Re: python2-lockfile signature failure

Chris Tonkinson <chris@xxxxxxxxxxxxx> · Mon, 09 Jun 2014 11:34:26 -0400

Thanks Michael. After having cleared local keys and running `pacman-key
--init` I began seeing even more of these "unknown trust" errors. As you
recommend, I had to modify the default signature verification in
`/etc/pacman.conf` to

    SigLevel = Required DatabaseOptional TrustAll

and now it's looking good.

Cheers!
-Chris

Chris Tonkinson
610.425.7807

  "Work as if you were to live a hundred years. Pray as if you were to
die tomorrow."
  -Benjamin Franklin

On 06/09/2014 10:38 AM, Michael Boyle wrote:
> I would check your pacman.conf and make sure you put your siglevels back. They aren't there by default any more.
> 
> —
> Sent from Mailbox
> 
> On Mon, Jun 9, 2014 at 7:31 AM, Chris Tonkinson <chris@xxxxxxxxxxxxx>
> wrote:
> 
>> Having just refreshed my desktop system with a clean Arch install, I am
>> seeing a signature failure in the python2-lockfile package (dependency
>> for duplicity).
>> Is anyone else seeing this? `pacman --debug` isn't giving me any
>> additional useful information that I can see. Where might I look next?
>> Here's my output:
>>     $ sudo pacman -S duplicity
>>     resolving dependencies...
>>     looking for inter-conflicts...
>>     Packages (6): librsync-0.9.7-7  ncftp-3.2.5-4  python2-ecdsa-0.11-2
>>  python2-lockfile-0.9.1-1  python2-paramiko-1.14.0-1  duplicity-0.6.24-1
>>     Total Download Size:    0.01 MiB
>>     Total Installed Size:   6.13 MiB
>>     :: Proceed with installation? [Y/n]
>>     :: Retrieving packages ...
>>      python2-lockfile-0.9.1-1-any
>>    11.9 KiB  0.00B/s 00:00
>> [########################################################] 100%
>>     (6/6) checking keys in keyring
>> [########################################################] 100%
>>     (6/6) checking package integrity
>> [########################################################] 100%
>>     error: python2-lockfile: signature from "Thorsten Töpper
>> <atsutane@xxxxxxxxxxxxxxx>" is unknown trust
>>     :: File
>> /var/cache/pacman/pkg/python2-lockfile-0.9.1-1-any.pkg.tar.xz is
>> corrupted (invalid or corrupted package (PGP signature)).
>>     Do you want to delete it? [Y/n]
>>     error: failed to commit transaction (invalid or corrupted package)
>>     Errors occurred, no packages were upgraded.
>>     545 chris@vigilance tnet $
>> Cheers,
>> -Chris
>> -- 
>> Chris Tonkinson
>> 610.425.7807
>>   "Work as if you were to live a hundred years. Pray as if you were to
>> die tomorrow."
>>   -Benjamin Franklin

Attachment:
signature.asc

Description: OpenPGP digital signature