Arch linux unknown trust

Arch Linux

I seem to be having the same problem as this topic but the solution offered did not work for me. The problem and solution is also described here.

I’m trying to install i3 but get this error:

:: Proceed with installation? [Y/n] error: i3-wm: signature from "Thorsten Töpper " is unknown trust :: File /var/cache/pacman/pkg/i3-wm-4.11-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] error: failed to commit transaction (invalid or corrupted package (PGP signature))

I’ve tried cleaning out the cache with «pacman -Sc && rm /var/lib/pacman/sync/*», refreshing signatures with «pacman-key —refresh-keys» and reinstalling, but that did not work.

I also tried resetting all the keys and upgrading archlinux-keyring per the wiki to no avail.

Last edited by chf2117 (2016-01-24 17:10:15)

#2 2016-01-23 15:32:51

ewaller Administrator From: Pasadena, CA Registered: 2009-07-13 Posts: 19,346

Re: Signature is unknown trust [SOLVED]

Try the following commands and see If you get the same results

ewaller@turing ~ 1004 %ls -l /var/cache/pacman/pkg/i3-wm-4.11-1-x86_64.pkg.tar.xz -rw-r--r-- 1 root root 253152 Oct 13 11:10 /var/cache/pacman/pkg/i3-wm-4.11-1-x86_64.pkg.tar.xz ewaller@turing ~ 1005 %md5sum /var/cache/pacman/pkg/i3-wm-4.11-1-x86_64.pkg.tar.xz 7d8408a9222dcaeff6e059b53ab4028a /var/cache/pacman/pkg/i3-wm-4.11-1-x86_64.pkg.tar.xz ewaller@turing ~ 1006 %

Edit: Fixed first command because I had used ll as an alias for ls -l

Last edited by ewaller (2016-01-23 15:34:39)

Nothing is too wonderful to be true, if it be consistent with the laws of nature — Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. — Alan Turing
—
How to Ask Questions the Smart Way

#3 2016-01-23 16:08:28

Re: Signature is unknown trust [SOLVED]

Edit: Fixed first command because I had used ll as an alias for ls -l

Good to know I am not alone with this abbreviation.

To know or not to know .
. the questions remain forever.

#4 2016-01-23 16:10:30

Re: Signature is unknown trust [SOLVED]

$ls -l /var/cache/pacman/pkg/i3-wm-4.11-1-x86_64.pkg.tar.xz -rw-r--r-- 1 root root 253152 Oct 13 18:10 /var/cache/pacman/pkg/i3-wm-4.11-1-x86_64.pkg.tar.xz $md5sum /var/cache/pacman/pkg/i3-wm-4.11-1-x86_64.pkg.tar.xz 7d8408a9222dcaeff6e059b53ab4028a /var/cache/pacman/pkg/i3-wm-4.11-1-x86_64.pkg.tar.xz

It looks the same except for the date from ll

#5 2016-01-23 16:17:50

ewaller Administrator From: Pasadena, CA Registered: 2009-07-13 Posts: 19,346

Re: Signature is unknown trust [SOLVED]

Okay, the package is not corrupt.

I just tried looking at his key on my system and it expired yesterday.

ewaller@turing ~ [2]1003 %gpg --list-key Thorsten pub dsa2048/295AFBF4 2009-02-20 [expired: 2016-01-22] uid [ expired] Thorsten Töpper uid [ expired] Thorsten Töpper uid [ expired] Thorsten Toepper (Atsutane) ewaller@turing ~ 1004 %

Check that on your system

Nothing is too wonderful to be true, if it be consistent with the laws of nature — Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. — Alan Turing
—
How to Ask Questions the Smart Way

#6 2016-01-23 16:27:29

ewaller Administrator From: Pasadena, CA Registered: 2009-07-13 Posts: 19,346

Re: Signature is unknown trust [SOLVED]

. And I just did a gpg —refresh-keys and he has a new key that expires 2017-09-08

If his key on your system is stale, do a refresh keys and try again.

