Skip to main content
Topic solved
This topic has been marked as solved and requires no further attention.
Topic: New primary mirror (Read 9627 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Re: New primary mirror

Reply #45
libsodium still gives invalid pgg package
Of course it doesn't. My method above only works with marginal trust issue. For invalid package you need to remove the faulty package, use the correct mirror[1] in /etc/pacman.d/mirrorlist , force refresh[2] and re-update again[2]

Code: [Select]
[1] Server = http://mirror1.artixlinux.org/repos/$repo/os/$arch
[2] sudo pacman -Syyu
If I can hit that bullseye, the rest of the dominoes will fall like a house of cards. Checkmate!

Re: New primary mirror

Reply #46
ok np thanks!

Re: New primary mirror

Reply #47
Code: [Select]
error: boost-libs: signature from "Cromnix (Buildbot) <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/boost-libs-1.65.1-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: source-highlight: signature from "Cromnix (Buildbot) <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/source-highlight-3.1.8-13-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.

Re: New primary mirror

Reply #48
Of course it doesn't. My method above only works with marginal trust issue. For invalid package you need to remove the faulty package, use the correct mirror[1] in /etc/pacman.d/mirrorlist , force refresh[2] and re-update again[2]

Code: [Select]
[1] Server = http://mirror1.artixlinux.org/repos/$repo/os/$arch
[2] sudo pacman -Syyu

My primary mirror is as listed, and I am using  the -Syyu options, but I get the invalid signature from both imagemagick and libsodium.
Code: [Select]
error: boost-libs: signature from "Cromnix (Buildbot) <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/boost-libs-1.65.1-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: source-highlight: signature from "Cromnix (Buildbot) <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/source-highlight-3.1.8-13-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.


I had this error.  I don't remember which one fixed it. but I refreshed my pacman keys, reinstalled the artix-keyring package, and ran pacman -Syyu.  At the end of this, the invalid signature error switched from cromnix to artix.

Re: New primary mirror

Reply #49
I have the same problem as above. I graduated from cromnix to artix but still have this invalid/corrupt checksum message. Repo's are correct &etc. everything seems good. Was a fresh LXQt Artix install, it tempted me away from my (already de-D'd) rolling Arch of five years.

Apologies my first post is an issue. I'm actually very grateful for Artix.

Edit: decided to upgrade from community and extra via AUR for the same package versions and everything went through. Very curious about this hiccup though.

Edit: (as per gentermnl correctly states below, I didn't pull from the AUR specifically, just I have an aur command I run to give me a nice visual.)

Re: New primary mirror

Reply #50
It seems I had more than one problem, but after I fixed the marginal trust issue for Artix Buildbot per the instructions above, I still had the invalid package error for libsodium and imagemagick.  Similar to the previous post, I did pacman -Ss for each, and selected to install from the alternate repository.  Is it possible there really are some invalid packages out there?

Re: New primary mirror

Reply #51
I just reinstalled imagemagick and libsodium on my system. I did find that the original downloaded packages needed to be deleted and downloaded again due to the original downloads having an invalid signature error.
Code: [Select]
error: imagemagick: signature from "Cromnix (Buildbot) <[email protected]>" is invalid
error: libsodium: signature from "Cromnix (Buildbot) <[email protected]>" is invalid
Once the stored packages where deleted, these packages installed successfully. Although if the packages do have a new signature, a new package version would guarantee that the package would be updated without any problem since it will be seen as a update and ignore the previous version with the invalid signature. Also it would allow one to see if the mirror being selected was truly up to-date.
To fix the issue as stated before one will have to overwrite the original database with a pacman -Syyu once the testing repositories are listed above the standard ones and the /etc/pacman.d/mirrorlist file is up to-date. One may have to manually correct the mirrorlist file to ensure that the list is current and valid as listed in a previous post by fungalnet with the new repositories at the top of the repository list. It could be that one of the mirrors has not be refreshed recently that is being used by the system due to the package version being the same. In that case, I would either edit the mirrorlist and comment out all but the first repository to force it to be used even if it has a slow connection. Or backup the file and create a new one with only with this mirror listed.
Code: [Select]
Server = http://mirror1.artixlinux.org/repos/$repo/os/$arch
My system was a fresh install with the first release of the LXQT Artix Linux ISO. The new mirrorlist file was manual downloaded and installed when it was first announced. I edited the /etc/pacman.conf file and made the testing versions of the repositories listed prior to the stable ones since testing is more inline with the Archlinux releases then the database was overwritten with the pacman -Syyu command.

