Skip to main content
Topic: update: all signatures bad (Read 1048 times) previous topic - next topic
0 Members and 2 Guests are viewing this topic.

update: all signatures bad

Following 3 attempts to download upgrade packages, when time comes to install them I get this 


Code: [Select]
(776/776) checking keys in keyring                                                     [##################################################] 100%
(776/776) checking package integrity                                                   [##################################################] 100%
error: linux-api-headers: signature from "Artix Buildbot <[email protected]>" is unknown trust"
:: File /var/cache/pacman/pkg/linux-api-headers-6.7-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]

and that's for pretty well ALL the downloaded packages.  If I just hold down the ENTER key the default "Y" response goes in and the whole lot is discarded,





Who, has loved us more?

Re: update: all signatures bad

Reply #1
Hello badsector

Quote
download upgrade packages, when time comes to install them I get this 

could you please tell us what commands you used for the quoted step?

Re: update: all signatures bad

Reply #2
I was logged-in when I first tried to post this reply but was told that I had to be logged-in to do so.  So I logged-in again but did not get an expected "your reply has been posted", so here goes again.

======================================================================

I'd love to provide more data but can at this point provide only rough guidance. I had made a clean install on my desktop yesterday and this morning decided to update it from the initial 2023 date. I always use either 'pacman -Sy' followed by 'pacman -Su' or just 'pacman -Syu' ...and I do have a backup image of the initial clean install and will probably recover it before digging myself into an even deeper hole.


The would-be upgrade started with 1.8 gb of total download and a long list of questions like this:

Code: [Select]
Replace appstream-qt with world/appstream-qt5? {Y/n}

I just held down return for the default responses. An unknown initial portion of the download ended with a suspended-state or whatever other uninvited axoticum from which I could recover only with a hard reset (which will be another topic for me to raise).

After the reset and reboot came 2 power failures during the retries after each of which I could resume the downloads without losing what had already been downloaded. Somewhere in that chain of events before the last download I got an alert about sigatures with a proposed corrective command which I followed to the letter but when it came to integrity-checking  the problem was back again.

I'm on my laptop right now preparing to maybe do a clean install as well but booted up the desktop in hopes of reviewing the suggested corrective command cited above; unfortunately the konsole memory coughed up only a single 'pacman -Syu' from command history.

If I recover from the desktop backup image and start the update all over again it's likely to repeat the same path with the same integrity issue hopefully without the other irregularities. I will cheerfully supply more info on the sequence of events but I would appreciate guidance on how to fix the integrity issue effectively should it come up again.
Who, has loved us more?


Re: update: all signatures bad

Reply #4
Yes I tried that link, no solution. here are some pastes the last on the list is maybe all that's needed

https://paste.opensuse.org/pastes/e4ffd2b44f5f
https://paste.opensuse.org/pastes/cf71f7b890b5
https://paste.opensuse.org/pastes/4a9b6fa27682
https://paste.opensuse.org/pastes/b34b224c9a38

THIS one seems like a central figure:
"error: archlinux-keyring: signature from "Artix Buildbot <[email protected]>" is unknown trust"

I tried all this on a recovered clean system and am doing another recovery already after probably having borked it all beyond recognition once more :-(
 

Who, has loved us more?

Re: update: all signatures bad

Reply #5
Yes I tried that link, no solution. here are some pastes the last on the list is maybe all that's needed
https://paste.opensuse.org/pastes/e4ffd2b44f5f
The first error message says this:
"warning: Public keyring not found; have you run 'pacman-key --init'?"

Are you sure you have scrupulously followed the wiki page that I indicated to you?

Re: update: all signatures bad

Reply #6
Yes I tried that link, no solution. here are some pastes the last on the list is maybe all that's needed
https://paste.opensuse.org/pastes/e4ffd2b44f5f
The first error message says this:
"warning: Public keyring not found; have you run 'pacman-key --init'?"

Are you sure you have scrupulously followed the wiki page that I indicated to you?


