• Update fails with "key ... disabled" error, can't delete or --ignore


    I tried to do a quick GUI update last week, but it stopped with several errors. Today I went into the terminal to work through them. Here is the original problem:

    (283/283) checking package integrity                                         [###########################################] 100%
    error: elinks: key "Alad Wenter <[email protected]>" is disabled
    :: File /var/cache/pacman/pkg/elinks-0.13-21-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
    Do you want to delete it? [Y/n] n
    error: mc: key "Alad Wenter <[email protected]>" is disabled
    :: File /var/cache/pacman/pkg/mc-4.8.22-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
    Do you want to delete it? [Y/n] n
    error: failed to commit transaction (invalid or corrupted package)
    Errors occurred, no packages were upgraded.
    

    And yes, there are revoked keys - but they are obsolete addresses! Why is the whole key “disabled”?:

    [[email protected] ~]$ sudo pacman-key --list-sigs | grep alad
    uid           [  full  ] Alad Wenter <[email protected]>
    sig 3        6BC26A17B9B7018A 2018-03-29  Alad Wenter <[email protected]>
    sig          6BC26A17B9B7018A 2018-03-29  Alad Wenter <[email protected]>
    [[email protected] ~]$ sudo pacman-key --edit-key 6BC26A17B9B7018A
    
    pub  ed25519/6BC26A17B9B7018A
         created: 2017-09-07  expires: 2019-03-29  usage: SC
         trust: unknown       validity: full
    *** This key has been disabled
    sub  cv25519/56BC98A0ED1781EB
         created: 2017-09-07  expires: 2019-03-29  usage: E
    [  full  ] (1). Alad Wenter <[email protected]>
    [ revoked] (2)  Alad Wenter <[email protected]>
    [ revoked] (3)  Alad Wenter <[email protected]>
    

    I’ve wasted many hours searching the web…
    My exact problem:
    https://bugs.archlinux.org/task/61296
    “Then somewhere in your history, an update failed.”

    There is supposedly a fix out there:
    https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/archlinux-keyring&id=95de01bb0b1d2e9e09fe46c3f01fcf5b8efec8a4
    “New release; reenable Alad’s key”

    I tried:
    https://bbs.archlinux.org/viewtopic.php?id=243210
    $ pacman-key --edit-key alad
    gpg> enable
    gpg> save
    And it seemed to be enabled, but pacman still failed.

    Deep in the keychain system, didn’t help, no undefined higher keys:
    https://bbs.archlinux.org/viewtopic.php?id=233480

    I’ve tried:
    [[email protected] ~]$ sudo pacman-key --refresh-keys
    [[email protected] ~]$ sudo pacman -S archlinux-keyring
    [[email protected] ~]$ sudo pacman -S archlinux-appstream-data
    [[email protected] ~]$ sudo pacman -S pacman
    [[email protected] ~]$ sudo pacman -Syu --ignore elinks-0.13-21,mc-4.8.22-1

    The key problem seemed fixed:

    [[email protected] ~]$ sudo pacman-key --list-sigs | grep alad
    uid           [  full  ] Alad Wenter <[email protected]>
    sig 3        6BC26A17B9B7018A 2018-03-29  Alad Wenter <[email protected]>
    sig 3        6BC26A17B9B7018A 2019-01-22  Alad Wenter <[email protected]>
    sig          6BC26A17B9B7018A 2018-03-29  Alad Wenter <[email protected]>
    sig          6BC26A17B9B7018A 2019-01-22  Alad Wenter <[email protected]>
    [[email protected] ~]$
    

    But no matter what I tried I got this:

    [[email protected] ~]$ sudo pacman -Syu --ignore elinks-0.13-21,mc-4.8.22-1
    :: Synchronizing package databases...
     antergos is up to date
     core is up to date
     extra is up to date
     community is up to date
     multilib is up to date
    :: Starting full system upgrade...
    resolving dependencies...
    looking for conflicting packages...
    warning: dependency cycle detected:
    warning: phonon-qt5-vlc will be installed before its phonon-qt5 dependency
    
