Skip to main content
Topic solved
This topic has been marked as solved and requires no further attention.
Topic: [SOLVED] Issue with buildbot key (Read 4725 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

[SOLVED] Issue with buildbot key

Hello everyone,

I'm having an issue with my install with pacman balking at builbot's key. I've followed the instructions from this thread, but it wasn't helpful for me.

Here is the output from gpg after running thefallenrat's suggestion:

 
Code: [Select]
 sudo pacman-key --edit-key 0A3EB6BB142C56653300420C1247D995F165BBAC


pub  rsa4096/1247D995F165BBAC
     created: 2017-06-18  expires: never       usage: SC 
     trust: ultimate      validity: ultimate
sub  rsa4096/0732C0B856D19AB4
     created: 2017-06-18  expires: never       usage: E  
[ultimate] (1). Artix Buildbot <[email protected]>
[ revoked] (2)  Cromnix (Buildbot) <[email protected]>

gpg>

How should I proceed? Thanks!

Re: Issue with buildbot key

Reply #1

 
Code: [Select]
 

gpg>

How should I proceed? Thanks!


You may quit from gpg console by running quit ..


Can you at least post the exact error message?
If I can hit that bullseye, the rest of the dominoes will fall like a house of cards. Checkmate!

Re: Issue with buildbot key

Reply #2
Hello thefallenrat,

Yes, I know to quit after updating the trust and '-Syyu' afterwards. That was posted for verification that the trust was ultimate. The output afterwards is as follows:

Code: [Select]
error: qt5-base: signature from "Artix Buildbot <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/qt5-base-5.9.2-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.

So on and so forth for the rest of the backlog.

I've followed the steps outlined in the original thread carefully. I cleared the cache, updated the mirrorlist removing SourceForge's servers, repopulated both Arch's and Artix's keyrings, ect. Still no dice for me.


EDIT: I should mention, if this is relevant, my install is two years old. I went from Arch > Arch OpenRC > Artix.

Re: Issue with buildbot key

Reply #3
Code: [Select]
% sudo pacman -S qt5-base
resolving dependencies...
looking for conflicting packages...

Packages (1) qt5-base-5.9.2-2

Total Download Size:   11.55 MiB
Total Installed Size:  57.10 MiB
Net Upgrade Size:       0.00 MiB

:: Proceed with installation? [Y/n]
:: Retrieving packages...
 qt5-base-5.9.2-2-x86_64                                                                            11.5 MiB  1991K/s 00:06 [---------------------------------------------------------------------------] 100%
(1/1) checking keys in keyring                                                                                              [---------------------------------------------------------------------------] 100%
(1/1) checking package integrity                                                                                            [---------------------------------------------------------------------------] 100%
(1/1) loading package files                                                                                                 [---------------------------------------------------------------------------] 100%
(1/1) checking for file conflicts                                                                                           [---------------------------------------------------------------------------] 100%
:: Processing package changes...
(1/1) upgrading qt5-base                                                                                                    [---------------------------------------------------------------------------] 100%

I can't reproduce it here. However, removing /etc/pacman.d/gnupg and reinstalling the keyrings gave me errors on 2 Artix keys, which I had to sign locally.

Code: [Select]
% sudo pacman-key --lsign A55C3F1BA61CAA63036D82BAFA91071797BEEEC2
% sudo pacman-key --lsign 0A3EB6BB142C56653300420C1247D995F165BBAC

If this doesn't solve your error, please run
Code: [Select]
sudo pacman -S --debug qt5-base
and post the output.

Re: Issue with buildbot key

Reply #4
Hi nous,

OK, I deleted /etc/pacman.d/gnugp, and reinitialized the keyring. I got the error posted below. I then ran both your 'pacman-key --lsign' commands and got the same output.


