• upgrade attempts reporting keyring errors


    I’m in the process of moving an Antergos installation from one drive to another (which I’ll have to do again for a different machine in a short while…). Not sure what has caused the problem, but having got things running again, I went to update packages (only 41 pending at the moment). And I’m hitting this error:

    rror: antergos-keyring: signature from "Antergos Build Server (Automated Package Build System) <[email protected]>" is unknown trust
    :: File /var/cache/pacman/pkg/antergos-keyring-20170524-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
    Do you want to delete it? [Y/n] y
    error: antergos-mirrorlist: signature from "Antergos Build Server (Automated Package Build System) <[email protected]>" is unknown trust
    :: File /var/cache/pacman/pkg/antergos-mirrorlist-20170527-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
    Do you want to delete it? [Y/n] y
    error: pamac: signature from "Antergos Build Server (Automated Package Build System) <[email protected]>" is unknown trust
    :: File /var/cache/pacman/pkg/pamac-4.3.6-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
    Do you want to delete it? [Y/n] y
    error: tilix: signature from "Antergos Build Server (Automated Package Build System) <[email protected]>" is unknown trust
    :: File /var/cache/pacman/pkg/tilix-1.5.8-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
    Do you want to delete it? [Y/n] 
    error: failed to commit transaction (invalid or corrupted package)
    Errors occurred, no packages were upgraded.
    
    

    I’m not sure if the error has happened because of a keyring package problem or something in the cloned install.

    Anyhow, I need to clear this so I can update the system. Can anyone tell me how to try reloading the Antergos keyring so that I can update?

  • @toothandnail

    sudo pacman -Scc
    sudo pacman-key --refresh-keys
    sudo pacman -Syyu
    

    See https://forum.antergos.com/topic/6984/error-with-antergos-keyring

    I'm not from this planet but if you speak to me nicely I may choose not to enslave you (for now anyway)…

  • @robgriff444

    Thanks - didn’t see that one in my searching. Worked fine, and the system is up-to-date again.

  • This is not working for me. I run all three commands, choosing the default answers. When I run the last command, “sudo pacman -Syyu”, I get the original error messages about corrupt keys.

    Thanks.

    Tower | Dell Optiplex 760 | Quad Core | 4gb | 250gb | Mageia Cauldron - Debian Testing - SalixOS 14.1
    Tower2 | HP DC-7700 | Core 2 Duo | 2gb | 80gb | Mageia 5 - ArchLinux

  • Are you behind a corporate firewall? I heard that can cause the above commands to fail. If so, a solution for this is covered on the wiki and in the post mentioned above🙂

    Keep trying, never give up. In the end, you will find that it was all worth it

    My ISO: https://rebornos.wordpress.com

    Friend's Website: http://nwg.pl

  • If you’re asking me, No, not behind a corp firewall. But I keep getting this error message and cannot finish upgrading.$ sudo pacman-key --refresh-keys
    gpg: refreshing 94 keys from hkp://pool.sks-keyservers.net
    gpg: keyserver refresh failed: No keyserver available
    ==> ERROR: A specified local key could not be updated from a keyserver."
    Any idea how to fix this?

    @A-User said in upgrade attempts reporting keyring errors:

    Are you behind a corporate firewall? I heard that can cause the above commands to fail. If so, a solution for this is covered on the wiki and in the post mentioned above🙂

    Tower | Dell Optiplex 760 | Quad Core | 4gb | 250gb | Mageia Cauldron - Debian Testing - SalixOS 14.1
    Tower2 | HP DC-7700 | Core 2 Duo | 2gb | 80gb | Mageia 5 - ArchLinux

  • @ghostdawg Just a thought - there was a mirrorlist update a few weeks ago and I took no notice of it, but when this issue came up I tried a few things at the same time and I copied /etc/pacman.d/mirrorlist.pacnew to mirrorlist and ran

    reflector --age 8 --fastest 128 --latest 64 --number 32 --sort rate --save /etc/pacman.d/mirrorlist
    

    I’ve no idea if this will help but it may be worth a try… the reflector command is just to sort fastest mirrors, and you may need to install reflector first…

    I'm not from this planet but if you speak to me nicely I may choose not to enslave you (for now anyway)…

  • @ghostdawg Ordinarily the steps from robgriff444 have worked for me, but something was fiddly on one of my boxes, and, although I’m not sure whether underlying cause was the same, I saw same behaviour as you. Don’t know if this is entirely a recommended solution, but I rm -rfed my ~/.gnupg dir. and then refreshed the keys ⇒ win! I didn’t consider taring up that dir. beforehand, but possibly prudent 0;~}

  • @ghostdawg said in upgrade attempts reporting keyring errors:

    This is not working for me. I run all three commands, choosing the default answers. When I run the last command, “sudo pacman -Syyu”, I get the original error messages about corrupt keys.

