Following 3 attempts to download upgrade packages, when time comes to install them I get this
(776/776) checking keys in keyring [##################################################] 100%
(776/776) checking package integrity [##################################################] 100%
error: linux-api-headers: signature from "Artix Buildbot <[email protected]>" is unknown trust"
:: File /var/cache/pacman/pkg/linux-api-headers-6.7-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
and that's for pretty well ALL the downloaded packages. If I just hold down the ENTER key the default "Y" response goes in and the whole lot is discarded,
Hello badsector
could you please tell us what commands you used for the quoted step?
I was logged-in when I first tried to post this reply but was told that I had to be logged-in to do so. So I logged-in again but did not get an expected "your reply has been posted", so here goes again.
======================================================================
I'd love to provide more data but can at this point provide only rough guidance. I had made a clean install on my desktop yesterday and this morning decided to update it from the initial 2023 date. I always use either 'pacman -Sy' followed by 'pacman -Su' or just 'pacman -Syu' ...and I do have a backup image of the initial clean install and will probably recover it before digging myself into an even deeper hole.
The would-be upgrade started with 1.8 gb of total download and a long list of questions like this:
Replace appstream-qt with world/appstream-qt5? {Y/n}
I just held down return for the default responses. An unknown initial portion of the download ended with a suspended-state or whatever other uninvited axoticum from which I could recover only with a hard reset (which will be another topic for me to raise).
After the reset and reboot came 2 power failures during the retries after each of which I could resume the downloads without losing what had already been downloaded. Somewhere in that chain of events before the last download I got an alert about sigatures with a proposed corrective command which I followed to the letter but when it came to integrity-checking the problem was back again.
I'm on my laptop right now preparing to maybe do a clean install as well but booted up the desktop in hopes of reviewing the suggested corrective command cited above; unfortunately the konsole memory coughed up only a single 'pacman -Syu' from command history.
If I recover from the desktop backup image and start the update all over again it's likely to repeat the same path with the same integrity issue hopefully without the other irregularities. I will cheerfully supply more info on the sequence of events but I would appreciate guidance on how to fix the integrity issue effectively should it come up again.
Hello,
Have you tried the following procedure from the wiki:
https://wiki.artixlinux.org/Main/Troubleshooting#Invalid_or_corrupted_packages_.28PGP_signature.29
Yes I tried that link, no solution. here are some pastes the last on the list is maybe all that's needed
https://paste.opensuse.org/pastes/e4ffd2b44f5f
https://paste.opensuse.org/pastes/cf71f7b890b5
https://paste.opensuse.org/pastes/4a9b6fa27682
https://paste.opensuse.org/pastes/b34b224c9a38
THIS one seems like a central figure:
"error: archlinux-keyring: signature from "Artix Buildbot <
[email protected]>" is unknown trust"
I tried all this on a recovered clean system and am doing another recovery already after probably having borked it all beyond recognition once more :-(
The first error message says this:
"warning: Public keyring not found; have you run 'pacman-key --init'?"
Are you sure you have scrupulously followed the wiki page that I indicated to you?
As much as I could yes. Here's a simplified flow, the full session is saved but I won't paste it up yet (seems futile)
STEP-0
======
# rankmirrors -v -n 5 /etc/pacman.d/mirrorlist
bash: rankmirrors: command not found
STEP-1
======
# pacman -Sy archlinux-keyring artix-keyring
:: Synchronizing package databases...
system 247.6 KiB 131 KiB/s 00:02 [####################################] 100%
world 4.5 MiB 276 KiB/s 00:17 [####################################] 100%
galaxy 374.7 KiB 283 KiB/s 00:01 [####################################] 100%
resolving dependencies...
looking for conflicting packages...
