Skip to main content
Topic solved
This topic has been marked as solved and requires no further attention.
Topic: [SOLVED] Problematic Keys (Read 6178 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

[SOLVED] Problematic Keys

I have tried various work around steps and other suggestions made in the forum.
Bottom line - a couple of packages have problematic pgp signatures and pacman refuses to install.

Tried...
1) Ensured mirror list is up to date w/ pacman -Syyu
2) Ensured keyring is update w/ pacman -Syyu
3) marked "galaxy" and "world" with siglevel TrustAll in /etc/pacman.conf w/ pacman -Syyu
...all failed

Problems are with galaxy/libsodium and world/imagemagic.
Extract from command line:
Code: [Select]
resolving dependencies...
looking for conflicting packages...

Packages (2) imagemagick-6.9.9.20-1  libsodium-1.0.15-1

Total Download Size:    2.39 MiB
Total Installed Size:  10.45 MiB
Net Upgrade Size:       0.42 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 imagemagick-6.9.9.20-1-x86_64                           2.2 MiB   187K/s 00:12 [#############################################] 100%
 libsodium-1.0.15-1-x86_64                             152.9 KiB   184K/s 00:01 [#############################################] 100%
(2/2) checking keys in keyring                                                  [#############################################] 100%
(2/2) checking package integrity                                                [#############################################] 100%
error: imagemagick: signature from "Cromnix (Buildbot) <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/imagemagick-6.9.9.20-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: libsodium: signature from "Cromnix (Buildbot) <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/libsodium-1.0.15-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

Suggestions?

Re: Problematic Keys

Reply #1
You may try to download the package only using -Sw option (Press 'N' when asked to remove) , then install them locally using -U option, therefore bypassing signature checking
If I can hit that bullseye, the rest of the dominoes will fall like a house of cards. Checkmate!

Re: Problematic Keys

Reply #3
Addendum to original post...
I tried suggestions being made in the thread about mirror updating:
Code: [Select]
$ sudo pacman -Sy gnupg archlinux-keyring artix-keyring
$ sudo pacman-key --populate archlinux artix
$ sudo pacman -Syyu

Still no joy - I'm taking the easy out w/ thefallenrat's suggestion.

Re: Problematic Keys

Reply #4
Quote from: scottfurry – on
I have tried various work around steps and other suggestions made in the forum.
Bottom line - a couple of packages have problematic pgp signatures and pacman refuses to install.
I have the some problem
Quote from: thefallenrat – on
You may try to download the package only using -Sw option (Press 'N' when asked to remove) , then install them locally using -U option, therefore bypassing signature checking

This save my day!
I think artix team is not doing well at communicating news about bugs and new things. hoping for the best

thank you both.
Keep it Simple. Simple is Secure, Simple is Beautiful.

Re: Problematic Keys

Reply #5
And the latest suggestion from the New primary mirrorlist post about re-installing/re-initializing the keyring didn't work for me. Manual method it is...
 

Re: Problematic Keys

Reply #6
Quote from: scottfurry – on
And the latest suggestion from the New primary mirrorlist post about re-installing/re-initializing the keyring didn't work for me. Manual method it is...

@artoo @ nous
Yeah, I can confirm that that these packages are wrongly signed. And therefore scottfurry's pacman keys are not to blame.

Could these packages be rebuilt/signed and uploaded to the repos?

Re: Problematic Keys

Reply #9
Quote from: scottfurry – on
Addendum to original post...
I tried suggestions being made in the thread about mirror updating:
Code: [Select]
$ sudo pacman -Sy gnupg archlinux-keyring artix-keyring
$ sudo pacman-key --populate archlinux artix
$ sudo pacman -Syyu

Still no joy - I'm taking the easy out w/ thefallenrat's suggestion.

The solution is to simply delete these packages from the pacman cache in /var/cache/pacman/pkg
The inconsistency was caused by rebuilding/resigning.

or do a full pacman cache cleaning with

Code: [Select]
pacman -Scc

More specific cache tasks can be done

Code: [Select]
paccache -h


Re: Problematic Keys

Reply #10
Quote from: artoo – on
The solution is to simply delete these packages from the pacman cache in /var/cache/pacman/pkg
The inconsistency was caused by rebuilding/resigning.
I deleted the package cache in between different attempts.