Code: [Select]
Package (1)     Old Version  New Version  Net Change

world/qt5-base  5.9.1-1      5.9.2-1        1.15 MiB

Total Installed Size:  57.10 MiB
Net Upgrade Size:       1.15 MiB

:: Proceed with installation? [Y/n]
debug: using cachedir: /var/cache/pacman/pkg/
debug: using cachedir: /var/cache/pacman/pkg/
checking keyring...
debug: GPGME version: 1.9.0
debug: GPGME engine info: file=/usr/bin/gpg, home=/etc/pacman.d/gnupg/
debug: looking up key 1247D995F165BBAC locally
debug: key lookup success, key exists
checking package integrity...
debug: found cached pkg: /var/cache/pacman/pkg/qt5-base-5.9.2-1-x86_64.pkg.tar.xz
debug: sig data: iQIzBAABCAAdFiEECj62uxQsVmUzAEIMEkfZlfFlu6wFAlnb/NUACgkQEkfZlfFlu6xrug/8DDr8bCspXqmjEUzDhszUM4YaGWk8T8SYB/+CzU+IzoTwr6UfWfeOW+R6WFwF/1ztamvYAHKOKmv2kx6HQpeMFeOmB5CIj4/MXIiERB8iPVFKvnfkjxqia6mJTNb/JtnC4b/W2irS8f6uidZE/WocOYVKXTcOxUH/0Z4z0Z09JGOmouLyzrPqUO6sBo8SPhGbqZNxRsy2HTeD25Vqux7nYRmGCLZ3KEWfx6hsaJM4WUucGp2pW27eDHcERqCpyQY9f/dlhgojHK8nDrRFZ6DXsxTmBWl/+H0LqwDMnwakmxN4JlsZquxQm0hw2bYRHJQ4MVxuMp+KQA7Hg+AKqjgH/WitRztUrDL2fCm+Mj3Oy+pG/wgIB48rMfG8y0FnGOtVsmyy5+ntI8Awt4Kfl7M85h3SS8drcnpa6uiRg2sPFZZLl+Tb2SAZguWpHDUeFXt4NyfmzUBfvY1y/H4QlyHujAqfmXFv/3rtkl+OXTSBbQLc23DT1g45+P1wM+gMfW1EjsiV7itnrf86zjiaguTvp8xFu1/JKF2xTcozxHKtSFEtOH67bDyj8X4nZrsQmTBMeKXvmzFF4154sVMk8mvabt4mND0qzQy/HH6EG5aYcFr8XelBcH4J0WKkXNBuDQUbLblaW0v7g/1Ld0jEjejbOzlEaI9uUvdSB6qaSsGZExg=
debug: checking signature for /var/cache/pacman/pkg/qt5-base-5.9.2-1-x86_64.pkg.tar.xz
debug: 1 signatures returned
debug: fingerprint: 1247D995F165BBAC
debug: summary: red
debug: status: Bad signature
debug: timestamp: 0
debug: exp_timestamp: 0
debug: validity: unknown; reason: Success
debug: key: 0A3EB6BB142C56653300420C1247D995F165BBAC, Cromnix (Buildbot) <[email protected]>, owner_trust unknown, disabled 0
debug: signature is not valid
error: qt5-base: signature from "Cromnix (Buildbot) <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/qt5-base-5.9.2-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]

Re: Issue with buildbot key

Reply #5
That's not right, the cromnix id I mean. Could you run
Code: [Select]
pacman-key --populate
pacman-key --refresh-keys
The correct output afterwards should be
Code: [Select]
% pacman-key -l buildbot
gpg: Note: trustdb not writable
pub   rsa4096 2017-06-18 [SC]
      0A3EB6BB142C56653300420C1247D995F165BBAC
uid           [  full  ] Artix Buildbot <[email protected]>
sub   rsa4096 2017-06-18 [E]

Re: Issue with buildbot key

Reply #6
I had to change keyservers in my /etc/pacman.d/gnupg/gpg.conf to MIT's keyserver. Having done that and '--refresh-keys', 'pacman-key -l buildbot' outputs:

Code: [Select]
pub   rsa4096 2017-06-18 [SC]
      0A3EB6BB142C56653300420C1247D995F165BBAC
uid           [  full  ] Artix Buildbot <[email protected]>
sub   rsa4096 2017-06-18 [E]

EDIT: I get the same pacman gpg error as before when installing qt5-base

Re: Issue with buildbot key

Reply #7
Make sure qt5-base is from Artix repos and not from Arch. If in doubt, issue pacman -Scc and re-download.

