You are not logged in.
error: hwloc: signature from "Erich Eckner (just to sign arch packages) <arch-packages@eckner.net>" is unknown trust
:: File /var/cache/pacman/pkg/hwloc-2.7.0-1.0-pentium4.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
error: qt5-translations: signature from "Erich Eckner (just to sign arch packages) <arch-packages@eckner.net>" is unknown trust
:: File /var/cache/pacman/pkg/qt5-translations-5.15.2+kde+r20-2.0-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
One of the first things I tried to resolve the issue was to reinstall archlinux-keyring and archlinux32-keyring... but no luck - archlinux-keyring is signed with the same key :-(
Here seems to be the problem:
$ gpg --homedir /etc/pacman.d/gnupg -k 'Erich Eckner'
gpg: WARNING: unsafe ownership on homedir '/etc/pacman.d/gnupg'
gpg: Note: trustdb not writable
pub rsa4096 2018-04-09 [SC] [expired: 2021-12-31]
5FDCA472AB93292BC678FD59255A76DB9A12601A
uid [ expired] Erich Eckner (just to sign arch packages) <arch-packages@eckner.net>
uid [ expired] Erich Eckner (just to sign arch packages) <arch@eckner.net>
pub rsa2048 2017-05-27 [SC] [expired: 2021-12-31]
194E37A47A4C671807BACB37B1117BC1094EA6E9
uid [ expired] Erich Eckner <deep42thought@archlinux32.org>
Segui il tuo corso, e lascia dir le genti. - Dante, La Divina Commedia
(Follow your own path and let people say what they will.)
Offline
Sorry about that, several keys have expired.
You can try:
faketime 2021-12-31 pacman -S archlinux32-keyring
but this requires that you have libfaketime installed (hen and egg problem).
You can also set 'SigLevel = Never' in /etc/pacman.conf, update the archlinux32-keyring and then reenable
the verification.
You might also need to run as root 'pacman-key --refresh'.
Online
The new version of archlinux32-keyring is not in the core repo but some packages that require the new keys are. One solution is enabling testing repo in pacman.conf where the new version of archlinux32-keyring is available
Last edited by nithale (2022-01-03 17:07:27)
Offline
what would we need to do if we dont have libfaketime installed?
Offline
Abumann already saiud above:
You can also set 'SigLevel = Never' in /etc/pacman.conf, update the archlinux32-keyring and then reenable
the verification.You might also need to run as root 'pacman-key --refresh'.
Last edited by levi (2022-01-10 02:52:16)
Architecture: pentium4, Testing repos: Yes, Hardware: EeePC 901+2GB RAM+OS half on the SD card.
Offline
Thanks for pointing that out, completely didn't understand it in context, out i do. <3
Offline
sudo pacman -Sy archlinux32-keyring
and afterwards the normal full upgrade solved it for me.
Offline
Yes, it seems the package currently in core will validate with old keys but has the new keys in it as well. Good news, everyone!
Architecture: pentium4, Testing repos: Yes, Hardware: EeePC 901+2GB RAM+OS half on the SD card.
Offline
I had a number of difficulties here, and resorted to the usual troubleshooting (https://wiki.archlinux.org/title/Pacman/Package_signing etc) but hit the problem that I couldn't install any packages due to keys, and couldn't install the keys package. I didn't want to disable checking.
But this worked :
sudo pacman-key --populate archlinux32
I don't think I've ever seen this recommended anywhere (only ever "archlinux" not "archlinux32" there, followed by the other archlinux32-keyring steps that failed for me)
Is that expected to succeed? A valid fix or, even, a good recommendation? If not, could I have inadvertently compromised my system with something foolish?
(I also hit the weirdest problem which is that attempting to perform the --refresh-keys fixes failed due to dirmngr problems, and it seemed *for me* that dirmngr was missing a required libldap-2.4.so.2 ... I have no idea how I got into that mess, but temporarily symlinking to /lib/libldap.so got it working well enough to proceed, and at the end I deleted the symlink and reinstalled gnupg to be on the safe side)
Last edited by stripwax (2022-01-22 20:15:24)
Offline
IIRC upstream had a nice wiki entry on the topic "what to do when my keys run away": https://wiki.archlinux.org/title/Pacman/Package_signing
Just that here it affects the keyring-archlinux32 package.
So the following procedure should actually have worked:
sudo pacman -Sy archlinux-keyring32
sudo pacman-key --populate archlinux32
Online
Yep, I was inspired by the upstream article and took a gamble on specifying archlinux32
Could/should this be documented somewhere in the archlinux32 docs (assuming it is the correct fix)?
Offline
There are no Archlinux32 docs, usually everything is just the same as upstream, so the Wiki applies also for Archlinux32.
Maybe in https://www.archlinux32.org/download/ a new section (similar to the keyring transitions)?
Online
If not, could I have inadvertently compromised my system with something foolish?
It doesn't sound to me like you've done anything that could compromise your system; you didn't even relax your pacman config so I can't see a way in that wasn't there before. I can't guarantee at this time that everything is working however, a number of packages seem to have been built in the wrong order. which could explain your need to link against an old version of libldap.
Architecture: pentium4, Testing repos: Yes, Hardware: EeePC 901+2GB RAM+OS half on the SD card.
Offline