Re: Problematic Keys

Reply #11
Quote from: thefallenrat – on
I can do that, but I need artoo's permissions first
Code: [Select]
Package (4)                New Version  Net Change  Download Size

world/liblqr               0.4.2-1        0.11 MiB               
world/libraqm              0.3.0-2        0.16 MiB               
extra/ocl-icd              2.2.11-1       0.18 MiB               
world-testing/imagemagick  6.9.9.20-1     9.96 MiB       2.24 MiB

Total Download Size:  2.24 MiB

:: Proceed with download? [Y/n] Y
:: Retrieving packages...
 imagemagick-6.9.9.20-1-x86_64                                          2.2 MiB   223K/s 00:10 [########################################################] 100%
(4/4) checking keys in keyring                                                                 [########################################################] 100%
(4/4) checking package integrity 

Code: [Select]
Package (4)        New Version  Net Change  Download Size

world/liblqr       0.4.2-1        0.11 MiB               
world/libraqm      0.3.0-2        0.16 MiB               
extra/ocl-icd      2.2.11-1       0.18 MiB               
world/imagemagick  6.9.9.20-1     9.96 MiB       2.24 MiB

Total Download Size:  2.24 MiB

:: Proceed with download? [Y/n] Y
:: Retrieving packages...
 imagemagick-6.9.9.20-1-x86_64                                          2.2 MiB   361K/s 00:06 [########################################################] 100%
(4/4) checking keys in keyring                                                                 [########################################################] 100%
(4/4) checking package integrity                                                               [########################################################] 100%
error: imagemagick: signature from "Cromnix (Buildbot) <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/imagemagick-6.9.9.20-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]

@artoo @nous @thefallenrat 
Thanks. :D

Re: Problematic Keys

Reply #12
I haven't done anything yet
If I can hit that bullseye, the rest of the dominoes will fall like a house of cards. Checkmate!

Re: Problematic Keys

Reply #13
Both libsodium and imagemagick signature issues are fixed now

Code: [Select]
~ >>> sudo pacman -S imagemagick
warning: imagemagick-6.9.9.20-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Package (1)        Old Version  New Version  Net Change  Download Size

world/imagemagick  6.9.9.20-1   6.9.9.20-1     0.00 MiB       2.24 MiB

Total Download Size:   2.24 MiB
Total Installed Size:  9.96 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 imagemagick-6.9.9.20-1-x86_64                                                 2.2 MiB   453K/s 00:05 [------------------------------------------------------------] 100%
(1/1) checking keys in keyring                                                                        [------------------------------------------------------------] 100%
(1/1) checking package integrity                                                                      [------------------------------------------------------------] 100%
(1/1) loading package files                                                                           [------------------------------------------------------------] 100%
(1/1) checking for file conflicts                                                                     [------------------------------------------------------------] 100%
(1/1) checking available disk space                                                                   [------------------------------------------------------------] 100%
:: Processing package changes...
(1/1) reinstalling imagemagick                                                                        [------------------------------------------------------------] 100%
Code: [Select]
~ >>> sudo pacman -S libsodium
warning: libsodium-1.0.15-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Package (1)       Old Version  New Version  Net Change  Download Size

galaxy/libsodium  1.0.15-1     1.0.15-1       0.00 MiB       0.15 MiB

Total Download Size:   0.15 MiB
Total Installed Size:  0.50 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 libsodium-1.0.15-1-x86_64                                                   152.9 KiB   192K/s 00:01 [------------------------------------------------------------] 100%
(1/1) checking keys in keyring                                                                        [------------------------------------------------------------] 100%
(1/1) checking package integrity                                                                      [------------------------------------------------------------] 100%
(1/1) loading package files                                                                           [------------------------------------------------------------] 100%
(1/1) checking for file conflicts                                                                     [------------------------------------------------------------] 100%
(1/1) checking available disk space                                                                   [------------------------------------------------------------] 100%
:: Processing package changes...
(1/1) reinstalling libsodium                                                                          [------------------------------------------------------------] 100%
If I can hit that bullseye, the rest of the dominoes will fall like a house of cards. Checkmate!

Re: Problematic Keys

Reply #14
@thefallenrat - I mentioned bash earlier. That one may need to updating as well.

I tried to reinstall packages imagemagick and libsodium to test. I'm still receiving the error message that the Artix Buildbot is marginal trust. I have...
- cleared pacakge cache
- pacman -Syyuu

The error has propagated out to any package now as I just tried to do an update. I suspect the key signing of the packages does not agree with the package security setting in my pacman.conf.