• Error with antergos-keyring


    Hi. Today I can’t update my system because this error:

    error: antergos-keyring: signature from "Antergos Build Server (Automated Package Build System) <[email protected]>" is unknown trust
    :: El archivo /var/cache/pacman/pkg/antergos-keyring-20170524-1-any.pkg.tar.xz está dañado (paquete no válido o dañado (firma PGP)).
    ¿Quiere eliminarlo? [S/n] n
    error: no se pudo realizar la operación (paquete no válido o dañado)
    

    Any help how to fix it?

  • @logos88 There some answers to this on this thread: https://forum.antergos.com/topic/6962/numix-icon-theme-signature-is-unknown-trust

    The following is the only answer who worked for me:

    sudo pacman -Scc  <-- reply with explicit y to the first question
    sudo pacman -Syy
    sudo pacman -S haveged
    sudo haveged -w 1024
    sudo pacman-key --init
    sudo pacman-key --populate archlinux antergos
    sudo pkill haveged
    sudo pacman -S archlinux-keyring antergos-keyring
    sudo pacman -Syu
    

    from https://forum.antergos.com/post/43988

    The post author warn that it is to use at our own risks.
    Maybe one of the other answer will also work for you.

  • @xeetzer said in Error with antergos-keyring:

    The post author warn that it is to use at our own risks.

    Sorry, but I exagerated a bit with that definition. Actually, it is not such a terrible operation. From time to time, rarely, maybe once a year, I run it, just to keep pacman’s keyes in order and in good health.

    It’s not dangerous. Just run all commands in sequence, from first to last. It never damaged Antergos here.

  • @just Thanks for the clarification. I will keep these commands at hands.

  • This is what worked for me:

    1. pacman -Scc (as root) it asked for a y/n (I answered y), then asked to remove unused repos which I also said y to… NB I only did this because it was the first line in xeetzer’s instructions (2nd post) so it’s likely to be unneeded because the following line worked for others on it’s own.
    2. pacman-key --refresh-keys

    I'm not from this planet but if you speak to me nicely I may choose not to enslave you (for now anyway)…

  • For my has work this:

    sudo pacman-key --refresh-keys
    

    Thanks for the help.

  • Thank @logos88 it worked also for me.

    So I guess we have a mandatory manual intervention here?

    I was considering recommending Antergos to friends who don’t need to how to deal with that kind of stuff but I forgot that it was still Arch (even if this one issue is Antergos-specific)

  • Hi, for me it worked fine to update the Keyring:

    sudo pacman-key --refresh-keys
    sudo pacman -Syyu
    

    Hope the above helps!


    Fer

  • There should never be a need for haveged/other pseudo rng on a system that’s taking live user input via keyboard/mouse/has hard drives in it etc.

    You’re substituting true entropy for pretend and as such generate weaker cryptography as a result.

    Something like haveged is useful on virtual machines etc where entropy can quickly run out.

  • @Ninpo said in Error with antergos-keyring:

    There should never be a need for haveged/other pseudo rng on a system that’s taking live user input via keyboard/mouse/has hard drives in it etc.

    You’re substituting true entropy for pretend and as such generate weaker cryptography as a result.

    Something like haveged is useful on virtual machines etc where entropy can quickly run out.

    How do we undo the process?

  • Just uninstall haveged. Don’t mistake what I said for panic and that you’re now at much higher risk of having your system brutally owned by script kiddies, simply that it’s an unnecessary step for the vast majority of people likely to be using Antergos and any that ARE running it as a headless server would already (hopefully) have crypto taken care of anyway.

  • @logos88 said in Error with antergos-keyring:

    sudo pacman-key --refresh-keys

    Same for me, this works fine.

  • @xeetzer said in Error with antergos-keyring:

    @logos88 There some answers to this on this thread: https://forum.antergos.com/topic/6962/numix-icon-theme-signature-is-unknown-trust

    The following is the only answer who worked for me:

    sudo pacman -Scc  <-- reply with explicit y to the first question
    sudo pacman -Syy
    sudo pacman -S haveged
    sudo haveged -w 1024
    sudo pacman-key --init
    sudo pacman-key --populate archlinux antergos
    sudo pkill haveged
    sudo pacman -S archlinux-keyring antergos-keyring
    sudo pacman -Syu
    

    from https://forum.antergos.com/post/43988

    The post author warn that it is to use at our own risks.
    Maybe one of the other answer will also work for you.