Packages (2) archlinux-keyring-20240313-1 artix-keyring-20220901-2
Total Download Size: 1.27 MiB
Total Installed Size: 1.81 MiB
Net Upgrade Size: 1.65 MiB
:: Proceed with installation? [Y/n]
:: Retrieving packages...
archlinux-keyring-20240313-1-any 1188.3 KiB 291 KiB/s 00:04 [####################################] 100%
artix-keyring-20220901-2-any 112.7 KiB 191 KiB/s 00:01 [####################################] 100%
Total (2/2) 1301.0 KiB 255 KiB/s 00:05 [####################################] 100%
(2/2) checking keys in keyring [####################################] 100%
warning: Public keyring not found; have you run 'pacman-key --init'?
downloading required keys...
error: keyring is not writable
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
If STEP-1 fails do STEP-2 then STEP-1
STEP-2 (NB there is NO /etc/pcman.d/gnupg)
============================================
# rm -r /etc/pacman.d/gnupg
rm: cannot remove '/etc/pacman.d/gnupg': No such file or directory
STEP-3
======
# pacman-key --init
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/A852E7E3C1A95124B80A487982E8E5085E3AD269.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
STEP-4
======
# pacman-key --populate archlinux artix
==> ERROR: The keyring file /usr/share/pacman/keyrings/archlinux.gpg does not exist.
REPEAT WITHOUT archlinux
-----------------------------------------
m4:[root]:/# pacman-key --populate artix
==> Appending keys from artix.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signed 5 keys.
==> Importing owner trust values...
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
==> Disabling revoked keys in keyring...
-> Disabled 1 keys.
==> Updating trust database...
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 5 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 5 signed: 13 trust: 0-, 0q, 0n, 5m, 0f, 0u
gpg: depth: 2 valid: 13 signed: 3 trust: 13-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2024-05-28
STEP-5-a
=========
# pacman -Scc
Cache directory: /var/cache/pacman/pkg/
:: Do you want to remove ALL files from cache? [y/N]
Database directory: /var/lib/pacman/
:: Do you want to remove unused repositories? [Y/n]
removing unused sync repositories...
STEP-5b THIS is the LOOOOOONG download of 2gb
=======
# pacman -Syyu
:: Synchronizing package databases...
system 247.6 KiB 118 KiB/s 00:02 [####################################] 100%
world 4.5 MiB 279 KiB/s 00:17 [####################################] 100%
galaxy 374.7 KiB 302 KiB/s 00:01 [####################################] 100%
:: Starting full system upgrade...
:: Replace appstream-qt with world/appstream-qt5? [Y/n]
:: Replace attica with world/attica5? [Y/n]
_______ a whole bunch of these
:: Replace threadweaver with world/threadweaver5? [Y/n]
resolving dependencies...
:: There are 2 providers available for qt6-multimedia-backend:
:: Repository world
1) qt6-multimedia-ffmpeg 2) qt6-multimedia-gstreamer
resolving dependencies...
:: There are 2 providers available for qt6-multimedia-backend:
:: Repository world
1) qt6-multimedia-ffmpeg 2) qt6-multimedia-gstreamer
Enter a number (default=1):
looking for conflicting packages...
warning: dependency cycle detected:
warning: harfbuzz will be installed before its freetype2 dependency
-------- a whole bunch of these too
warning: dependency cycle detected:
warning: xdg-desktop-portal-kde will be installed before its plasma-workspace dependency
Packages (842) abseil-cpp-20240116.1-1 accounts-qml-module-0.7-6 acl-2.3.2-1 adwaita-cursors-46.0-1
adwaita-icon-theme-46.0-1 akonadi-contacts-24.02.2-1 alsa-lib-1.2.11-1
.......
zeromq-4.3.5-2 zix-0.4.2-2 zlib-1:1.3.1-1 zsh-5.9-5 zvbi-0.2.42-1 zxing-cpp-2.2.1-1
Total Download Size: 1868.93 MiB
Total Installed Size: 5394.45 MiB
Net Upgrade Size: 399.86 MiB
:: Proceed with installation? [Y/n]
__________________________________________
........... download and THEN.....
qt6-translations-6.7.0-1.1-any 2.9 KiB 15.3 KiB/s 00:00 [####################################] 100%
fuse-common-3.16.2-1-x86_64 2.6 KiB 12.7 KiB/s 00:00 [####################################] 100%
Total (774/774) 1868.9 MiB 562 KiB/s 56:44 [####################################] 100%
(775/775) checking keys in keyring [####################################] 100%
(775/775) checking package integrity [####################################] 100%
:: File /var/cache/pacman/pkg/plasma-workspace-wallpapers-6.0.3-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (checksum)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.