    Thanks.

    The default to the first question is ‘No’, to clear the cache, opting for ‘Yes’ worked for me.

  • Well, not to add to the confusion or anything, but I think the opposite worked for me😄

    “Yes” for the first one and “No” for the second one. However, I would try @wong’s suggestion first and only try mine if his does not work🙂

    Keep trying, never give up. In the end, you will find that it was all worth it

    My ISO: https://rebornos.wordpress.com

    Friend's Website: http://nwg.pl

  • What worked for me editing /etc/pacman.conf with:
    [antergos]
    SigLevel = Never
    Adding SigLevel = Never, in place of the original option. I forgot what it was.

    Thanks.

    Tower | Dell Optiplex 760 | Quad Core | 4gb | 250gb | Mageia Cauldron - Debian Testing - SalixOS 14.1
    Tower2 | HP DC-7700 | Core 2 Duo | 2gb | 80gb | Mageia 5 - ArchLinux

  • @ghostdawg said in upgrade attempts reporting keyring errors:

    What worked for me editing /etc/pacman.conf with:
    [antergos]
    SigLevel = Never
    Adding SigLevel = Never, in place of the original option. I forgot what it was.

    Thanks.

    To avoid using this workaround and leaving signing broken, I devised some steps below that I combined from several solutions from various forum posts, after trying many methods alone, none of which worked.

    First, to understand and prevent this problem in the future, take a look at this really interesting comment from 3 months ago by ropid on reddit .com/r/archlinux/comments/6a4qh5/arch_completely_broken_due_to_missing_libssl_and/
    (I had to mangle all URLs [space before top-level domain] in this post because Akismet was marking this as SPAM incorrectly)

    " gathered there was a short time window where people could get hit by this because pacman’s new package and the library’s new package weren’t showing up at the exact same time. This weren’t a lot of people. Then next, there are a lot of people that run “pacman -Sy” instead of “-S” or “-Syu”. That was then the main round of people that had their system break.

    People do this “-Sy” stuff because it’s occasionally getting recommended by someone, so this idea never dies. It’s getting recommended when people ask why they get an error when they try to install a package with “-S name”. The error comes from their local database being older than what’s in the repos and meanwhile the package they try to install had a newer version. The “-Sy name” fixes it because the database gets synced, and they are happy that the package gets installed."

    I think I broke my signing by using pacman -Sy (as per bad advice online) when -Syu didn’t work (due to temporary problem with signing keys on upstream arch a few months ago).

    Here are the usual fixes which worked for people where their system wasn’t as broken as mine (as per forum.antergos. com/topic/7300/pacman-invalid-or-corrupted-packages/5):

    sudo pacman-key --init
    sudo pacman-key --populate archlinux antergos
    sudo pacman-key --refresh-keys
    sudo pacman -Syyu
    

    or more drastic fixes at:
    forum.antergos. com/topic/6984/error-with-antergos-keyring/2
    which cites:
    forum.antergos. com/topic/6962/numix-icon-theme-signature-is-unknown-trust

    I recommend only doing the steps below if the above did not work.
    These steps I gathered, as a whole, provides the most destructive method (without reinstalling as some people actually suggested), but is the only way that worked for me:

    • First, lower SigLevels (temporarily) as root with your favorite text editor such as nano sudo nano /etc/pacman.conf

    • Change (comment out old line so you can restore them later) the two variables below to:

      #SigLevel    = Required DatabaseOptional
      SigLevel = Never
      #LocalFileSigLevel = Optional
      LocalFileSigLevel = Optional TrustAll
      
    • For each NON-essential package which still gives you a key-error during pacman -Syu, remove it:
      sudo pacman -R BROKEN-UNECESSARY-PACKAGE
      (replace BROKEN-UNECESSARY-PACKAGE in the command above with something with key error but not important such as gitkraken in my case; keep a list for yourself for reinstalling them later after getting everything working)

    • For any remaining package which is more important but also gives you a key error, do not remove it, but ignore to force the update to work:
      sudo pacman -Syu --ignore BROKEN-NECESSARY-PACKAGE
      (replace BROKEN-NECESSARY-PACKAGE in the command above with something important with key error such as pamac in my case)
      which results in a successful system upgrade (if you removed enough packages by repeating the -R step for each package that has a key error other than your ignored one).

