You are not logged in.

#1 2019-06-01 16:14:35

ess
Member
Registered: 2018-09-20
Posts: 8

[Solved] Can´t Update - PGP Signature Fail

@myhost ~]$ sudo pacman -S pacman
[sudo] Passwort für arch: 
Löse Abhängigkeiten auf...
Suche nach in Konflikt stehenden Paketen...

Pakete (1) pacman-5.1.3-1.6

Gesamtgröße der installierten Pakete:  5,13 MiB
Größendifferenz der Aktualisierung:  0,00 MiB

:: Installation fortsetzen? [J/n] j
(1/1) Prüfe Schlüssel im Schlüsselring                                                         [#######################################################] 100%
(1/1) Überprüfe Paket-Integrität                                                               [#######################################################] 100%
Fehler: pacman: signature from "Erich Eckner (just to sign arch packages) <arch@eckner.net>" is marginal trust
:: Datei /var/cache/pacman/pkg/pacman-5.1.3-1.6-i686.pkg.tar.xz ist beschädigt (Ungültiges oder beschädigtes Paket (PGP-Signatur)).
Soll die Datei entfernt werden? [J/n] n
Fehler: Konnte den Vorgang nicht durchführen (Ungültiges oder beschädigtes Paket (PGP-Signatur))
Fehler sind aufgetreten, keine Pakete wurden aktualisiert. 

Last edited by ess (2019-06-03 08:00:09)

Offline

#2 2019-06-01 17:42:17

ess
Member
Registered: 2018-09-20
Posts: 8

Re: [Solved] Can´t Update - PGP Signature Fail

sudo pacman-key --refresh-keys

OK. Works.

Offline

#3 2019-06-18 20:15:33

wibort
Member
From: Bogotá
Registered: 2019-05-17
Posts: 10

Re: [Solved] Can´t Update - PGP Signature Fail

Hi,

In my case the key refresh does not work.
Nor does what is said in this post  work

[cinde@LenovoLinux ~]$ sudo pacman -Syu
:: Sincronizando las bases de datos de los paquetes...
 core está actualizado
 extra está actualizado
 community está actualizado
:: Iniciando actualización completa del sistema...
advertencia: bluez-libs: la versión instalada (5.50-6.0) es más nueva que extra (5.50-5.0)
advertencia: libutil-linux: la versión instalada (2.33.2-1.2) es más nueva que core (2.33.2-1.1)
resolviendo dependencias...
buscando conflictos entre paquetes...

Paquetes (39) audit-2.8.5-2.0  curl-7.65.0-2.0  double-conversion-3.1.5-1.0  e2fsprogs-1.45.2-1.0  file-5.37-2.0
              filesystem-2019.05-2.0  glibc-2.29-1.27  glslang-7.11.3214-1.0  gnupg-2.2.16-1.0  gnutls-3.6.8-1.0
              gparted-1.0.0-1.0  gst-plugins-base-1.16.0-3.0  gst-plugins-base-libs-1.16.0-3.0  gstreamer-1.16.0-2.0
              gtkmm3-3.24.1-1.0  harfbuzz-2.5.1-1.0  harfbuzz-icu-2.5.1-1.0  iana-etc-20190504-1.0  libebml-1.3.9-1.0
              libmatroska-1.5.2-1.0  libnewt-0.52.21-1.0  libnma-1.8.22-1.0  libseccomp-2.4.1-2.0  libsodium-1.0.18-1.0
              libsoup-2.66.2+4+g716acf96-1.0  linux-5.1.6.arch1-1.0  linux-headers-5.1.6.arch1-1.0  mesa-19.0.5-1.0
              network-manager-applet-1.8.22-1.0  nm-connection-editor-1.8.22-1.0  openssl-1.1.1.c-1.0  p11-kit-0.23.16.1-1.0
              pacman-5.1.3-1.6  qt5-webkit-5.212.0alpha2+156+g95401fe3908-1.0  re2-20190601-1.0
              thin-provisioning-tools-0.8.3-1.0  vulkan-icd-loader-1.1.108-1.0  xorg-server-1.20.5-1.0
              xorg-server-common-1.20.5-1.0

Tamaño total de la instalación:  440,81 MiB
Tamaño neto tras actualizar:     11,68 MiB