As much as I could yes. Here's a simplified flow, the full session is saved but I won't paste it up yet (seems futile)


STEP-0
======
# rankmirrors -v -n 5 /etc/pacman.d/mirrorlist
bash: rankmirrors: command not found


STEP-1
======
# pacman -Sy archlinux-keyring artix-keyring
:: Synchronizing package databases...
 system                                247.6 KiB   131 KiB/s 00:02 [####################################] 100%
 world                                   4.5 MiB   276 KiB/s 00:17 [####################################] 100%
 galaxy                                374.7 KiB   283 KiB/s 00:01 [####################################] 100%
resolving dependencies...
looking for conflicting packages...

Packages (2) archlinux-keyring-20240313-1  artix-keyring-20220901-2

Total Download Size:   1.27 MiB
Total Installed Size:  1.81 MiB
Net Upgrade Size:      1.65 MiB

:: Proceed with installation? [Y/n]
:: Retrieving packages...
 archlinux-keyring-20240313-1-any     1188.3 KiB   291 KiB/s 00:04 [####################################] 100%
 artix-keyring-20220901-2-any          112.7 KiB   191 KiB/s 00:01 [####################################] 100%
 Total (2/2)                          1301.0 KiB   255 KiB/s 00:05 [####################################] 100%
(2/2) checking keys in keyring                                     [####################################] 100%
warning: Public keyring not found; have you run 'pacman-key --init'?
downloading required keys...
error: keyring is not writable
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.

If STEP-1 fails do STEP-2 then STEP-1

STEP-2  (NB there is NO /etc/pcman.d/gnupg)
============================================
# rm -r /etc/pacman.d/gnupg
rm: cannot remove '/etc/pacman.d/gnupg': No such file or directory


STEP-3
======
# pacman-key --init
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/A852E7E3C1A95124B80A487982E8E5085E3AD269.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u



STEP-4
======
# pacman-key --populate archlinux artix
==> ERROR: The keyring file /usr/share/pacman/keyrings/archlinux.gpg does not exist.

REPEAT WITHOUT archlinux
-----------------------------------------

m4:[root]:/# pacman-key --populate artix
==> Appending keys from artix.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signed 5 keys.
==> Importing owner trust values...
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
==> Disabling revoked keys in keyring...
  -> Disabled 1 keys.
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   5  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   5  signed:  13  trust: 0-, 0q, 0n, 5m, 0f, 0u
gpg: depth: 2  valid:  13  signed:   3  trust: 13-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2024-05-28



STEP-5-a
=========
# pacman -Scc
Cache directory: /var/cache/pacman/pkg/
:: Do you want to remove ALL files from cache? [y/N]
Database directory: /var/lib/pacman/
:: Do you want to remove unused repositories? [Y/n]
removing unused sync repositories...



STEP-5b     THIS is the LOOOOOONG   download of 2gb
=======
# pacman -Syyu
:: Synchronizing package databases...
 system                                247.6 KiB   118 KiB/s 00:02 [####################################] 100%
 world                                   4.5 MiB   279 KiB/s 00:17 [####################################] 100%
 galaxy                                374.7 KiB   302 KiB/s 00:01 [####################################] 100%
:: Starting full system upgrade...
:: Replace appstream-qt with world/appstream-qt5? [Y/n]


:: Replace attica with world/attica5? [Y/n]
_______ a whole bunch of these
:: Replace threadweaver with world/threadweaver5? [Y/n]

resolving dependencies...
:: There are 2 providers available for qt6-multimedia-backend:
:: Repository world
   1) qt6-multimedia-ffmpeg  2) qt6-multimedia-gstreamer

resolving dependencies...
:: There are 2 providers available for qt6-multimedia-backend:
:: Repository world
   1) qt6-multimedia-ffmpeg  2) qt6-multimedia-gstreamer