    • Stop gpg-agent and dirmngr processes as per wiki.archlinux. org/index.php/GnuPG#gpg:WARNING:server.27gpg-agent.27_is_older_than_us.28x_.3C_y.29 (since trying to do anything further will otherwise result in ‘gpg: WARNING: server ‘gpg-agent’ is older than us’–the error says to run gpgconf with --kill all option but that doesn’t resolve error):
      sudo killall gpg-agent dirmngr

    • Now you can reinitialize pacman-key without warnings (but may be useless since we’ll recreate it below, but may as well since it may help us install other things before that):
      sudo pacman-key --init

    • The refresh keys command is now broken, so:
      sudo pacman -R antergos-keyring

    • Move and remake gnupg as per antergos. com/wiki/uncategorized/update-error-involving-keyrings/ (since otherwise, if you continue you’ll get dirmanager error as seen at bbs.archlinux. org/viewtopic.php?id=190380):

      sudo mv /etc/pacman.d/gnupg /etc/pacman.d/gnupg.old
      pacman-key --init
      
    • Now as your system is at this point, you can’t populate keys yet without keyring, and can’t get keyring via pacman’s internal mechanisms without gnupg (may have something do do with RemoteFileSigLevel in pacman.conf but not sure), so to avoid this double bind, manually load the package from the URL:
      sudo pacman -U http://repo.antergos.info/antergos/x86\_64/antergos-keyring-20170524-1-any.pkg.tar.xz
      where 20170524-1 is latest version shown at the repo’s html page repo.antergos. info/antergos/x86_64/ (change the command above to match the actual filename of the latest version)

    • now you can continue:

      sudo pacman-key --populate archlinux antergos
      pacman -Syu
      pacman -Syu pamac
      
    • then restore the SigLevels such as via sudo nano /etc/pacman.conf again (uncomment the original values if you commented them as I suggested, otherwise see my comments in that step above–you can keep the lines you added as but comment those instead, in case you have a similar problem another time)

    • (I also restarted my system at this point just because I’m not sure of what running process may be affected)

    In my case, this is the only method that works. Now pacman -Syyu works without errors the next time updates become available (even while pacman.conf has default SigLevels)–to be sure, I waited to post this until the next round of updates became available.

  • Great work around @expertmm😀. If you have the time, it would be great if you could put this on the wiki as it is such useful information!

    Thank you. I’m sure this will help out other future users🙂.

    Keep trying, never give up. In the end, you will find that it was all worth it

    My ISO: https://rebornos.wordpress.com

    Friend's Website: http://nwg.pl

  • @Keegan I quoted ghostdawg at the beginning of my post–did you mean my method? I thought fixing the signing would be better than a workaround which ignores signing, so I kept trying until I fixed it, despite all other posted methods on various forums not working. I posted it here: antergos wiki system-admin package-management antergos-wont-update-due-to-broken-signing-system-keyring-refresh-doesnt-work/ (I can’t post full link, Akismet is still blocking everything)

  • @expertmm said in upgrade attempts reporting keyring errors:

    @Keegan I quoted ghostdawg at the beginning of my post–did you mean my method?

    Yep! Sorry about that😄. I just fixed it in my above post too…

    Keep trying, never give up. In the end, you will find that it was all worth it

    My ISO: https://rebornos.wordpress.com

    Friend's Website: http://nwg.pl

  • @expertmm i can not agree more with @Keegan, it would be great to have this added to the wiki entry!
    ((akismet should be fine with you now!))

    [updates once a week] = [90% less problems]
    how to add system logs:
    wget http://bit.ly/2GCG9k2 && sh 2GCG9k2
    help development: donate antergos

  • @Keegan OK, I made the Wiki entry and did all the formatting, I just can’t post the link because of Akismet. I posted the link without dots or slashes by modifying my previous post since Akismet wouldn’t let me double post.

  • @expertmm said in upgrade attempts reporting keyring errors:

    Akismet wouldn’t let me

    still?

    [updates once a week] = [90% less problems]
    how to add system logs:
    wget http://bit.ly/2GCG9k2 && sh 2GCG9k2
    help development: donate antergos

  • @joekamprad Today I was not blocked from editing my original post to correct the typo sudo /etc/pacman.conf to sudo nano /etc/pacman.conf (an error I corrected on the wiki entry). However, if I try to post the full wiki link, I am still blocked by Akismet.

  • @expertmm said in upgrade attempts reporting keyring errors:

    @joekamprad Today I was not blocked from editing my original post to correct the typo sudo /etc/pacman.conf to sudo nano /etc/pacman.conf (an error I corrected on the wiki entry). However, if I try to post the full wiki link, I am still blocked by Akismet.

    should work with reputation of amount of “likes” on your posts… but you have 6 already so may @developers or @karasu ?

    [updates once a week] = [90% less problems]
    how to add system logs:
    wget http://bit.ly/2GCG9k2 && sh 2GCG9k2
    help development: donate antergos

upgrade68 keyring6 attempts2 reporting2 Posts 23Views 3889
Log in to reply
Bloom Email Optin Plugin

Looks like your connection to Antergos Community Forum was lost, please wait while we try to reconnect.