As a last resort, you can install without sig checking:
Code: [Select]
pacman -U /var/cache/pacman/pkg/qt5-base-5.9.2-1-x86_64.pkg.tar.xz

Re: Issue with buildbot key

Reply #8
Code: [Select]
error: qt5-base: signature from "Artix Buildbot <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/qt5-base-5.9.2-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).


That's because it happened on world repo and I can reproduce the error. It seems this is the package fault

Code: [Select]
world/qt5-base  5.9.2-2      5.9.2-1        0.00 MiB      11.55 MiB

Total Download Size:   11.55 MiB
Total Installed Size:  57.10 MiB
Net Upgrade Size:       0.00 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 qt5-base-5.9.2-1-x86_64                                                       11.5 MiB  1172K/s 00:10 [------------------------------------------------------------] 100%
(1/1) checking keys in keyring                                                                         [------------------------------------------------------------] 100%
(1/1) checking package integrity                                                                       [------------------------------------------------------------] 100%
error: qt5-base: signature from "Artix Buildbot <[email protected]>" is invalid
:: File /home/thefallenrat/.pacmancache/qt5-base-5.9.2-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

Of course my method didn't work because it only solves marginal trust issue. not invalid issue.
But that was not entirely your fault from beginning, @someone . This is package fault alright.....

@nous can you clean your package and try installing qt5-base from world repo?

Code: [Select]
sudo pacman -S world/qt5-base

If it does fail maybe we need to update that package on server ...
If I can hit that bullseye, the rest of the dominoes will fall like a house of cards. Checkmate!

Re: Issue with buildbot key

Reply #9
Hello again everyone,

I was able to get pacman to upgrade per nous's advice on post #7. Pacman first spit the same error with qt5-base as before, but with '-U', it installed and afterwards I was able to '-Syu' with no further errors. Then I rebooted... Now my system drops into an emergency shell with an error which I'll write down and share after I post this. This issue I'm not sure belongs in this thread because technically my gpg issue can be marked as solved. What's the propper protocol, new thread?

Incidentally, I found out that the Artix i3 live disc don't support either my TP-Link AC1900, nor my trusty Alfa AWUS036H wifi adapters!


EDIT: OK, my boot error is as follows:

Code: [Select]
Scanning for Btrfs filesystems
ERROR: device '/dev/mapper/artix' not found. Skipping fsck.
mount: /new_root: no filesystem type specified.
You are now being dropped into an emergency shell.
sh: can't access tty: job control turned off
[rootfs] #

Re: Issue with buildbot key

Reply #10
Ah, are you also using lvm? It looks like it. Could you post your /etc/fstab and /etc/default/grub as well as anything else relevant to booting?

Re: Issue with buildbot key

Reply #11
I doubt it's my boot configs as they have held up switching from Arch>Arch OpenRC>Artix with minor alterations.

Here they are though:

syslinux.conf:

Code: [Select]
PROMPT 0
TIMEOUT 30
MENU HIDDEN

#DEFAULT artix-hardened
DEFAULT artix-lts

MENU SEPARATOR

LABEL artix-hardened
    MENU INDENT 1
    MENU LABEL ^1] Artix Linux (Hardened)
            LINUX ../vmlinuz-linux-hardened
            APPEND cryptdevice=/dev/disk/by-uuid/9afa8aed-3aba-4010-bdeb-a974261746c7:artix root=/dev/mapper/artix rootflags=subvolid=2685 vga=0x034d,current rw
            INITRD ../initramfs-linux-hardened.img

LABEL artix-lts
MENU INDENT 1
MENU LABEL ^2] Artix Linux (LTS)
            LINUX ../vmlinuz-linux-lts
            APPEND cryptdevice=/dev/disk/by-uuid/9afa8aed-3aba-4010-bdeb-a974261746c7:artix root=/dev/mapper/artix rootflags=subvolid=2685 vga=0x034d,current rw
            INITRD ../initramfs-linux-lts.img