:: ¿Continuar con la instalación? [S/n] 
(39/39) comprobando las claves del depósito                                 [###########################################] 100%
(39/39) verificando la integridad de los paquetes                           [###########################################] 100%
error: qt5-webkit: la firma de «Erich Eckner (just to sign arch packages) <arch@eckner.net>» no es válida
:: El archivo /var/cache/pacman/pkg/qt5-webkit-5.212.0alpha2+156+g95401fe3908-1.0-pentium4.pkg.tar.xz está dañado (paquete no válido o dañado (firma PGP)).
¿Quiere eliminarlo? [S/n]

Pentium 4(i686), Lenovo Ideapad S10-2 [Intel(R) Atom(TM) CPU N280 @ 1.66GHz, 1 GB RAM]

Offline

#4 2019-06-19 03:19:31

levi
Moderator
From: Yorkshire, UK
Registered: 2018-06-16
Posts: 393

Re: [Solved] Can´t Update - PGP Signature Fail

What does updating archlinux32-keyring give you?


Architecture: pentium4, Testing repos: Yes, Hardware: EeePC 901+2GB RAM+OS half on the SD card.

Offline

#5 2019-06-19 16:08:28

wibort
Member
From: Bogotá
Registered: 2019-05-17
Posts: 10

Re: [Solved] Can´t Update - PGP Signature Fail

levi wrote:

What does updating archlinux32-keyring give you?

This is the response

[cinde@LenovoLinux ~]$ sudo pacman -Sy archlinux32-keyring
:: Sincronizando las bases de datos de los paquetes...
 core                     184,5 KiB  18,0K/s 00:10 [######################] 100%
 extra                      2,3 MiB  15,1K/s 02:35 [######################] 100%
 community                  5,8 MiB  17,8K/s 05:36 [######################] 100%
advertencia: archlinux32-keyring-20190108-1.0 está actualizado -- reinstalándolo
resolviendo dependencias...
buscando conflictos entre paquetes...

Paquetes (1) archlinux32-keyring-20190108-1.0

Tamaño total de la instalación:  0,06 MiB
Tamaño neto tras actualizar:    0,00 MiB

:: ¿Continuar con la instalación? [S/n] 
(1/1) comprobando las claves del depósito          [######################] 100%
(1/1) verificando la integridad de los paquetes    [######################] 100%
(1/1) cargando los archivos de los paquetes        [######################] 100%
(1/1) comprobando conflictos entre archivos        [######################] 100%
(1/1) comprobando el espacio disponible en el ...  [######################] 100%
:: Procesando los cambios de los paquetes...
(1/1) reinstalando archlinux32-keyring             [######################] 100%
==> Añadiendo las claves de archlinux32.gpg...
==> Firmando localmente las claves de confianza en el depósito...
  -> Firmando localmente la clave A0B250C0FC9FC079EC04ADB7A50C0F20AEC3AF00...
  -> Firmando localmente la clave D92CDDC155BCC8F550B5FCEC30AB721FE7400FCD...
  -> Firmando localmente la clave 194E37A47A4C671807BACB37B1117BC1094EA6E9...
  -> Firmando localmente la clave 2FF1E976D6EB2E954A87DC14443904EC9EC51A8A...
  -> Firmando localmente la clave CE0BDE71A759A87F23F0F7D8B61DBCE10901C163...
==> Importando los valores de los propietarios de confianza...
==> Desactivando las claves revocadas en el depósito...
  -> Desactivando la clave 7C98C4C3DE926168DC46FBAA3D06644243BF68D3...
  -> Desactivando la clave C3A8190912128B5A2E96C6023ED6490AEF932C8A...
==> Actualizando la base de datos de claves de confianza...
gpg: siguiente comprobación de base de datos de confianza el: 2019-06-23
:: Ejecutando los «hooks» de posinstalación...
(1/1) Arming ConditionNeedsUpdate...

Pentium 4(i686), Lenovo Ideapad S10-2 [Intel(R) Atom(TM) CPU N280 @ 1.66GHz, 1 GB RAM]

Offline

#6 2019-06-19 16:52:01

levi
Moderator
From: Yorkshire, UK
Registered: 2018-06-16
Posts: 393

Re: [Solved] Can´t Update - PGP Signature Fail

That seems to have worked if my understanding of spanish is good enough.  Does that not resolve your problem?  I note that after being told not to bump and old thread for a new issue, you bumped an old thread, so I can't tell by looking at my title bar whether you're all fixed up or not.