Enter a number (default=1):
looking for conflicting packages...
warning: dependency cycle detected:
warning: harfbuzz will be installed before its freetype2 dependency
-------- a whole bunch of these too
warning: dependency cycle detected:
warning: xdg-desktop-portal-kde will be installed before its plasma-workspace dependency


Packages (842) abseil-cpp-20240116.1-1  accounts-qml-module-0.7-6  acl-2.3.2-1  adwaita-cursors-46.0-1
               adwaita-icon-theme-46.0-1  akonadi-contacts-24.02.2-1  alsa-lib-1.2.11-1
.......
                zeromq-4.3.5-2  zix-0.4.2-2  zlib-1:1.3.1-1  zsh-5.9-5  zvbi-0.2.42-1  zxing-cpp-2.2.1-1

Total Download Size:   1868.93 MiB
Total Installed Size:  5394.45 MiB
Net Upgrade Size:       399.86 MiB

:: Proceed with installation? [Y/n]
__________________________________________
........... download and THEN.....

 qt6-translations-6.7.0-1.1-any          2.9 KiB  15.3 KiB/s 00:00 [####################################] 100%
 fuse-common-3.16.2-1-x86_64             2.6 KiB  12.7 KiB/s 00:00 [####################################] 100%
 Total (774/774)                      1868.9 MiB   562 KiB/s 56:44 [####################################] 100%
(775/775) checking keys in keyring                                 [####################################] 100%
(775/775) checking package integrity                               [####################################] 100%
:: File /var/cache/pacman/pkg/plasma-workspace-wallpapers-6.0.3-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (checksum)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.


Who, has loved us more?

Re: update: all signatures bad

Reply #7

:: File /var/cache/pacman/pkg/plasma-workspace-wallpapers-6.0.3-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (checksum)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package)

Did you try :
sudo rm /var/cache/pacman/pkg/plasma-workspace-wallpapers-6.0.3-1-any.pkg.tar.zst

Re: update: all signatures bad

Reply #8

:: File /var/cache/pacman/pkg/plasma-workspace-wallpapers-6.0.3-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (checksum)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package)

Did you try :
sudo rm /var/cache/pacman/pkg/plasma-workspace-wallpapers-6.0.3-1-any.pkg.tar.zst


# rm /var/cache/pacman/pkg/plasma-workspace-wallpapers-6.0.3-1-x86_64.pkg.tar.zst
rm: cannot remove '/var/cache/pacman/pkg/plasma-workspace-wallpapers-6.0.3-1-x86_64.pkg.tar.zst': No such file or directory

BUT in the trascript there are 2 citations of it
plasma-workspace-wallpapers-6.0.3-1
plasma-workspace-wallpapers-6.0....   105.0 MiB   510 KiB/s 03:31 [####################################] 100%

I verified with dolphin, the file is NOT there.


Then I repeated the u[pdate attempt, that downloadxed the file again and this time complained about ANOTHER bad package. I think it will do this for maybe every one of them in turn?
 
===================================================================
Total Download Size:    105.05 MiB
Total Installed Size:  5394.81 MiB
Net Upgrade Size:       399.88 MiB

:: Proceed with installation? [Y/n]
:: Retrieving packages...
 plasma-workspace-wallpapers-6.0....   105.0 MiB   764 KiB/s 02:21 [####################################] 100%
 appstream-qt5-1.0.2-1-x86_64           86.3 KiB   254 KiB/s 00:00 [####################################] 100%
 Total (2/2)                           105.0 MiB   760 KiB/s 02:21 [####################################] 100%
(776/776) checking keys in keyring                                 [####################################] 100%
(776/776) checking package integrity                               [####################################] 100%
error: gtk3: signature from "Artix Buildbot <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/gtk3-1:3.24.41-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
=================================================================================


Who, has loved us more?

Re: update: all signatures bad

Reply #9
STEP-1
======
# pacman -Sy archlinux-keyring artix-keyring
:: Synchronizing package databases...
 .../...
error: keyring is not writable
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.


