You are not logged in.

#1 2022-01-02 23:27:02

barius
Member
From: Europe
Registered: 2018-02-11
Posts: 2

Multiple packages fail due to expired signing key

error: hwloc: signature from "Erich Eckner (just to sign arch packages) <arch-packages@eckner.net>" is unknown trust
:: File /var/cache/pacman/pkg/hwloc-2.7.0-1.0-pentium4.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
error: qt5-translations: signature from "Erich Eckner (just to sign arch packages) <arch-packages@eckner.net>" is unknown trust
:: File /var/cache/pacman/pkg/qt5-translations-5.15.2+kde+r20-2.0-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).

One of the first things I tried to resolve the issue was to reinstall archlinux-keyring and archlinux32-keyring... but no luck - archlinux-keyring is signed with the same key :-(

Here seems to be the problem:

$ gpg --homedir /etc/pacman.d/gnupg -k 'Erich Eckner'
gpg: WARNING: unsafe ownership on homedir '/etc/pacman.d/gnupg'
gpg: Note: trustdb not writable
pub   rsa4096 2018-04-09 [SC] [expired: 2021-12-31]
      5FDCA472AB93292BC678FD59255A76DB9A12601A
uid           [ expired] Erich Eckner (just to sign arch packages) <arch-packages@eckner.net>
uid           [ expired] Erich Eckner (just to sign arch packages) <arch@eckner.net>

pub   rsa2048 2017-05-27 [SC] [expired: 2021-12-31]
      194E37A47A4C671807BACB37B1117BC1094EA6E9
uid           [ expired] Erich Eckner <deep42thought@archlinux32.org>

Segui il tuo corso, e lascia dir le genti. - Dante, La Divina Commedia
(Follow your own path and let people say what they will.)

Offline

#2 2022-01-03 09:36:44

abaumann
Administrator
From: Zurich
Registered: 2019-11-14
Posts: 466
Website

Re: Multiple packages fail due to expired signing key

Sorry about that, several keys have expired.

You can try:

faketime 2021-12-31 pacman -S archlinux32-keyring

but this requires that you have libfaketime installed (hen and egg problem).

You can also set 'SigLevel = Never' in /etc/pacman.conf, update the archlinux32-keyring and then reenable
the verification.

You might also need to run as root 'pacman-key --refresh'.

Offline

#3 2022-01-03 17:05:40

nithale
Member
Registered: 2021-07-09
Posts: 1

Re: Multiple packages fail due to expired signing key

The new version of archlinux32-keyring is not in the core repo but some packages that require the new keys are. One solution is enabling testing repo in pacman.conf where the new version of archlinux32-keyring is available

Last edited by nithale (2022-01-03 17:07:27)

Offline

#4 2022-01-03 17:15:48

abaumann
Administrator
From: Zurich
Registered: 2019-11-14
Posts: 466
Website

Re: Multiple packages fail due to expired signing key

Ah, sorry, I can push archlinux32-keyring to stable..

Offline

#5 2022-01-10 01:04:21

alysher
Member
Registered: 2022-01-10
Posts: 3

Re: Multiple packages fail due to expired signing key

what would we need to do if we dont have libfaketime installed?

Offline

#6 2022-01-10 02:51:41

levi
Moderator
From: Yorkshire, UK
Registered: 2018-06-16
Posts: 1,047

Re: Multiple packages fail due to expired signing key

Abumann already saiud above:

abaumann wrote:

You can also set 'SigLevel = Never' in /etc/pacman.conf, update the archlinux32-keyring and then reenable
the verification.

You might also need to run as root 'pacman-key --refresh'.

Last edited by levi (2022-01-10 02:52:16)


Architecture: pentium4, Testing repos: Yes, Hardware: EeePC 901+2GB RAM+OS half on the SD card.

Offline

#7 2022-01-10 03:08:59

alysher
Member
Registered: 2022-01-10
Posts: 3

Re: Multiple packages fail due to expired signing key

Thanks for pointing that out, completely didn't understand it in context, out i do. <3

Offline

Board footer

Powered by FluxBB