Nothing is too wonderful to be true, if it be consistent with the laws of nature — Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. — Alan Turing
—
How to Ask Questions the Smart Way

#7 2016-01-23 16:37:53

Re: Signature is unknown trust [SOLVED]

list-key gives me:
gpg: error reading key: No public key

refresh-keys and trying again gave the same result

#8 2016-01-23 18:27:09

Re: Signature is unknown trust [SOLVED]

I have this same issue as well. refreshing the keys does not do anything

#9 2016-01-24 07:40:34

ewaller Administrator From: Pasadena, CA Registered: 2009-07-13 Posts: 19,346

Re: Signature is unknown trust [SOLVED]

I have been away all day. I think that a pacman -Syu from a fully synced mirror should solve this. I see the Arch keyring has been updated today.

Nothing is too wonderful to be true, if it be consistent with the laws of nature — Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. — Alan Turing
—
How to Ask Questions the Smart Way

#10 2016-01-24 13:40:14

Re: Signature is unknown trust [SOLVED]

list-key gives me:
gpg: error reading key: No public key

refresh-keys and trying again gave the same result

Pacman has his own keyring by default.

sudo pacman-key -l Thorsten pub dsa2048/295AFBF4 2009-02-20 [verfallen: 2016-01-22] uid [ verfallen] Thorsten Töpper uid [ verfallen] Thorsten Töpper uid [ verfallen] Thorsten Toepper (Atsutane)

sudo pacman-key --refresh-keys

#11 2016-01-24 17:09:58

Re: Signature is unknown trust [SOLVED]

All is well. pacman -Syu && pacman-key —refresh-keys got it done this time.

To make sure I understand what happened:
Thorsten recently got a new key pair and updated his private key on the package but did not publish his public key. This caused my earlier attempts at installation and refreshing keys to fail. Today his public key was updated, allowing the installation to proceed smoothly. Is this correct?

#12 2016-01-24 17:16:22

ewaller Administrator From: Pasadena, CA Registered: 2009-07-13 Posts: 19,346

Re: Signature is unknown trust [SOLVED]

Pretty much. I think the magic happened when arch-keyring was upgraded and had time to propagate to the servers.
I started with checking the package itself as that is the purpose of this whole infrastructure. I’d have hated to try to chase down cryptography problems only to find out that things were working as they were supposed to.
From my pacman logs:

[2016-01-23 23:07] [ALPM] upgraded archlinux-keyring (20151220-1 -> 20160123-1) [2016-01-23 23:07] [ALPM-SCRIPTLET] ==> Appending keys from archlinux.gpg. [2016-01-23 23:07] [ALPM-SCRIPTLET] gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model [2016-01-23 23:07] [ALPM-SCRIPTLET] gpg: depth: 0 valid: 1 signed: 6 trust: 0-, 0q, 0n, 0m, 0f, 1u [2016-01-23 23:07] [ALPM-SCRIPTLET] gpg: depth: 1 valid: 6 signed: 66 trust: 1-, 0q, 0n, 5m, 0f, 0u [2016-01-23 23:07] [ALPM-SCRIPTLET] gpg: depth: 2 valid: 66 signed: 6 trust: 66-, 0q, 0n, 0m, 0f, 0u [2016-01-23 23:07] [ALPM-SCRIPTLET] gpg: next trustdb check due at 2016-06-03 [2016-01-23 23:07] [ALPM-SCRIPTLET] ==> Locally signing trusted keys in keyring. [2016-01-23 23:07] [ALPM-SCRIPTLET] -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2. [2016-01-23 23:07] [ALPM-SCRIPTLET] -> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8. [2016-01-23 23:07] [ALPM-SCRIPTLET] -> Locally signing key 91FFE0700E80619CEB73235CA88E23E377514E00. [2016-01-23 23:07] [ALPM-SCRIPTLET] -> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887. [2016-01-23 23:07] [ALPM-SCRIPTLET] -> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0. [2016-01-23 23:07] [ALPM-SCRIPTLET] -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7. [2016-01-23 23:07] [ALPM-SCRIPTLET] ==> Importing owner trust values. [2016-01-23 23:07] [ALPM-SCRIPTLET] gpg: setting ownertrust to 4 [2016-01-23 23:07] [ALPM-SCRIPTLET] ==> Disabling revoked keys in keyring. [2016-01-23 23:07] [ALPM-SCRIPTLET] -> Disabling key F5A361A3A13554B85E57DDDAAF7EF7873CFD4BB6. [2016-01-23 23:07] [ALPM-SCRIPTLET] -> Disabling key 7FA647CD89891DEDC060287BB9113D1ED21E1A55. [2016-01-23 23:07] [ALPM-SCRIPTLET] -> Disabling key D4DE5ABDE2A7287644EAC7E36D1A9E70E19DAA50. [2016-01-23 23:07] [ALPM-SCRIPTLET] -> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350. [2016-01-23 23:07] [ALPM-SCRIPTLET] -> Disabling key 9515D8A8EAB88E49BB65EDBCE6B456CAF15447D5. [2016-01-23 23:07] [ALPM-SCRIPTLET] -> Disabling key 4A8B17E20B88ACA61860009B5CED81B7C2E5C0D2. [2016-01-23 23:07] [ALPM-SCRIPTLET] -> Disabling key 63F395DE2D6398BBE458F281F2DBB4931985A992. [2016-01-23 23:07] [ALPM-SCRIPTLET] -> Disabling key 0B20CA1931F5DA3A70D0F8D2EA6836E1AB441196. [2016-01-23 23:07] [ALPM-SCRIPTLET] -> Disabling key 8F76BEEA0289F9E1D3E229C05F946DED983D4366. [2016-01-23 23:07] [ALPM-SCRIPTLET] -> Disabling key 66BD74A036D522F51DD70A3C7F2A16726521E06D. [2016-01-23 23:07] [ALPM-SCRIPTLET] -> Disabling key 81D7F8241DB38BC759C80FCE3A726C6170E80477. [2016-01-23 23:07] [ALPM-SCRIPTLET] -> Disabling key E7210A59715F6940CF9A4E36A001876699AD6E84. [2016-01-23 23:07] [ALPM-SCRIPTLET] ==> Updating trust database. [2016-01-23 23:07] [ALPM-SCRIPTLET] gpg: next trustdb check due at 2016-06-03