If STEP-1 fails do STEP-2 then STEP-1

STEP-2  (NB there is NO /etc/pcman.d/gnupg)
============================================
# rm -r /etc/pacman.d/gnupg
rm: cannot remove '/etc/pacman.d/gnupg': No such file or directory

STEP-3
======
# pacman-key --init
.../...

I reread the sequence of commands you executed.
As Step-2 failed, you should have repeated Step-1.

However, you have moved to Step-3...

I happened to have to run the following command:
Code: [Select]
pacman-key --refresh-keys

Re: update: all signatures bad

Reply #10
STEP-1
======
# pacman -Sy archlinux-keyring artix-keyring
:: Synchronizing package databases...
 .../...
error: keyring is not writable
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.


If STEP-1 fails do STEP-2 then STEP-1

STEP-2  (NB there is NO /etc/pcman.d/gnupg)
============================================
# rm -r /etc/pacman.d/gnupg
rm: cannot remove '/etc/pacman.d/gnupg': No such file or directory

STEP-3
======
# pacman-key --init
.../...

I reread the sequence of commands you executed.
As Step-2 failed, you should have repeated Step-1.

However, you have moved to Step-3...

I happened to have to run the following command:
Code: [Select]
pacman-key --refresh-keys




Code: [Select]
# pacman-key --refresh-keys
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key 1247D995F165BBAC: "Artix Buildbot <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1



NOTHING seems to work. I had done the step-2/1 bit also to no avail.

I should say that the previous content in this thread had to do with  an installation from:

     artix-plasma-openrc-20230814-x86_64-1.iso

in which /etc/pacman.d/gnupg simply DOES NOT EXIST so when you return to step-1 you have changed absolutely nothing.

I have since downloaded and made an installation also from

    artix-community-qt-openrc-20230814-x86_64.026qavG3.iso
 
and ran into exactly the same issue (short transcript below).

Also: the installer on BOTH of these installations dies short of the mark at 90% when grub is being installed and os-prober just times out. I took a screen shot of the toggled log but it saved into the live system instead of into the already created user or root home





Code: [Select]
# ls /etc/pacman.d
gnupg  mirrorlist  mirrorlist-arch
m4:[root]:/#
m4:[root]:/#
m4:[root]:/# pacman -Sy archlinux-keyring artix-keyring
:: Synchronizing package databases...
 system                                                  247.9 KiB  30.1 KiB/s 00:08 [-------------------------------------------------] 100%
 world                                                     4.6 MiB   257 KiB/s 00:18 [-------------------------------------------------] 100%
 galaxy                                                  463.1 KiB  54.4 KiB/s 00:09 [-------------------------------------------------] 100%
 lib32                                                   165.8 KiB  21.3 KiB/s 00:08 [-------------------------------------------------] 100%
 universe is up to date
 omniverse is up to date
 extra                                                     8.1 MiB   134 KiB/s 01:01 [-------------------------------------------------] 100%
 community is up to date
 multilib is up to date
resolving dependencies...
looking for conflicting packages...

Package (2)               Old Version  New Version  Net Change  Download Size

galaxy/archlinux-keyring  20230704-1   20240313-1     0.04 MiB       1.16 MiB
system/artix-keyring      20220901-1   20220901-2     0.00 MiB       0.11 MiB

Total Download Size:   1.27 MiB
Total Installed Size:  1.81 MiB
Net Upgrade Size:      0.04 MiB