Re: New primary mirror

Reply #52
I try the steps here but I failed to update

https://wiki.manjaro.org/index.php/Pacman_troubleshooting#Errors_about_Keys

I also tried the proposed solution of marginal trust and I still get errors:
```bash
(98/98) checking keys in keyring                                                                                     [######################################################################] 100%
(98/98) checking package integrity                                                                                   [######################################################################] 100%
error: imagemagick: signature from "Artix Buildbot <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/imagemagick-6.9.9.20-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] Y
error: libsodium: signature from "Artix Buildbot <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/libsodium-1.0.15-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] Y
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.
```
Keep it Simple. Simple is Secure, Simple is Beautiful.

Re: New primary mirror

Reply #53
I try the steps here but I failed to update

https://wiki.manjaro.org/index.php/Pacman_troubleshooting#Errors_about_Keys

Did you add artix to 2 and 4?

Step 2:

from
sudo pacman -Sy gnupg archlinux-keyring manjaro-keyring
to
sudo pacman -Sy gnupg archlinux-keyring artix-keyring

Step 4:

from
sudo pacman-key --populate archlinux manjaro
to
sudo pacman-key --populate archlinux artix


Also either skip step 5 or do the aforementioned (roughly, this is because the gpg trust of keys is dependent on other trusted keys to vouch for our key and our key just hasn't gotten enough vouches in the trust system):

If you are receiving the marginal trust issue, you can manually trust it by doing the following :
* Assuming Artix Buildbot key is the culprit


  • Edit the key (0A3EB6BB142C56653300420C1247D995F165BBAC)
Code: [Select]
sudo pacman-key --edit-key 0A3EB6BB142C56653300420C1247D995F165BBAC

  • On gpg console, run trust , and choose ultimate
Code: [Select]
Please decide how far you trust this user to correctly verify other users' keys
(by looking at passports, checking fingerprints from different sources, etc.)

  1 = I don't know or won't say
  2 = I do NOT trust
  3 = I trust marginally
  4 = I trust fully
  5 = I trust ultimately
  m = back to the main menu

Your decision? 5
  • Exit from gpg console by running quit and try to re-update again (sudo pacman -Syyu)

Re: New primary mirror

Reply #54

So for completeness sake, a simplified how-to reset your pacman's keys:

1a. Reinstall keyrings including the latest keys:

sudo pacman -Sy gnupg archlinux-keyring artix-keyring --force

1b. If step 1a doesn't work, do only step 2 and go back to step 1a. Otherwise proceed to step 2.

2. Remove old (and possibly broken) keys by entering this command:

sudo rm -r /etc/pacman.d/gnupg

3. Initialize the pacman keyring:

sudo pacman-key --init

4. Load the signature keys:

sudo pacman-key --populate archlinux artix

5. Clear out the software packages downloaded during the aborted installation (optional):

sudo pacman -Sc

6. Carry on.

sudo pacman -Syyuu

Re: New primary mirror

Reply #55
Everything seems to be working now.

Re: New primary mirror

Reply #56
Hello, same theme but with today's kernel.

So, I did the procedure of the above post with normal results. Then:
Code: [Select]
# pacman -Syyu
:: Synchronising package databases...
...
:: Starting full system upgrade...
warning: bash: local (4.4.012-3) is newer than system (4.4.012-2)
warning: cogl: local (1.22.2+11+g811f285a-1) is newer than extra (1.22.2+10+g3baa2d7a-1)
warning: colord: local (1.4.1-1) is newer than world (1.3.5-1)
warning: gtk-engine-murrine: local (0.98.2-2.2) is newer than community (0.98.2-2)
warning: lib32-openssl: local (1:1.1.0.f-1.1) is newer than multilib (1:1.1.0.f-1)
warning: mate-desktop: local (1.18.0-1.1) is newer than community (1.18.0-1)
warning: mkinitcpio-nfs-utils: local (0.3-5.3) is newer than system (0.3-5)
warning: terminus-font: local (4.46-1.1) is newer than community (4.46-1)
resolving dependencies...
looking for conflicting packages...

