Hi,
I tried to pacman -Suy today and it failed:
(42/42) checking keys in keyring
[##############################################################################################]
100%
warning: Public keyring not found; have you run 'pacman-key --init'?
downloading required keys...
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: keyring is not writable
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
Then I checked database with pacman-key:
[root@archdevel ~]# pacman-key --list-sigs
==> ERROR: You do not have sufficient permissions to read the pacman
keyring.
==> Use 'pacman-key --init' to correct the keyring permissions.
[root@archdevel ~]# pacman-key --init
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: revocation certificate stored as
'/etc/pacman.d/gnupg/openpgp-revocs.d/A99B568F9C124056C01DEBFAE33864D7C9C3D4FB.rev'
gpg: Done
==> Updating trust database...
gpg: public key of ultimately trusted key 489992F0B03F986A not found
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
==> ERROR: Trust database could not be updated.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Is this a root of my problem?
[root@archdevel ~]# gpg --homedir /etc/pacman.d/gnupg --list-keys
gpg: WARNING: unsafe permissions on homedir '/etc/pacman.d/gnupg'
/etc/pacman.d/gnupg/pubring.kbx
-------------------------------
pub rsa4096 2014-11-04 [SC]
5C81C9D6C8D7475DF65A0C884FE7F4FEAC8EBE67
uid [ unknown] Justin Kromlinger <hashworks@xxxxxxxxxxxxx
[a lot of entries....]
Then I tried again:
[root@archdevel ~]# pacman -Suy -v
Root : /
Conf File : /etc/pacman.conf
DB Path : /var/lib/pacman/
Cache Dirs: /var/cache/pacman/pkg/
Hook Dirs : /usr/share/libalpm/hooks/ /etc/pacman.d/hooks/
Lock File : /var/lib/pacman/db.lck
Log File : /var/log/pacman.log
GPG Dir : /etc/pacman.d/gnupg/
Targets : None
:: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
multilib is up to date
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...
Packages (41) btrfs-progs-6.5.1-1 chromium-117.0.5938.62-1
cmake-3.27.5-1 code-1.82.0-2 containerd-1.7.6-1 curl-8.3.0-1
dotnet-host-7.0.11.sdk111-1 dotnet-runtime-7.0.11.sdk111-1
dotnet-sdk-7.0.11.sdk111-1 dotnet-targeting-pack-7.0.11.sdk111-1
ffmpeg-2:6.0-10 filelight-23.08.1-1 firefox-117.0.1-1
ghostscript-10.02.0-1 glib2-2.78.0-2 graphviz-9.0.0-1
kompare-23.08.1-1 lib32-curl-8.3.0-1 lib32-glib2-2.78.0-2
lib32-libtiff-4.6.0-1 libarchive-3.7.2-1 libimagequant-4.2.1-1
libkomparediff2-23.08.1-1 liblouis-3.27.0-1
libportal-0.7-1 libportal-gtk3-0.7-1 libreoffice-fresh-7.6.1-1
librsvg-2:2.57.0-1 libtiff-4.6.0-1 libwebp-1.3.2-1
linux-6.5.3.arch1-1 linux-headers-6.5.3.arch1-1 linux-lts-6.1.53-1
linux-lts-headers-6.1.53-1
netstandard-targeting-pack-7.0.11.sdk111-1 nvidia-535.104.05-6
python-gobject-3.46.0-1 python-sphinx-7.2.6-1 qt5-script-5.15.15-1
qt5-webengine-5.15.15-1 sqlite-3.43.1-1
Total Installed Size: 2583.28 MiB
Net Upgrade Size: -0.07 MiB
:: Proceed with installation? [Y/n] y
(41/41) checking keys in keyring
[##############################################################################################]
100%
downloading required keys...
:: Import PGP key 771DF6627EDF681F, "Tobias Powalowski
<tpowa@xxxxxxxxxxxxx>"? [Y/n] y
:: Import PGP key 3B94A80E50A477C7, "Jan Alexander Steffens (heftig)
<heftig@xxxxxxxxxxxxx>"? [Y/n] y
:: Import PGP key 6D42BDD116E0068F, "Christian Hesse
<eworm@xxxxxxxxxxxxx>"? [Y/n] y
:: Import PGP key 94657AB20F2A092B, "Andreas Radke
<andyrtr@xxxxxxxxxxxxx>"? [Y/n] y
:: Import PGP key 51E8B148A9999C34, "Evangelos Foutras
<foutrelis@xxxxxxxxxxxxx>"? [Y/n] y
:: Import PGP key 7A4E76095D8A52E4, "Antonio Rojas
<arojas@xxxxxxxxxxxxx>"? [Y/n] y
:: Import PGP key EA4F7B321A906AD9, "Daniel M. Capella
<polyzen@xxxxxxxxxxxxx>"? [Y/n] y
y( 9/41) checking package integrity
[###########-----------------------------------------------------------------------------------]
12(41/41) checking package integrity
[##############################################################################################]
100%
error: btrfs-progs: signature from "Tobias Powalowski
<tpowa@xxxxxxxxxxxxx>" is unknown trust
:: File /var/cache/pacman/pkg/btrfs-progs-6.5.1-1-x86_64.pkg.tar.zst is
corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
Following wiki I tried to repopulate database:
[root@archdevel ~]# pacman-key --populate
==> Appending keys from archlinux.gpg...
gpg: public key of ultimately trusted key 489992F0B03F986A not found
==> Locally signing trusted keys in keyring...
==> ERROR: 2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E could not be locally
signed.
==> ERROR: 69E6471E3AE065297529832E6BA0F5A2037F4F41 could not be locally
signed.
==> ERROR: D8AFDDA07A5B6EDFA7D8CCDAD6D055F927843F1C could not be locally
signed.
==> ERROR: 91FFE0700E80619CEB73235CA88E23E377514E00 could not be locally
signed.
[root@archdevel ~]# pacman-key --refresh-keys
gpg: key 4FE7F4FEAC8EBE67: "Justin Kromlinger <justin@xxxxxxxxxxxxx>"
not changed
gpg: key 4FE7F4FEAC8EBE67: "Justin Kromlinger <justin@xxxxxxxxxxxxx>"
not changed
gpg: Total number processed: 2
gpg: unchanged: 2
[lot of entries, some errors like this:
==> ERROR: Could not update key: BBE43771487328A9
gpg: error retrieving 'ibiru@xxxxxxxxxxxxx' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkp://pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: E8F18BA1615137BC
gpg: error retrieving 'jonno.conder@xxxxxxxxx' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkp://pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: AF7EF7873CFD4BB6
...]
Now I am not even able to reinstall archlinux-keyring:
[root@archdevel ~]# pacman -S archlinux-keyring
warning: archlinux-keyring-20230821-2 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...
Packages (1) archlinux-keyring-20230821-2
Total Installed Size: 1.62 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring
[##############################################################################################]
100%
(1/1) checking package integrity
[##############################################################################################]
100%
error: archlinux-keyring: signature from "Christian Hesse
<eworm@xxxxxxxxxxxxx>" is unknown trust
:: File
/var/cache/pacman/pkg/archlinux-keyring-20230821-2-any.pkg.tar.zst is
corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
What could I do to fix this problem? Do I understand it right that ths
is a problem with pacman-key --init ?
Regards,
Łukasz