Architecture: pentium4, Testing repos: Yes, Hardware: EeePC 901+2GB RAM+OS half on the SD card.

Offline

#7 2019-06-20 02:00:54

wibort
Member
From: Bogotá
Registered: 2019-05-17
Posts: 10

Re: [Solved] Can´t Update - PGP Signature Fail

Hello,
no, it does not solve it since after carrying out this action and trying to update the system it generates the error that I reported before which I quote:

wibort wrote:
[cinde@LenovoLinux ~]$ sudo pacman -Syu
:: Sincronizando las bases de datos de los paquetes...
 core está actualizado
 extra está actualizado
 community está actualizado
:: Iniciando actualización completa del sistema...
advertencia: bluez-libs: la versión instalada (5.50-6.0) es más nueva que extra (5.50-5.0)
advertencia: libutil-linux: la versión instalada (2.33.2-1.2) es más nueva que core (2.33.2-1.1)
resolviendo dependencias...
buscando conflictos entre paquetes...

Paquetes (39) audit-2.8.5-2.0  curl-7.65.0-2.0  double-conversion-3.1.5-1.0  e2fsprogs-1.45.2-1.0  file-5.37-2.0
              filesystem-2019.05-2.0  glibc-2.29-1.27  glslang-7.11.3214-1.0  gnupg-2.2.16-1.0  gnutls-3.6.8-1.0
              gparted-1.0.0-1.0  gst-plugins-base-1.16.0-3.0  gst-plugins-base-libs-1.16.0-3.0  gstreamer-1.16.0-2.0
              gtkmm3-3.24.1-1.0  harfbuzz-2.5.1-1.0  harfbuzz-icu-2.5.1-1.0  iana-etc-20190504-1.0  libebml-1.3.9-1.0
              libmatroska-1.5.2-1.0  libnewt-0.52.21-1.0  libnma-1.8.22-1.0  libseccomp-2.4.1-2.0  libsodium-1.0.18-1.0
              libsoup-2.66.2+4+g716acf96-1.0  linux-5.1.6.arch1-1.0  linux-headers-5.1.6.arch1-1.0  mesa-19.0.5-1.0
              network-manager-applet-1.8.22-1.0  nm-connection-editor-1.8.22-1.0  openssl-1.1.1.c-1.0  p11-kit-0.23.16.1-1.0
              pacman-5.1.3-1.6  qt5-webkit-5.212.0alpha2+156+g95401fe3908-1.0  re2-20190601-1.0
              thin-provisioning-tools-0.8.3-1.0  vulkan-icd-loader-1.1.108-1.0  xorg-server-1.20.5-1.0
              xorg-server-common-1.20.5-1.0

Tamaño total de la instalación:  440,81 MiB
Tamaño neto tras actualizar:     11,68 MiB

:: ¿Continuar con la instalación? [S/n] 
(39/39) comprobando las claves del depósito                                 [###########################################] 100%
(39/39) verificando la integridad de los paquetes                           [###########################################] 100%
error: qt5-webkit: la firma de «Erich Eckner (just to sign arch packages) <arch@eckner.net>» no es válida
:: El archivo /var/cache/pacman/pkg/qt5-webkit-5.212.0alpha2+156+g95401fe3908-1.0-pentium4.pkg.tar.xz está dañado (paquete no válido o dañado (firma PGP)).
¿Quiere eliminarlo? [S/n]

I clarify that I use this thread because the error that the user who created it reported is exactly the same: qt5-webkit: the signature of "Erich Eckner (just to sign arch packages) <arch@eckner.net>" is not valid.

My mistake persists so I ask the community for help, thank you.


Pentium 4(i686), Lenovo Ideapad S10-2 [Intel(R) Atom(TM) CPU N280 @ 1.66GHz, 1 GB RAM]

Offline

#8 2019-06-20 04:02:28

levi
Moderator
From: Yorkshire, UK
Registered: 2018-06-16
Posts: 393

Re: [Solved] Can´t Update - PGP Signature Fail

Hmm, I'm afraid I'm pretty much out of ideas in that case.  I tried installing qt5-webkit here and it went though without error for me at least.