    Packages (281) accountsservice-0.6.54+2+g204a4ab-2  alsa-lib-1.1.8-1  alsa-plugins-1.1.8-1  alsa-utils-1.1.8-1
                   attica-5.54.0-1  autoconf-archive-1:2019.01.06-1  avahi-0.7+18+g1b5f401-1  bash-5.0.0-1  bc-1.07.1-3
                   bind-tools-9.13.5-4  binutils-2.31.1-4  bluez-5.50-6  bluez-libs-5.50-6  bluez-tools-0.2.0-4
                   bluez-utils-5.50-6  boost-libs-1.69.0-1  btrfs-progs-4.19.1-1  cinnamon-4.0.9-1  cjs-4.0.0-2  cmake-3.13.3-1
                   cryfs-0.9.10-1  cups-2.2.10-2  cups-filters-1.22.0-1  cups-pk-helper-0.2.6-3  curl-7.63.0-4  dbus-1.12.12-1
                   device-mapper-2.02.183-2  diffutils-3.7-1  dnsmasq-2.80-2  e2fsprogs-1.44.5-1  elinks-0.13-21  eog-3.28.4-2
                   exempi-2.5.0-1  filesystem-2018.12-2  firefox-64.0.2-1  flashplugin-32.0.0.114-1  fuse-common-3.4.1-1
                   fuse2-2.9.9-1  fuse3-3.4.1-1  gawk-4.2.1-2  gcr-3.28.1-1  gdbm-1.18.1-2  geoclue2-2.5.2-2  ghostscript-9.26-2
                   git-2.20.1-1  glib2-2.58.3-1  glib2-docs-2.58.3-1  gmime3-3.2.3-2  gnome-online-accounts-3.30.1-1
                   gnupg-2.2.12-2  gnutls-3.6.6-1  gobject-introspection-runtime-1.58.3-1  graphite-1:1.3.13-1  grep-3.3-1
                   gsfonts-20180524-2  gssdp-1.0.3-1  gtk-update-icon-cache-3.24.4+15+g80b5024239-1  gtk3-3.24.4+15+g80b5024239-1
                   gtkd-3.8.5-1  guile-2.2.4-2  gupnp-igd-0.2.5-1  gvfs-1.38.1+8+ge4eec2bc-1  gvfs-goa-1.38.1+8+ge4eec2bc-1
                   gvfs-google-1.38.1+8+ge4eec2bc-1  gvfs-mtp-1.38.1+8+ge4eec2bc-1  gvfs-smb-1.38.1+8+ge4eec2bc-1  gzip-1.10-1
                   harfbuzz-2.3.0-1  harfbuzz-icu-2.3.0-1  hplip-1:3.18.12-2  hunspell-1.7.0-2  iana-etc-20181219-1
                   imagemagick-7.0.8.25-1  inetutils-1.9.4-7  intel-tbb-2019.3-1  iperf-2.0.13-1  iproute2-4.20.0-1
                   iputils-20180629.f6aac8d-3  irssi-1.1.2-1  iso-codes-4.2-1  jack-0.125.0-7  js52-52.9.0-2  karchive-5.54.0-1
                   kauth-5.54.0-2  kbookmarks-5.54.0-1  kcodecs-5.54.0-1  kcompletion-5.54.0-1  kconfig-5.54.0-1
                   kconfigwidgets-5.54.0-1  kcoreaddons-5.54.0-1  kcrash-5.54.0-1  kdbusaddons-5.54.0-1  kglobalaccel-5.54.0-1
                   kguiaddons-5.54.0-1  ki18n-5.54.0-1  kiconthemes-5.54.0-1  kinit-5.54.0-1  kio-5.54.1-1  kitemviews-5.54.0-1
                   kjobwidgets-5.54.0-1  knewstuff-5.54.0-1  knotifications-5.54.0-1  knotifyconfig-5.54.0-1  konsole-18.12.1-1
                   kparts-5.54.0-1  kpty-5.54.0-1  kservice-5.54.0-1  ktextwidgets-5.54.0-1  kwallet-5.54.0-1  kwayland-5.54.0-1
                   kwidgetsaddons-5.54.0-1  kwindowsystem-5.54.0-1  kxmlgui-5.54.0-1  lftp-4.8.4-4  lib32-libdrm-2.4.97-1
                   lib32-libelf-0.175-1  lib32-libxml2-2.9.9-1  lib32-llvm-libs-7.0.1-1  lib32-mesa-18.3.2-1  lib32-ncurses-6.1-4
                   lib32-readline-8.0.0-1  lib32-xz-5.2.4-1  libassuan-2.5.2-1  libcdr-0.1.5-1  libcmis-0.5.2-2  libcups-2.2.10-2
                   libdrm-2.4.97-1  libedit-20181209_3.1-1  libetonyek-0.1.9-1  libgpg-error-1.34-1  libgphoto2-2.5.22-1
                   libgsf-1.14.45-1  libgxps-0.3.1-1  libidn2-2.1.0-1  libimagequant-2.12.2-1  libinput-1.12.6-1
                   libixion-0.14.1-2  libldap-2.4.47-1  liblphobos-2:1.13.0-1  libmagick-7.0.8.25-1  libmbim-1.18.0-1
                   libmm-glib-1.10.0-1  libnghttp2-1.35.1-1  libnice-0.1.15-1  libnm-1.14.5dev+17+gba83251bb-2