:: Proceed with installation? [Y/n]
:: Retrieving packages...
 artix-keyring-20220901-2-any                            112.7 KiB  89.0 KiB/s 00:01 [-------------------------------------------------] 100%
 archlinux-keyring-20240313-1-any                       1188.3 KiB   557 KiB/s 00:02 [-------------------------------------------------] 100%
 Total (2/2)                                            1301.0 KiB   565 KiB/s 00:02 [-------------------------------------------------] 100%
(2/2) checking keys in keyring                                                       [-------------------------------------------------] 100%
(2/2) checking package integrity                                                     [-------------------------------------------------] 100%
error: archlinux-keyring: signature from "Artix Buildbot <[email protected]>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20240313-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: artix-keyring: signature from "Artix Buildbot <[email protected]>" is unknown trust
:: File /var/cache/pacman/pkg/artix-keyring-20220901-2-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
m4:[root]:/# rm -r /etc/pacman.d/gnupg
m4:[root]:/# pacman -Sy archlinux-keyring artix-keyring
:: Synchronizing package databases...
 system is up to date
 world is up to date
 galaxy is up to date
 lib32 is up to date
 universe is up to date
 omniverse is up to date
 extra is up to date
 community is up to date
 multilib is up to date
resolving dependencies...
looking for conflicting packages...

Package (2)               Old Version  New Version  Net Change  Download Size

galaxy/archlinux-keyring  20230704-1   20240313-1     0.04 MiB       1.16 MiB
system/artix-keyring      20220901-1   20220901-2     0.00 MiB       0.11 MiB

Total Download Size:   1.27 MiB
Total Installed Size:  1.81 MiB
Net Upgrade Size:      0.04 MiB

:: Proceed with installation? [Y/n] Y
:: Retrieving packages...
 artix-keyring-20220901-2-any                            112.7 KiB  40.6 KiB/s 00:03 [-------------------------------------------------] 100%
 archlinux-keyring-20240313-1-any                       1188.3 KiB   146 KiB/s 00:08 [-------------------------------------------------] 100%
 Total (2/2)                                            1301.0 KiB   156 KiB/s 00:08 [-------------------------------------------------] 100%
(2/2) checking keys in keyring                                                       [-------------------------------------------------] 100%
warning: Public keyring not found; have you run 'pacman-key --init'?
downloading required keys...
error: keyring is not writable
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
m4:[root]:/# pacman-key --init
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/13B006055302410C1CCF94E4381AEDEA011A4750.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
m4:[root]:/# pacman -Sy archlinux-keyring artix-keyring
:: Synchronizing package databases...
 system is up to date
 world is up to date
 galaxy is up to date
 lib32 is up to date
 universe is up to date
 omniverse is up to date
 extra is up to date
 community is up to date
 multilib is up to date
resolving dependencies...
looking for conflicting packages...

Package (2)               Old Version  New Version  Net Change

galaxy/archlinux-keyring  20230704-1   20240313-1     0.04 MiB
system/artix-keyring      20220901-1   20220901-2     0.00 MiB

Total Installed Size:  1.81 MiB
Net Upgrade Size:      0.04 MiB

:: Proceed with installation? [Y/n] Y
(2/2) checking keys in keyring                                                       [-------------------------------------------------] 100%
downloading required keys...
:: Import PGP key 1247D995F165BBAC, "Artix Build Bot <[email protected]>"? [Y/n] Y
(2/2) checking package integrity                                                     [-------------------------------------------------] 100%
error: archlinux-keyring: signature from "Artix Buildbot <[email protected]>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20240313-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] Y
error: artix-keyring: signature from "Artix Buildbot <[email protected]>" is unknown trust
:: File /var/cache/pacman/pkg/artix-keyring-20220901-2-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] Y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.



Who, has loved us more?

 

Re: update: all signatures bad

Reply #11
os-prober doesn't work properly unless all the partitions with OS's on are mounted before running. Otherwise you might have to open a new terminal and kill the os-prober process. Sometimes it does work if you wait long enough.
Some more ideas to try, perhaps you could get the keyring packages manually from a mirror then install them first with pacman -U.
If you are using arch repos, check if the setup for that is OK:
https://wiki.artixlinux.org/Main/Repositories#Arch_repositories
Is your CMOS battery OK and time and date set right, and perhaps even check the host name, if it's missing or something doesn't like the one you chose it can give odd effects - although that's admittedly  probably unlikely to be the trouble here.
I think there's some way to temporarily disable the need for key checking entirely in pacman.conf but besides being hideously insecure and not recommended by any responsible person, it's equally likely to break things even more if there's an underlying cause, but once in a while forcing the update like that might solve things too.