Packages (3) linux-lts-4.9.58-1  linux-lts-headers-4.9.58-1  util-linux-2.31-1

Total Download Size:    68.81 MiB
Total Installed Size:  144.05 MiB
Net Upgrade Size:       -0.15 MiB

:: Proceed with installation? [Y/n]
:: Retrieving packages...
 util-linux-2.31-1-x...  1941.0 KiB  2.46M/s 00:01 [######################] 100%
 linux-lts-4.9.58-1-...    59.7 MiB  3.35M/s 00:18 [######################] 100%
 linux-lts-headers-4...     7.3 MiB  3.42M/s 00:02 [######################] 100%
(3/3) checking keys in keyring                     [######################] 100%
(3/3) checking package integrity                   [######################] 100%
error: linux-lts: signature from "Cromnix (Buildbot) <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/linux-lts-4.9.58-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
I could upgrade all the other packages. util-linux also doesn't upgrade due to conflict (rfkill already exists on filesystem). Have to investigate this one.

Re: New primary mirror

Reply #57
Hello, same theme but with today's kernel.

So, I did the procedure of the above post with normal results. Then:
Code: [Select]
# pacman -Syyu
:: Synchronising package databases...
...
:: Starting full system upgrade...
warning: bash: local (4.4.012-3) is newer than system (4.4.012-2)
warning: cogl: local (1.22.2+11+g811f285a-1) is newer than extra (1.22.2+10+g3baa2d7a-1)
warning: colord: local (1.4.1-1) is newer than world (1.3.5-1)
warning: gtk-engine-murrine: local (0.98.2-2.2) is newer than community (0.98.2-2)
warning: lib32-openssl: local (1:1.1.0.f-1.1) is newer than multilib (1:1.1.0.f-1)
warning: mate-desktop: local (1.18.0-1.1) is newer than community (1.18.0-1)
warning: mkinitcpio-nfs-utils: local (0.3-5.3) is newer than system (0.3-5)
warning: terminus-font: local (4.46-1.1) is newer than community (4.46-1)
resolving dependencies...
looking for conflicting packages...

Packages (3) linux-lts-4.9.58-1  linux-lts-headers-4.9.58-1  util-linux-2.31-1

Total Download Size:    68.81 MiB
Total Installed Size:  144.05 MiB
Net Upgrade Size:       -0.15 MiB

:: Proceed with installation? [Y/n]
:: Retrieving packages...
 util-linux-2.31-1-x...  1941.0 KiB  2.46M/s 00:01 [######################] 100%
 linux-lts-4.9.58-1-...    59.7 MiB  3.35M/s 00:18 [######################] 100%
 linux-lts-headers-4...     7.3 MiB  3.42M/s 00:02 [######################] 100%
(3/3) checking keys in keyring                     [######################] 100%
(3/3) checking package integrity                   [######################] 100%
error: linux-lts: signature from "Cromnix (Buildbot) <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/linux-lts-4.9.58-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
I could upgrade all the other packages. util-linux also doesn't upgrade due to conflict (rfkill already exists on filesystem). Have to investigate this one.

Yeah,  linux-lts-4.9.58-1  and linux-lts-headers-4.9.58-1 didn't work for me either. But, linux-lts-4.9.58-2 and linux-lts-headers-4.9.58-2 are out for system-testing and working.

Thanks devs!

Re: New primary mirror

Reply #58
So for completeness sake, a simplified how-to reset your pacman's keys:

1a. Reinstall keyrings including the latest keys:

sudo pacman -Sy gnupg archlinux-keyring artix-keyring --force

1b. If step 1a doesn't work, do only step 2 and go back to step 1a. Otherwise proceed to step 2.

2. Remove old (and possibly broken) keys by entering this command:

sudo rm -r /etc/pacman.d/gnupg

3. Initialize the pacman keyring:

sudo pacman-key --init

4. Load the signature keys:

sudo pacman-key --populate archlinux artix

5. Clear out the software packages downloaded during the aborted installation (optional):

sudo pacman -Sc

6. Carry on.

sudo pacman -Syyuu

Could you create a wiki entry with this? Maybe a Troubleshooting page?

Re: New primary mirror

Reply #59
Code: [Select]
sudo pacman -Syyuu

No, no, no, this is downgrade, we must not have such misuse/wrong command on wiki for upgrade.
This still plagues manjaro and it hard to correct.

Code: [Select]
sudo pacman -Syyu

This is upgrade with db additional sync