FWIW, I recall that erich echner (just to sign arch packages) key coming through the last time I got a key update because it had an unusual name.  I just checked some random packages I had and at the very least webkit2gtk and firefox were build by a Mr Erich Echner and I guess he used that key to sign those packages.  In fact 768 of my installed packages out of a total of 940 were built by that fellow.  Are you able to update other packages you might have installed?


Architecture: pentium4, Testing repos: Yes, Hardware: EeePC 901+2GB RAM+OS half on the SD card.

Offline

#9 2019-06-20 14:31:07

wibort
Member
From: Bogotá
Registered: 2019-05-17
Posts: 10

Re: [Solved] Can´t Update - PGP Signature Fail

Hi mate, thank you for your interest in my problem.
To your question, I have not been able to update any package since Pacman does not let me update the packages because of the signature error, could I update the other packages and somehow skip this one that generates an error?


Pentium 4(i686), Lenovo Ideapad S10-2 [Intel(R) Atom(TM) CPU N280 @ 1.66GHz, 1 GB RAM]

Offline

#10 2019-06-20 14:50:38

andreas_baumann
Administrator
From: Zurich, Switzerland
Registered: 2017-08-10
Posts: 757
Website

Re: [Solved] Can´t Update - PGP Signature Fail

You can always set "SigLevel = Never" temporarily, for instance to update the archlinux32-keyring package
(because you are updating a pre-Archlinux32 system directly). Then reenable the SigLevel to what it was
before ("SigLevel = Required DatabaseOptional DatabaseTrustAll").

Are you updating a pre-Archlinux32 system by any chance (before November 2017)? If yes, then you have to
do the Archlinux->Archlinux32 migration with archlinux32-keyring-transition (see https://www.archlinux32.org),
but it can easily be, that some of the keys are no longer valid (I remember that I had also some issues
when upgrading a really old machine which never received updates anymore).

Note: Setting "SigLevel = Never" counteracts security, so use at your own risk!

Offline

#11 2019-06-20 14:56:12

andreas_baumann
Administrator
From: Zurich, Switzerland
Registered: 2017-08-10
Posts: 757
Website

Re: [Solved] Can´t Update - PGP Signature Fail

Ah, I see, that was all tested above, ok.
Did you try deleting qt5-webkit-5.212.0alpha2+156+g95401fe3908-1.0-pentium4.pkg.tar.xz in the cache /var/cache/pacman/pkg?
Does it happen only with that package or with others too?

Offline

#12 2019-06-20 17:03:07

wibort
Member
From: Bogotá
Registered: 2019-05-17
Posts: 10

Re: [Solved] Can´t Update - PGP Signature Fail

Hi, andreas

Try in the first instance, clear the cache and it worked for me, thank you very much.
My problems are solved

andreas_baumann wrote:

Ah, I see, that was all tested above, ok.
Did you try deleting qt5-webkit-5.212.0alpha2+156+g95401fe3908-1.0-pentium4.pkg.tar.xz in the cache /var/cache/pacman/pkg?
Does it happen only with that package or with others too?


Pentium 4(i686), Lenovo Ideapad S10-2 [Intel(R) Atom(TM) CPU N280 @ 1.66GHz, 1 GB RAM]

Offline

#13 2019-06-20 19:56:53

levi
Moderator
From: Yorkshire, UK
Registered: 2018-06-16
Posts: 393

Re: [Solved] Can´t Update - PGP Signature Fail

Ah, right.  Digging in my /etc/pacman.d/gnupg it seems I have three keys for Erich:
1 of Erich Eckner with his username here in the email address, generated at the end of May 2017
1 of Erich Eckner (just to sign arch packages) revoked in the last key update
1 or Erich Eckner (just to sign arch packages) generated just before I did the last key update

I guess the version in the cache was signed with the old revoked key.  I don't quite understand why it wasn't downloading a new version signed with the latest key, since it seemed to claim to be downloading a fresh version.  Something funny going on in the repo selected maybe?  Or perhaps Erich re-released the same version of qt5-webkit with a newly signed version, but pacman had the original version in its cache, and didn't decide to download what it thought was the same version?  If that's the case I guess Erich should have updated the arch build number but didn't.  Oh well, at least it's been sorted out now.


Architecture: pentium4, Testing repos: Yes, Hardware: EeePC 901+2GB RAM+OS half on the SD card.

Offline

Board footer

Powered by FluxBB