Re: update: all signatures bad

Reply #12
os-prober doesn't work properly unless all the partitions with OS's on are mounted before running. Otherwise you might have to open a new terminal and kill the os-prober process. Sometimes it does work if you wait long enough.
Some more ideas to try, perhaps you could get the keyring packages manually from a mirror then install them first with pacman -U.
If you are using arch repos, check if the setup for that is OK:
https://wiki.artixlinux.org/Main/Repositories#Arch_repositories
Is your CMOS battery OK and time and date set right, and perhaps even check the host name, if it's missing or something doesn't like the one you chose it can give odd effects - although that's admittedly  probably unlikely to be the trouble here.
I think there's some way to temporarily disable the need for key checking entirely in pacman.conf but besides being hideously insecure and not recommended by any responsible person, it's equally likely to break things even more if there's an underlying cause, but once in a while forcing the update like that might solve things too.

Just a wild guess: 
I think if I manage to do one good update the problem will vanish so temporarily disabling verification would interest me for sure but I see no way of doing that (Suse lets you do so both in the GUI yast or in the cLi zypper). As it is I can't even update pacman to the newer version.

As for os-prober Suse runs it all the time and it never times out, not sure if the partitions are not mounted by os-prober itself, the process is hidden from the user.  This in itself is not a major problem, it just means the the next boot fails into the grub shell, if you have other systems and they do conform to the /boot/vmlinuz & /boot/initrd standard then you just boot that manually and redo the grub thing from one of them.

Adendum:
I mader this edit in /etc/pacman.conf

 ###############################################
###############################################
#SigLevel    = Required DatabaseOptional
SigLevel    = Optional
###############################################
###############################################

but it makes no difference


Code: [Select]
(778/778) checking package integrity                               [####################################] 100%
error: mesa: signature from "Artix Buildbot <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/mesa-1:24.0.5-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.

# pacman -U /var/cache/pacman/pkg/mesa-1:24.0.5-1-x86_64.pkg.tar.zst
loading packages...
error: '/var/cache/pacman/pkg/mesa-1:24.0.5-1-x86_64.pkg.tar.zst': invalid or corrupted package (PGP signature)



Who, has loved us more?

Re: update: all signatures bad

Reply #13
Have you tried:

SigLevel = Never

Just temporarily while you update of course, otherwise you will have even bigger problems  :)

Re: update: all signatures bad

Reply #14
First thing I would try is the manual keyring install, pacman -U doesn't do gpg checks and it's less drastic. Packages can be downloaded by finding a mirror address in /etc/pacman.d/mirrorlist then getting it with your browser or wget etc. in a working system :
https://ftp.cc.uoc.gr/mirrors/linux/artixlinux/galaxy/os/x86_64/archlinux-keyring-20240313-1-any.pkg.tar.zst
https://ftp.cc.uoc.gr/mirrors/linux/artixlinux/system/os/x86_64/artix-keyring-20220901-2-any.pkg.tar.zst
Then copy the packages over with a usb stick or whatever, pacman -U pkgname in the target os will install them.

Possibly if gpg is still failing afterwards then that or something related needs updating manually too, due to version incompatibilities?

There are more troubleshooting tips along with an explanation of disabling key checking in pacman.conf here on the Arch wiki:
https://wiki.archlinux.org/title/Pacman/Package_signing


Grub os-prober has a longstanding upstream bug, it's the same in Devuan. If you mount the unused directories manually before starting the install it will work normally, it can't mount them properly itself it seems and either takes ages to run or fails entirely. I'm not sure if that would work outside the install chroot  though, but it's worth a try. Another option is edit /etc/default/grub to include the line:
Code: [Select]
GRUB_DISABLE_OS_PROBER=true
but again you'll have to see how / if it works with the  installer, and if you're happy with your workaround, then fine.