Did you try :
sudo rm /var/cache/pacman/pkg/plasma-workspace-wallpapers-6.0.3-1-any.pkg.tar.zst
# rm /var/cache/pacman/pkg/plasma-workspace-wallpapers-6.0.3-1-x86_64.pkg.tar.zst
rm: cannot remove '/var/cache/pacman/pkg/plasma-workspace-wallpapers-6.0.3-1-x86_64.pkg.tar.zst': No such file or directory
BUT in the trascript there are 2 citations of it
plasma-workspace-wallpapers-6.0.3-1
plasma-workspace-wallpapers-6.0.... 105.0 MiB 510 KiB/s 03:31 [####################################] 100%
I verified with dolphin, the file is NOT there.
Then I repeated the u[pdate attempt, that downloadxed the file again and this time complained about ANOTHER bad package. I think it will do this for maybe every one of them in turn?
===================================================================
Total Download Size: 105.05 MiB
Total Installed Size: 5394.81 MiB
Net Upgrade Size: 399.88 MiB
:: Proceed with installation? [Y/n]
:: Retrieving packages...
plasma-workspace-wallpapers-6.0.... 105.0 MiB 764 KiB/s 02:21 [####################################] 100%
appstream-qt5-1.0.2-1-x86_64 86.3 KiB 254 KiB/s 00:00 [####################################] 100%
Total (2/2) 105.0 MiB 760 KiB/s 02:21 [####################################] 100%
(776/776) checking keys in keyring [####################################] 100%
(776/776) checking package integrity [####################################] 100%
error: gtk3: signature from "Artix Buildbot <
[email protected]>" is invalid
:: File /var/cache/pacman/pkg/gtk3-1:3.24.41-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
=================================================================================
I reread the sequence of commands you executed.
As Step-2 failed, you should have repeated Step-1.
However, you have moved to Step-3...
I happened to have to run the following command:
pacman-key --refresh-keys
# pacman-key --refresh-keys
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key 1247D995F165BBAC: "Artix Buildbot <[email protected]>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
NOTHING seems to work. I had done the step-2/1 bit also to no avail.
I should say that the previous content in this thread had to do with an installation from:
artix-plasma-openrc-20230814-x86_64-1.iso
in which /etc/pacman.d/gnupg simply DOES NOT EXIST so when you return to step-1 you have changed absolutely nothing.
I have since downloaded and made an installation also from
artix-community-qt-openrc-20230814-x86_64.026qavG3.iso
and ran into exactly the same issue (short transcript below).
Also: the installer on BOTH of these installations dies short of the mark at 90% when grub is being installed and os-prober just times out. I took a screen shot of the toggled log but it saved into the live system instead of into the already created user or root home
# ls /etc/pacman.d
gnupg mirrorlist mirrorlist-arch
m4:[root]:/#
m4:[root]:/#
m4:[root]:/# pacman -Sy archlinux-keyring artix-keyring
:: Synchronizing package databases...
system 247.9 KiB 30.1 KiB/s 00:08 [-------------------------------------------------] 100%
world 4.6 MiB 257 KiB/s 00:18 [-------------------------------------------------] 100%
galaxy 463.1 KiB 54.4 KiB/s 00:09 [-------------------------------------------------] 100%
lib32 165.8 KiB 21.3 KiB/s 00:08 [-------------------------------------------------] 100%
universe is up to date
omniverse is up to date
extra 8.1 MiB 134 KiB/s 01:01 [-------------------------------------------------] 100%
community is up to date
multilib is up to date
resolving dependencies...
looking for conflicting packages...
Package (2) Old Version New Version Net Change Download Size
galaxy/archlinux-keyring 20230704-1 20240313-1 0.04 MiB 1.16 MiB
system/artix-keyring 20220901-1 20220901-2 0.00 MiB 0.11 MiB
Total Download Size: 1.27 MiB
Total Installed Size: 1.81 MiB
Net Upgrade Size: 0.04 MiB
:: Proceed with installation? [Y/n]
:: Retrieving packages...