MENU SEPARATOR


LABEL reboot
        MENU LABEL ^R] Reboot
                COM32 reboot.c32

LABEL poweroff
        MENU LABEL ^O] Poweroff
                COM32 poweroff.c32

MENU CLEAR


My fstab relevant to booting Artix:

Code: [Select]
/dev/mapper/artix 						/      			btrfs   rw,noatime,compress=zlib,autodefrag,clear_cache,space_cache,subvolid=2685		0 1
/dev/disk/by-uuid/28580d67-d395-4a93-bbd7-b605f066055f     /boot ext4 rw,noatime,relatime,data=ordered                0 1
/dev/mapper/artix /home btrfs   rw,nodev,nosuid,noatime,compress=zlib,clear_cache,autodefrag,space_cache,subvolid=258 0 1

Re: Issue with buildbot key

Reply #12
@nous can you clean your package and try installing qt5-base from world repo?
Code: [Select]
sudo pacman -S world/qt5-base
If it does fail maybe we need to update that package on server ...

You're right, the package in [world] has got a bad signature.
Code: [Select]
% sudo pacman -S world/qt5-base
warning: downgrading package qt5-base (5.9.2-2 => 5.9.2-1)
resolving dependencies...
looking for conflicting packages...

Packages (1) qt5-base-5.9.2-1

Total Download Size:   11.55 MiB
Total Installed Size:  57.10 MiB
Net Upgrade Size:       0.00 MiB

:: Proceed with installation? [Y/n]
:: Retrieving packages...
 qt5-base-5.9.2-1-x86_64                                                                            11.5 MiB  1948K/s 00:06 [---------------------------------------------------------------------------]  99%
(1/1) checking keys in keyring                                                                                              [---------------------------------------------------------------------------] 100%
(1/1) checking package integrity                                                                                            [---------------------------------------------------------------------------] 100%
error: qt5-base: signature from "Artix Buildbot <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/qt5-base-5.9.2-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.


Then I rebooted... Now my system drops into an emergency shell with an error which I'll write down and share after I post this. This issue I'm not sure belongs in this thread because technically my gpg issue can be marked as solved. What's the propper protocol, new thread?

Code: [Select]
Scanning for Btrfs filesystems
ERROR: device '/dev/mapper/artix' not found. Skipping fsck.
mount: /new_root: no filesystem type specified.
You are now being dropped into an emergency shell.
sh: can't access tty: job control turned off
[rootfs] #

The mkinitcpio package has changed. Since you're using LVM, you must put lvm after block hook in /etc/mkinitcpio.conf (and before filesystems). Can you boot with the fallback initramfs?

Re: Issue with buildbot key

Reply #13
nous, I have a fallback for LTS, but not in my syslinux.conf. I'm going to add it and edit this post with the results.

I've edited my mkinitcpio.conf (with your recommendation), chroot, and 'mkinitcpio -p linux-lts', I then get the following:

Code: [Select]
==> Building image from preset: /etc/mkinitcpio.d/linux-lts.preset: 'default'
  -> -k /boot/vmlinuz-linux-lts -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-lts.img
hexdump: error while loading shared libraries: libtinfo.so.6: cannot open shared object file: No such file or directory
==> ERROR: invalid kernel specified: `/boot/vmlinuz-linux-lts'
==> Building image from preset: /etc/mkinitcpio.d/linux-lts.preset: 'fallback'
  -> -k /boot/vmlinuz-linux-lts -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-lts-fallback.img -S autodetect
hexdump: error while loading shared libraries: libtinfo.so.6: cannot open shared object file: No such file or directory
==> ERROR: invalid kernel specified: `/boot/vmlinuz-linux-lts'



EDIT: Actually, I have initramfs-linux-lst-fallback, but not the vmlinuz-linux-lts-fallback, so I cant' post those results.

Re: Issue with buildbot key

Reply #14
Try rebuilding ncurses5-compat-libs from AUR. I believe that's where libtinfo comes from. See if you can run mkinitcpio again after that.

Sorry that's not right. libtinfo.so.6 should come from the latest version of ncurses which is 6.0. Do you have an old version of libtinfo or something?