or included from another file
# - pacman will search repositories in the order defined here
# - local/custom mirrors can be added here or in separate files
# - repositories listed first will take precedence when packages
# have identical names, regardless of version number
# - URLs will have $repo replaced by the name of the current repo
# - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
# [repo-name]
# Server = ServerName
# Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#
# The gremlins repositories are disabled by default. To enable, uncomment the
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.
#[gremlins]
#Include = /etc/pacman.d/mirrorlist
[system]
Include = /etc/pacman.d/mirrorlist
[world]
Include = /etc/pacman.d/mirrorlist
#[galaxy-gremlins]
#Include = /etc/pacman.d/mirrorlist
[galaxy]
Include = /etc/pacman.d/mirrorlist
#[universe]
#Server = https://universe.artixlinux.org/$arch
#Server = https://mirror1.artixlinux.org/universe/$arch
#Server = https://mirror.pascalpuffke.de/artix-universe/$arch
[omniverse]
# Server = https://eu-mirror.artixlinux.org/omniverse/$arch
Server = https://omniverse.artixlinux.org/$arch
# If you want to run 32 bit applications on your x86_64 system,
# enable the lib32 repositories as required here.
#[lib32-gremlins]
#Include = /etc/pacman.d/mirrorlist
#[lib32]
#Include = /etc/pacman.d/mirrorlist
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs
#
# ARCHLINUX
#
#[testing]
#Include = /etc/pacman.d/mirrorlist-arch
[extra]
Include = /etc/pacman.d/mirrorlist-arch
#[community-testing]
#Include = /etc/pacman.d/mirrorlist-arch
#[community]
#Include = /etc/pacman.d/mirrorlist-arch
#[multilib-testing]
#Include = /etc/pacman.d/mirrorlist-arch
#[multilib]
#Include = /etc/pacman.d/mirrorlist-arch
[chaotic-aur]
Include = /etc/pacman.d/chaotic-mirrorlist
==> Appending keys from artix.gpg...
==> Disabling revoked keys in keyring...
-> Disabled 1 keys.
==> Updating trust database...
gpg: public key of ultimately trusted key C424EF1E865D7EE1 not found
gpg: public key of ultimately trusted key 26884D59E86FD76A not found
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 3 signed: 5 trust: 0-, 0q, 0n, 0m, 0f, 3u
gpg: depth: 1 valid: 5 signed: 14 trust: 5-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2024-02-26
==> ERROR: Trust database could not be updated.
==> Updating trust database...
gpg: next trustdb check due at 2024-02-26
sudo pacman-key --populate archlinux artix
==> Appending keys from archlinux.gpg...
gpg: public key of ultimately trusted key C424EF1E865D7EE1 not found
gpg: public key of ultimately trusted key 26884D59E86FD76A not found
==> Appending keys from artix.gpg...
==> Locally signing trusted keys in keyring...
==> ERROR: 69E6471E3AE065297529832E6BA0F5A2037F4F41 could not be locally signed.
==> ERROR: D8AFDDA07A5B6EDFA7D8CCDAD6D055F927843F1C could not be locally signed.
==> ERROR: 3572FA2A1B067F22C58AF155F8B821B42A6FDCD7 could not be locally signed.
==> ERROR: 91FFE0700E80619CEB73235CA88E23E377514E00 could not be locally signed.
:: Import PGP key 1247D995F165BBAC, "Artix Build Bot <
[email protected]>"? [Y/n] y
(1/1) checking package integrity [##################################################################] 100%
error: archlinux-keyring: signature from "Artix Buildbot <
[email protected]>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20240208-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
==> ERROR: Remote key not fetched correctly from keyserver.
These are some errors I'm getting.
Bald.
Hello,
Your problem is known and probably solvable.
But first, it would be interesting to know if you modified /etc/pacman.conf:
cat /etc/pacman.conf
Thank you for your response but I figured it out. I haven't had my keys break in a long time and I was fixing it wrong.
OK.
But, there is no shame in telling us where your initial problem was.