                   libnm-glib-1.14.5dev+17+gba83251bb-2  liborcus-0.14.1-2  libplacebo-1.7.0-1  libpng-1.6.36-1  libpsl-0.20.2-3
                   libqmi-1.22.0-1  libqxp-0.0.2-1  libraw-0.19.2-1  libreoffice-fresh-6.1.4-4  librsvg-2:2.44.12-1
                   libsasl-2.1.26-16  libsecret-0.18.7-1  libsodium-1.0.17-1  libspeechd-0.8.8-3  libssh-0.8.6-1
                   libsynctex-2018.48691-5  libsystemd-240.34-3  libteam-1.28-2  libunwind-1.3.1-1  libutil-linux-2.33.1-2
                   libuv-1.25.0-1  libva-2.4.0-1  libva-intel-driver-2.3.0-2  libwbclient-4.9.4-2  libwebp-1.0.2-1
                   libwpd-0.10.3-1  libwpg-0.3.3-1  libxml2-2.9.9-1  libxslt-1.1.33-1  linux-4.20.4.arch1-1
                   linux-firmware-20190118.a8b75ca-1  linux-headers-4.20.4.arch1-1  llvm-libs-7.0.1-2  lmdb-0.9.23-1  lua-5.3.5-2
                   lua51-5.1.5-8  lua52-5.2.4-4  lvm2-2.02.183-2  man-db-2.8.5-1  mc-4.8.22-1  mesa-18.3.2-1  mesa-vdpau-18.3.2-1
                   mobile-broadband-provider-info-20190116-1  modemmanager-1.10.0-1  nasm-2.14.02-1  ncurses-6.1-6  nemo-4.0.6-2
                   net-snmp-5.8-2  networkmanager-1.14.5dev+17+gba83251bb-2  networkmanager-openvpn-1.8.8-2
                   networkmanager-pptp-1.2.8-2  p11-kit-0.23.15-1  pacman-mirrorlist-20190109-1  pamac-7.3.4-1  pango-1:1.42.4-1
                   parted-3.2-8  pcre-8.42-2  pcre2-10.32-2  pepper-flash-32.0.0.114-1  phonon-qt5-4.10.2-1
                   phonon-qt5-vlc-0.10.2-1  pkgconf-1.6.0-1  polkit-0.115+24+g5230646-1  poppler-0.73.0-1  poppler-glib-0.73.0-1
                   pyqt5-common-5.11.3-3  python-3.7.2-3  python-lockfile-0.12.2-4  python-lxml-4.3.0-1  python-msgpack-0.6.0-1
                   python-packaging-19.0-1  python-pep517-0.5.0-1  python-pillow-5.4.1-1  python-psutil-5.5.0-1
                   python-pygments-2.3.1-1  python-pyparsing-2.3.1-1  python-pyqt5-5.11.3-3  python-requests-2.21.0-1
                   python-setuptools-1:40.7.0-1  python-six-1.12.0-1  python2-2.7.15-4  qpdf-8.3.0-1  qt4-4.8.7-27
                   qt5-base-5.12.0-3  qt5ct-0.37-1  re2-20190101-1  readline-8.0.0-1  redland-1:1.0.17-7  rhash-1.3.7-1
                   rtkit-0.11+10+g493a135-1  rust-1:1.32.0-1  s-nail-14.9.11-2  samba-4.9.4-2  sed-4.7-1  shadow-4.6-2
                   smbclient-4.9.4-2  solid-5.54.0-1  sonnet-5.54.0-1  source-highlight-3.1.8-18  speech-dispatcher-0.8.8-3
                   sqlite-3.26.0-2  sshfs-3.5.1-1  sudo-1.8.27-1  suitesparse-5.4.0-1  system-config-printer-1.5.11-4
                   systemd-240.34-3  systemd-sysvcompat-240.34-3  tar-1.31-2  terminus-font-4.47-2  tilix-1.8.9-1
                   totem-plparser-3.26.2-1  tracker-miners-2.1.5-3  tslib-1.19-1  ttf-liberation-2.00.4-1  tzdata-2018i-1
                   unrar-1:5.7.1-1  usbmuxd-1.1.0+48+g1cc8b34-3  util-linux-2.33.1-2  v4l-utils-1.16.3-1  vim-8.1.0751-1
                   vim-runtime-8.1.0751-1  vivaldi-2.2.1388.34-1  vlc-3.0.6-1  vulkan-icd-loader-1.1.96+3009+32d33e965-1
                   wget-1.20.1-2  whois-5.4.0-2  wireshark-cli-2.6.6-1  wireshark-common-2.6.6-1  wireshark-qt-2.6.6-1
                   wpa_supplicant-2:2.6-2  xf86-video-intel-1:2.99.917+859+g33ee0c3b-1  xfsprogs-4.19.0-2  xorg-xcursorgen-1.0.7-1
                   youtube-dl-2019.01.17-1  zeromq-4.3.1-1  zstd-1.3.8-1
    