artix-keyring-20220901-2-any 112.7 KiB 89.0 KiB/s 00:01 [-------------------------------------------------] 100%
archlinux-keyring-20240313-1-any 1188.3 KiB 557 KiB/s 00:02 [-------------------------------------------------] 100%
Total (2/2) 1301.0 KiB 565 KiB/s 00:02 [-------------------------------------------------] 100%
(2/2) checking keys in keyring [-------------------------------------------------] 100%
(2/2) checking package integrity [-------------------------------------------------] 100%
error: archlinux-keyring: signature from "Artix Buildbot <[email protected]>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20240313-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: artix-keyring: signature from "Artix Buildbot <[email protected]>" is unknown trust
:: File /var/cache/pacman/pkg/artix-keyring-20220901-2-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
m4:[root]:/# rm -r /etc/pacman.d/gnupg
m4:[root]:/# pacman -Sy archlinux-keyring artix-keyring
:: Synchronizing package databases...
system is up to date
world is up to date
galaxy is up to date
lib32 is up to date
universe is up to date
omniverse is up to date
extra is up to date
community is up to date
multilib is up to date
resolving dependencies...
looking for conflicting packages...
Package (2) Old Version New Version Net Change Download Size
galaxy/archlinux-keyring 20230704-1 20240313-1 0.04 MiB 1.16 MiB
system/artix-keyring 20220901-1 20220901-2 0.00 MiB 0.11 MiB
Total Download Size: 1.27 MiB
Total Installed Size: 1.81 MiB
Net Upgrade Size: 0.04 MiB
:: Proceed with installation? [Y/n] Y
:: Retrieving packages...
artix-keyring-20220901-2-any 112.7 KiB 40.6 KiB/s 00:03 [-------------------------------------------------] 100%
archlinux-keyring-20240313-1-any 1188.3 KiB 146 KiB/s 00:08 [-------------------------------------------------] 100%
Total (2/2) 1301.0 KiB 156 KiB/s 00:08 [-------------------------------------------------] 100%
(2/2) checking keys in keyring [-------------------------------------------------] 100%
warning: Public keyring not found; have you run 'pacman-key --init'?
downloading required keys...
error: keyring is not writable
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
m4:[root]:/# pacman-key --init
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/13B006055302410C1CCF94E4381AEDEA011A4750.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
m4:[root]:/# pacman -Sy archlinux-keyring artix-keyring
:: Synchronizing package databases...
system is up to date
world is up to date
galaxy is up to date
lib32 is up to date
universe is up to date
omniverse is up to date
extra is up to date
community is up to date
multilib is up to date
resolving dependencies...
looking for conflicting packages...
Package (2) Old Version New Version Net Change
galaxy/archlinux-keyring 20230704-1 20240313-1 0.04 MiB
system/artix-keyring 20220901-1 20220901-2 0.00 MiB
Total Installed Size: 1.81 MiB
Net Upgrade Size: 0.04 MiB
:: Proceed with installation? [Y/n] Y
(2/2) checking keys in keyring [-------------------------------------------------] 100%
downloading required keys...
:: Import PGP key 1247D995F165BBAC, "Artix Build Bot <[email protected]>"? [Y/n] Y
(2/2) checking package integrity [-------------------------------------------------] 100%
error: archlinux-keyring: signature from "Artix Buildbot <[email protected]>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20240313-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] Y
error: artix-keyring: signature from "Artix Buildbot <[email protected]>" is unknown trust
:: File /var/cache/pacman/pkg/artix-keyring-20220901-2-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] Y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
os-prober doesn't work properly unless all the partitions with OS's on are mounted before running. Otherwise you might have to open a new terminal and kill the os-prober process. Sometimes it does work if you wait long enough.
Some more ideas to try, perhaps you could get the keyring packages manually from a mirror then install them first with pacman -U.
If you are using arch repos, check if the setup for that is OK:
https://wiki.artixlinux.org/Main/Repositories#Arch_repositories (https://wiki.artixlinux.org/Main/Repositories#Arch_repositories)
Is your CMOS battery OK and time and date set right, and perhaps even check the host name, if it's missing or something doesn't like the one you chose it can give odd effects - although that's admittedly probably unlikely to be the trouble here.
I think there's some way to temporarily disable the need for key checking entirely in pacman.conf but besides being hideously insecure and not recommended by any responsible person, it's equally likely to break things even more if there's an underlying cause, but once in a while forcing the update like that might solve things too.
Just a wild guess:
I think if I manage to do one good update the problem will vanish so temporarily disabling verification would interest me for sure but I see no way of doing that (Suse lets you do so both in the GUI yast or in the cLi zypper). As it is I can't even update pacman to the newer version.
