You are not logged in.
I'm planning to upgrade an old (ancient) Arch installation from 2017 June (original Arch before i686 support ended). I was thinking of uninstalling most packages and then incrementally upgrading through repos, following announcements for interventions required. I imagine I might need to first copy keys from my up-to-date system.
Is there a reason I shouldn't do this? (Should I fresh install from ISO instead, maybe easier anyway?)
Offline
You might have trouble with the signing keys of packages..
..install a pacman-static just for the case you break something. :-)
You can go though the transition "https://www.archlinux32.org/download/" "Transition from Archlinux to Archlinux32" and see what you get.
Offline
Thanks. I'm nervous about reconnecting to the Internet with 2017 software, so I might try to copy keys from another computer and IP-restrict to the archive server.
Offline
If you make a firewall and just allow port 443 for a specific mirror for incoming traffic, and of course you block incoming ports but for ssh, I don't see the big risk here..
..or you create a mirror in a local network.
Offline
I was playing with iptables but after they got cleared by reboot I got connected to the Internet without anyway.
After a pacman refresh to the arch32 archive 2020, installing archlinux32-keyring-transition gives message
error: key "CEB167EFB5722BD6" could not be looked up remotelySo I will try figuring that out.
Last edited by gpc (2025-10-02 13:43:02)
Offline
Offline
The solution was in this thread, but none of those methods work anymore, and I still couldn't import the key and reinstall the package.
Offline
I've come back to this.
From https://bbs.archlinux32.org/viewtopic.php?id=3193 and as added to broken-keyring instructions, I ran the command:
pacman-key -r CEB167EFB5722BD6 --keyserver hkp://keyserver.ubuntu.com:80I then ran:
pacman -Syy archlinux32-keyring-transition
pacman -SyuuI removed some packages that I recall were causing dependency errors.
Downloading packages was then successful but pacman does not trust the signatures.
I ran
pacman-key --init
pacman-key --refreshwhich reported
A specified local key could not be updated from a keyserverI added the ubuntu server to
/etc/pacman.d/gnupg/gpg.confand ran
pacman-key --refreshpacman still rejects package signatures.
I'm thinking about what I should try next. Looks like same thing as advert reported.
Last edited by gpc (2026-01-25 06:31:22)
Offline
Having downloaded packages from https://archive.archlinux32.org/repos/2020/01/01/ , should I be fine to temporarily bypass signature-check to install packages? Assume that I can trust this server and pacman's connection to it?
Offline
By the way, I think the download page key section needs "pacman-key populate" replaced with "pacman-key --populate"
I tried just bypassing signatures for the keyring packages but still couldn't upgrade, so yes I went with SigLevel=Never, upgraded to 2020/01/01, and then returned SigLevel to default. So I guess I hope the server wasn't hacked before I downloaded the packages a couple of days ago, ha.
For the upgrade to latest, I removed some more packages that were causing dependency errors. Upgrade to latest resulted in error looking up PGP key for TasosSah. Rebooted and no error on importing, though not sure why was prompted endlessly to import PGP key for TasosSah. I exited after saying yes a few times. Next upgrade had signature errors.
Ran
pacman-key --init
pacman-key --populate archlinux32
pacman-key --refresh Attempted upgrade, got trust errors. Perhaps I can inspect the signature on the latest archlinux32-keying package myself to confirm, and bypass signature-check. Or perhaps I can again just bypass signature-check again, trusting download from mirror.math.princeton.edu, just for archlinux32-keyring-20251214-1.0
Offline