• pamac PGP fails in package upgrades


    Folks,

    Because I really want a rolling linux, I’ve been playing with Antergos for a couple of years with varying degrees of success. Without going into a detailed pity-me list, a lot of my problems seem to be based on this one circumstance: I will from time to time wait several weeks between uses of the system Of course, every time I fire it up there are a potfull of updates waiting for me.

    And every time I try to process the 100+ package updates something bad happens. Not the dependency hell I was sort of expecting (that’s been mostly absent), but consistent PGP key problems. They first came when I tried to update a system that was originally 17.9 to the then-current version (18.3, I think), then from a few updates of that to 18.9, then just now when I went from that to yesterday’s version (19.4?).

    What happens is that the pamac gets as far as downloading the changed packages (242 last time), then cries foul and dies. It finds that there are PGP key mismatches on every package.

    I have spent a good deal of time chasing solutions in the forum. This thread seems to be the most inclusive in terms of things to try – but no help to me.

    But sudo pacman -Su worked. All packages downloaded and installed with no problems.

    Today pamac said I had 14 packages waiting for me to upgrade. Again they all downloaded, then all failed to install. Here’s a snip from the log:

    Downloading linux-headers (5.0.13.arch1-1-x86_64)...
    Checking keyring...
    Checking integrity...
    Error: iana-etc: signature from "Gaetan Bisson <[email protected]>" is invalid
    Error: glib2: signature from "Jan Alexander Steffens (heftig) <[email protected]>" is invalid
    Error: v4l-utils: signature from "Jelle van der Waa <[email protected]>" is invalid
    

    and so forth for the rest of the packages, then:

    Failed to commit transaction:
    invalid or corrupted package (PGP signature):
    

    So I called up a terminal and ran sudo pacman -Su. It worked. Here’s an excerpt of what it did:
    [[email protected] ~]$ sudo pacman -Su
    [sudo] password for dee:
    :: Starting full system upgrade…
    resolving dependencies…
    looking for conflicting packages…

    Packages (17) chromium-74.0.3729.131-3 geany-1.35.0-1 geany-plugins-1.35-1 . . .

    Total Download Size: 58.26 MiB
    Total Installed Size: 419.70 MiB
    Net Upgrade Size: 0.23 MiB

    :: Proceed with installation? [Y/n] y
    :: Retrieving packages…
    iana-etc-20190504-1-any 368.4 KiB 75.8K/s 00:05 [######################] 100%
    . . .
    python-pexpect-4.7… 71.3 KiB 11.6M/s 00:00 [######################] 100%
    (17/17) checking keys in keyring [######################] 100%
    (17/17) checking package integrity [######################] 100%
    (17/17) loading package files [######################] 100%
    (17/17) checking for file conflicts [######################] 100%
    (17/17) checking available disk space [######################] 100%
    :: Running pre-transaction hooks…
    (1/1) Remove DKMS modules
    ==> dkms remove vboxsf/6.0.6_OSE -k 5.0.12-arch2-1-ARCH
    :: Processing package changes…
    ( 1/17) upgrading iana-etc [######################] 100%
    . . .
    (17/17) upgrading vte3 [######################] 100%
    . . .
    (4/8) Checking core system packages
    (5/8) Updating icon theme caches…
    (6/8) Reloading device manager configuration…
    (7/8) Arming ConditionNeedsUpdate…
    (8/8) Updating the desktop file MIME type cache…
    [[email protected] ~]$

    I can think of a couple of reasons why pamac and pacman would give different results (pacman doesn’t really care about PGP? Pacman and pamac look for keys in different places?), but I don’t think they should, and I’d like to fix whatever’s causing the pamac failure. GUIs are nice when they work.

    Any suggestions?

    Thanks for thinking about this.

  • Pamac & pacman using same libalmp. But pamac is written in Vala en mayby other code , new pamac has also a qt version , but its stil a different beast. Mayby pamac takes a old key-server. But pacman uses also pgp but also depend which key-server they uses…

  • @coqui
    Basically pacman is the most reliable package manager to use. And for AUR packages, yay is currently a great choice.

    Pamac in Antergos repo is version 7.3.4. But there is pamac-aur in AUR with version 7.3.5. Might be worth a try, but cannot say if it would solve the problem you are having.

    In addition, mirrors sometimes fail for various reasons. You may want to change mirrors with e.g. reflector or remirror.

  • i do stop using pamac at the moment here, as it causing problems on installing packages with a big number of deps and also on updating system…

    It is still good to search and analyse packages (getting info about installed files e.t.c.)
    This is affecting all available versions, accept pamac-classic (but this do not show updates under GNOME)

  • I usually update my system once a month or more, because i have to travel from time to time and leave my pc.

    I have this alias (you can add it to you .bashrc file
    alias u='sudo haveged -w 1024; sudo pacman-key --init; sudo pacman-key --populate; sudo pacman-key --refresh-keys; sudo pkill haveged; sudo cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.bak; sudo reflector --verbose --age 8 --fastest 128 --latest 64 --number 32 --sort rate --save /etc/pacman.d/mirrorlist; sudo pacman -Syy'

    I always run it before upgrading my system. Simply type u, password and wait.

    After that i simply run sudo pacman -Syu
    OBS1: I have reflector installed here.
    OBS2: I just use pamac to search for packages, rarely i install anything through it.

  • Thank you all for your quick responses. It sounds like I shouldn’t rely on pamac, though it’s handy for telling me that there are packages available (when it turns red in the tray). Thanks for steering me to reflector, remirror,and yay and especially @fernandomaroto for the alias. I see I have a good deal of man reading ahead of me to figure out precisely what this string of commands does.

    I do appreciate hearing how others deal with the problems I encounter. I’ll mark this “solved” as soon as I figure out how to do that.

  • @coqui

    You’re welcome, that alias is because i’m lazy to do stuff in separate steps and haveged is not totally necessary.

    The 3 commands bellow try to fix your keyring if you update too long ago:
    sudo pacman-key --init
    sudo pacman-key --populate
    sudo pacman-key --refresh-keys

    This backup your mirrorlist before using reflector (just in case you know)
    sudo cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.bak

    This uses reflector, which checks the fastest mirrors at the current time and save them
    sudo reflector --verbose --age 8 --fastest 128 --latest 64 --number 32 --sort rate --save /etc/pacman.d/mirrorlist

    This syncs your database
    sudo pacman -Syy

    It’s easier to use that huge alias, since it does every steps one less typing.
    In the alias the commands are separeted by “;”

pamac70 fails50 pgp20 upgrades7 Posts 7Views 189
Log in to reply
Bloom Email Optin Plugin

Looks like your connection to Antergos Community Forum was lost, please wait while we try to reconnect.