As for os-prober Suse runs it all the time and it never times out, not sure if the partitions are not mounted by os-prober itself, the process is hidden from the user. This in itself is not a major problem, it just means the the next boot fails into the grub shell, if you have other systems and they do conform to the /boot/vmlinuz & /boot/initrd standard then you just boot that manually and redo the grub thing from one of them.
Adendum:
I mader this edit in /etc/pacman.conf
###############################################
###############################################
#SigLevel = Required DatabaseOptional
SigLevel = Optional
###############################################
###############################################
but it makes no difference
(778/778) checking package integrity [####################################] 100%
error: mesa: signature from "Artix Buildbot <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/mesa-1:24.0.5-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.
# pacman -U /var/cache/pacman/pkg/mesa-1:24.0.5-1-x86_64.pkg.tar.zst
loading packages...
error: '/var/cache/pacman/pkg/mesa-1:24.0.5-1-x86_64.pkg.tar.zst': invalid or corrupted package (PGP signature)
Have you tried:
SigLevel = Never
Just temporarily while you update of course, otherwise you will have even bigger problems :)
First thing I would try is the manual keyring install, pacman -U doesn't do gpg checks and it's less drastic. Packages can be downloaded by finding a mirror address in /etc/pacman.d/mirrorlist then getting it with your browser or wget etc. in a working system :
https://ftp.cc.uoc.gr/mirrors/linux/artixlinux/galaxy/os/x86_64/archlinux-keyring-20240313-1-any.pkg.tar.zst (https://ftp.cc.uoc.gr/mirrors/linux/artixlinux/galaxy/os/x86_64/archlinux-keyring-20240313-1-any.pkg.tar.zst)
https://ftp.cc.uoc.gr/mirrors/linux/artixlinux/system/os/x86_64/artix-keyring-20220901-2-any.pkg.tar.zst (https://ftp.cc.uoc.gr/mirrors/linux/artixlinux/system/os/x86_64/artix-keyring-20220901-2-any.pkg.tar.zst)
Then copy the packages over with a usb stick or whatever, pacman -U pkgname in the target os will install them.
Possibly if gpg is still failing afterwards then that or something related needs updating manually too, due to version incompatibilities?
There are more troubleshooting tips along with an explanation of disabling key checking in pacman.conf here on the Arch wiki:
https://wiki.archlinux.org/title/Pacman/Package_signing (https://wiki.archlinux.org/title/Pacman/Package_signing)
Grub os-prober has a longstanding upstream bug, it's the same in Devuan. If you mount the unused directories manually before starting the install it will work normally, it can't mount them properly itself it seems and either takes ages to run or fails entirely. I'm not sure if that would work outside the install chroot though, but it's worth a try. Another option is edit /etc/default/grub to include the line:
GRUB_DISABLE_OS_PROBER=true
but again you'll have to see how / if it works with the installer, and if you're happy with your workaround, then fine.
SigLevel = Never
The above (temporarily) seems to have an effect with already downloaded files so I have made a small step forward. With the system installed from the large KDE (4.X gb) iso there were also file conflicts and removing one just led into interminable dependancy spirals so I gave up. With the system made form the smaller (2.1 gb) plasma iso there are no conflicts and so far I've been able to install those packages that do not lead into dependancy issues ONE AT A TIME. This isn't encouraging either seeing that there are about 800 of them but is better than nothing.
Are there any packages in particular which, if installed manually from local folders, are better candidates for fixing this problem than others?
Addendum:
Manually updated most packages, updated the rest via artix-chroot from live dvd. Now I can't log in. I create a new user with password but that can't log in either. I'm done, will be back in 6 months to see if a new 'working' iso is available.
Closure:
=======
As a dire-straits last resort I dug up the oldest backup image on hand, the one that made me go for a fresh install in anger. I recovered it, updated it and am posting from it (probably my original install from the 2018 or so kde iso). A simultabneous swing to a new (non-nvidia) video card and an upgrade to plasma 6 had made such a mess of my desktop as I had never seen before so I thought that a freshie would be the thing to do. W R O N G. I'll rebuild it now, having no choice. Thanks for the helpful suggestions all the same!