    …or maybe this is the valid solution. Ran into this issue this morning and until a few minutes ago could not resolve the problem. Fantastic post!

    Had issue with updating the keyring from the Antergos Update Manager due to errors reporting unknown trust level. After trying a few other “solutions” managed to elevate trust level to marginal but still no go. @xeetzer’s solution took care of the issue and the antergos-keyring update notification has now vanished. I am raised on security and messing around with incremental elevations in trust kind of alarm me, but this solution clears out the garbage and refreshes everything in a clear manner, definitely a keeper.

    Attempted a total of four different “solutions” with this (@xeetzer’s) being the only that worked.
    Thanx xeetzer!
    …and if you (@just) are the original author of the process many thanks to you!!!

  • I was getting the same error as the OP. None of the above solutions worked for me. I had to manually download antergos-keyring-20170524-1-any.pkg.tar.xz from http://mirrors.antergos.com/antergos/x86_64/, move package to /var/cache/pacman/pkg, cd into folder, and run

    sudo pacman -U antergos-keyring-20170524-1-any.pkg.tar.xz
    

    But afterwards when I run sudo pacman-key --refresh-keys, i get

    gpg: refreshing 94 keys from hkp://pool.sks-keyservers.net
    gpg: keyserver refresh failed: Address family not supported by protocol
    ==> ERROR: A specified local key could not be updated from a keyserver.
    

    Solution?

  • @triode13 said in Error with antergos-keyring:

    move package to /var/cache/pacman/pkg

    this is not needed …

    You can use pacman -U from any directory…

    As we see on all this treats about the keyring problem there are differences on what work and what not on different systems…
    But as you can read in the message:

    Address family not supported by protocol

    edit:

    /etc/pacman.d/gnupg/gpg.conf

    change:

    keyserver hkp://pool.sks-keyservers.net

    to

    keyserver http://pool.sks-keyservers.net

    [updates once a week] = [90% less problems]
    [Li{u}n//u//{i}x] since 1988 - overcoming failure means success
    howto-install-antergos
    how to add system logs
    i3-wm#gnome-shell

  • @joekamprad said in Error with antergos-keyring:

    edit:

    /etc/pacman.d/gnupg/gpg.conf
    

    change:

    keyserver hkp://pool.sks-keyservers.net
    

    to

    keyserver http://pool.sks-keyservers.net
    

    Remember I tried that as well but still had no effect. I reverted the change, waited about 10 minutes doing nothing (or nearly nothing), then tried again, then it worked :no_mouth:

  • not working here right now. will wait and reboot.

    gpg: refreshing 94 keys from http://pool.sks-keyservers.net
    gpg: keyserver refresh failed: Address family not supported by protocol
    ==> ERROR: A specified local key could not be updated from a keyserver.
    
    

    Does this keysever address pull from ipV6?

  • I have full ipv6 internet and no problem with this at all…

    [updates once a week] = [90% less problems]
    [Li{u}n//u//{i}x] since 1988 - overcoming failure means success
    howto-install-antergos
    how to add system logs
    i3-wm#gnome-shell

  • antergos/antergos-keyring 20170524-1 (antergos-base) [installed]
        Antergos PGP keyring
    

    Keyring is updated you can check with:

    pacman -Ss antergos-keyring
    

    and please reset /etc/pacman.d/gnupg/gpg.conf to before state then.

    [updates once a week] = [90% less problems]
    [Li{u}n//u//{i}x] since 1988 - overcoming failure means success
    howto-install-antergos
    how to add system logs
    i3-wm#gnome-shell

  • As i think it should work with installing the antergos-keyring (20170524-1)
    cleaning the cache:

    pacman -Scc
    pacman -Syy
    pacman-key --refresh-keys
    pacman -Syu
    

    [updates once a week] = [90% less problems]
    [Li{u}n//u//{i}x] since 1988 - overcoming failure means success
    howto-install-antergos
    how to add system logs
    i3-wm#gnome-shell

error177 Posts 57Views 13091
Log in to reply