    Total Download Size:      2.46 MiB
    Total Installed Size:  3661.33 MiB
    Net Upgrade Size:        55.81 MiB
    
    :: Proceed with installation? [Y/n] y
    :: Retrieving packages...
     elinks-0.13-21-x86_64                              810.0 KiB  1240K/s 00:01 [###########################################] 100%
     mc-4.8.22-1-x86_64                                1708.2 KiB  1756K/s 00:01 [###########################################] 100%
    (281/281) checking keys in keyring                                           [###########################################] 100%
    (281/281) checking package integrity                                         [###########################################] 100%
    error: elinks: key "Alad Wenter <[email protected]>" is disabled
    :: File /var/cache/pacman/pkg/elinks-0.13-21-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
    Do you want to delete it? [Y/n] y
    error: mc: key "Alad Wenter <[email protected]>" is disabled
    :: File /var/cache/pacman/pkg/mc-4.8.22-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
    Do you want to delete it? [Y/n] y
    error: failed to commit transaction (invalid or corrupted package)
    Errors occurred, no packages were upgraded.
    [[email protected] ~]$
    

    Pacman insists the key is still disabled, refuses to --ignore those packages, and refuses to delete them.

    And then this forum refused to accept my password, refused to send the password reset eMail, and took an hour to send the new signup email - but it let me sign up with the same old username and password, so I guess it had forgotten me completely.

    But… While typing this I went back and enabled the key one more time:

    [[email protected] ~]$ sudo pacman-key --edit-key alad
    
    pub  ed25519/6BC26A17B9B7018A
         created: 2017-09-07  expires: 2020-03-17  usage: SC
         trust: unknown       validity: full
    *** This key has been disabled
    sub  cv25519/56BC98A0ED1781EB
         created: 2017-09-07  expires: 2020-03-17  usage: E
    [  full  ] (1). Alad Wenter <[email protected]>
    [ revoked] (2)  Alad Wenter <[email protected]>
    [ revoked] (3)  Alad Wenter <[email protected]>
    
    gpg> enable
    
    gpg> save
    Key not changed so no update needed.
    ==> Updating trust database...
    gpg: marginals needed: 3  completes needed: 1  trust model: pgp
    gpg: depth: 0  valid:   1  signed:   9  trust: 0-, 0q, 0n, 0m, 0f, 1u
    gpg: depth: 1  valid:   9  signed:  82  trust: 0-, 0q, 0n, 9m, 0f, 0u
    gpg: depth: 2  valid:  76  signed:  13  trust: 76-, 0q, 0n, 0m, 0f, 0u
    gpg: next trustdb check due at 2019-05-10
    [[email protected] ~]$
    

    And that time it worked! Maybe doing it right after a system restart made the difference?

    Still…
    Why wouldn’t it --ignore those packages?
    Why can’t you delete them from the install list and have the update continue?

  • @LorenAmelang said in Update fails with "key ... disabled" error, can't delete or --ignore:

    Alad Wenter [email protected]

    seems you are a second person with the same packager key issue, every just reset the keys ?

    https://wiki.archlinux.org/index.php/Pacman/Package_signing#Resetting_all_the_keys

    or removing some in the cache of that ?

  • @ringo32

    I saw that, but wasn’t sure what I was supposed to add back:
    “you can remove /etc/pacman.d/gnupg folder as root and rerun pacman-key --init and following that add the keys as preferred.” Does it do more than “–refresh-keys” can?

    When I found “sudo pacman-key --refresh-keys”, that seemed safer to try. And it looked like it worked, the list of Alad’s keys changed to the new versions - for awhile. But it seemed like trying to run the update corrupted them back. Or something did… When I did the “sudo pacman-key --edit-key alad” “enable, save” steps followed immediately by the update command it worked.

  • sudo pacman -Syyu
    sudo haveged -w 1024

    sudo pacman-key --init && sudo pacman-key --populate archlinux && sudo pacman-key --refresh-keys

    sudo pkill haveged
    sudo pacman -Syyu

  • @trytip
    Thanks for suggesting what to search for! Looks authoritative…
    So for those like me who aren’t…

    Passing two --refresh or -y flags will force a refresh of all package lists even if they appear to be up to date.

    https://github.com/asciiprod/haveged
    [For use in processing keys,] an adequate supply of random numbers can be maintained by feeding additional entropy into /dev/random pool via a file system interface. The haveged daemon was created to fulfill this function using random data generated by the HAVEGE algorithm.

    https://wiki.archlinux.org/index.php/Pacman/Package_signing
    Initializing the keyring
    (For this initialization, entropy is required.)
    To set up the pacman keyring use:

    # pacman-key --init
    

    Verifying the master keys
    The initial setup of keys is achieved using:

    # pacman-key --populate archlinux
    

    Adding developer keys
    keys can also be updated manually using pacman-key --refresh-keys (as root). While doing --refresh-keys, your local key will also be looked up on the remote keyserver, and you will receive a message about it being not found. This is nothing to be concerned about.

    Makes sense. Wish I’d found that Package_signing link early yesterday!

    And it says:
    Warning: pacman-key depends on system time. If your system clock is wrong, you’ll get:
    error: PackageName: signature from “User [email protected]” is invalid
    error: failed to commit transaction (invalid or corrupted package (PGP signature))
    Errors occured, no packages were upgraded.

    That’s the error I kept seeing. I wonder if that explains the original problem last week - I started the GUI update immediately after waking from hibernation, and I’ve noticed it sometimes takes several minutes for the system clock (and the battery gauge) to update to the current situation. But I know yesterday was all performed with a proper time setting. And the Alad keys were definitely obsolete when I first inspected them.

  • @LorenAmelang just rename the gnupg folder with --init normally it checks also intoo the keyserver
    thats for pacman-key --populate archlinux antergos && sdo pacman-key --refresh-keys

    some key servers get blocked by isp

pacman119 key25 disabled6 revoked1 Posts 6Views 230
Log in to reply
Bloom Email Optin Plugin

Looks like your connection to Antergos Community Forum was lost, please wait while we try to reconnect.