Nothing is too wonderful to be true, if it be consistent with the laws of nature — Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. — Alan Turing
—
How to Ask Questions the Smart Way

#13 2016-01-24 21:33:07

Re: Signature is unknown trust [SOLVED]

The new archlinux-keyring package is still lingering in testing, having fun there I guess.
So it doesn’t do a lot of good (yet) to the majority of people who don’t enable testing.

`pacman-key —refresh-keys`, on the other hand, works perfectly, right now, since the maintainer’s new key has been pushed to the public keyservers.

Managing AUR repos The Right Way — aurpublish (now a standalone tool)

#14 2016-01-24 22:42:36

Re: Signature is unknown trust [SOLVED]

Thanks
it solved the issue.

Источник

How to fix signature is unknown trust on Arch Linux

My continued love/hate relationship with Arch Linux continually yields topics to blog about. This week’s topic reared it’s head while attempting to perform an update after waiting a bit longer than I usually do, which yielded an error about one or more of the keys being “of unknown trust”.

Like most of my Arch Linux dilemmas, I’m not entirely sure what caused this one. I suspect a key changed and perhaps the way I was running the update wasn’t properly updating the keys as one would have expected to happen first.

Regardless, the error looks something like this (the names, emails and packages have been changed to protect the innocent):

error: some-package: signature from "Some Person [email protected]" is unknown trust :: File /var/cache/pacman/pkg/some-package-0.1.2-3-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] error: failed to commit transaction (invalid or corrupted package) Errors occurred, no packages were upgraded. -> error installing repo packages 

Having run into GPG key issues with Arch in the past, my path of least resistance is to refresh the keys. Keep in mind, this method does take a few minutes to run:

% sudo pacman-key --refresh-keys 

That command will scroll by for a bit, doing it’s thing to refresh the keys. Once it’s complete, you can reattempt running an update and/or installing a package, or whatever command you had previously run that produced the error.

Good stuff? Want more?

100% Fresh, Grade A Content, Never Spam.

About Josh

Husband. Father. Pug dad. Musician. Founder of Holiday API, Head of Engineering and Emoji Specialist at Mailshake, and author of the best damn Lorem Ipsum Library for PHP.

Источник