FS#27965 - Pacman fails to import keys
Attached to Project:
Pacman
Opened by Alex Merry (pippin) - Tuesday, 17 January 2012, 01:00 GMT
Last edited by Allan McRae (Allan) - Saturday, 18 February 2012, 07:08 GMT
Opened by Alex Merry (pippin) - Tuesday, 17 January 2012, 01:00 GMT
Last edited by Allan McRae (Allan) - Saturday, 18 February 2012, 07:08 GMT
|
Details
Summary and Info:
Pacman attempts, but fails, to import keys it hasn't seen before when installing packages from official repositories. Importing them using pacman-key --recv-keys works fine. Steps to Reproduce: Followed instructions at http://allanmcrae.com/2011/12/pacman-package-signing-4-arch-linux/ to install, sign and trust master keys. $ pacman -Suy [snip] Targets (2): gpgme-1.3.1-2 ttf-junicode-0.7.1-1 Total Download Size: 1.02 MiB Total Installed Size: 3.39 MiB Net Upgrade Size: -0.06 MiB Proceed with installation? [Y/n] :: Retrieving packages from core... gpgme-1.3.1-2-x86_64 [progress...] :: Retrieving packages from extra... ttf-junicode-0.7.1-1-any [progress...] (2/2) checking package integrity [progress...] error: gpgme: key "1EB2638FF56C0C53" is unknown :: Import PGP key F56C0C53, "Dave Reisner <d@falconindy.com>", created 2011-06-25? [Y/n] error: key "Dave Reisner <d@falconindy.com>" could not be imported error: ttf-junicode: key "F3E1D5C5D30DB0AD" is unknown error: key "F3E1D5C5D30DB0AD" could not be looked up remotely error: failed to commit transaction (invalid or corrupted package (PGP signature)) Errors occurred, no packages were upgraded. $ pacman -Su [snip] Targets (2): gpgme-1.3.1-2 ttf-junicode-0.7.1-1 Total Installed Size: 3.39 MiB Net Upgrade Size: -0.06 MiB Proceed with installation? [Y/n] (2/2) checking package integrity [progress...] error: gpgme: key "1EB2638FF56C0C53" is unknown :: Import PGP key F56C0C53, "Dave Reisner <d@falconindy.com>", created 2011-06-25? [Y/n] error: ttf-junicode: key "F3E1D5C5D30DB0AD" is unknown :: Import PGP key D30DB0AD, "Andrea Scarpino <bash.lnx@gmail.com>", created 2011-04-19? [Y/n] error: key "Andrea Scarpino <bash.lnx@gmail.com>" could not be imported (2/2) checking package integrity [progress...] error: ttf-junicode: key "F3E1D5C5D30DB0AD" is unknown error: key "F3E1D5C5D30DB0AD" could not be looked up remotely error: failed to commit transaction (invalid or corrupted package (PGP signature)) Errors occurred, no packages were upgraded. (note: it tries both keys this time, but only one the first time). $ pacman-key --recv-keys F56C0C53 gpg: requesting key F56C0C53 from hkp server subkeys.pgp.net gpg: key F56C0C53: "Dave Reisner <d@falconindy.com>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 ==> Updating trust database... gpg: no need for a trustdb check $ pacman-key --recv-keys D30DB0AD gpg: requesting key D30DB0AD from hkp server subkeys.pgp.net gpg: key D30DB0AD: public key "Andrea Scarpino (Arch Linux) <andrea@archlinux.org>" imported gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 5 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: depth: 1 valid: 5 signed: 2 trust: 0-, 0q, 0n, 5m, 0f, 0u gpg: depth: 2 valid: 2 signed: 0 trust: 2-, 0q, 0n, 0m, 0f, 0u gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) ==> Updating trust database... gpg: no need for a trustdb check $ pacman -Su [snip] Targets (2): gpgme-1.3.1-2 ttf-junicode-0.7.1-1 Total Installed Size: 3.39 MiB Net Upgrade Size: -0.06 MiB Proceed with installation? [Y/n] (2/2) checking package integrity [progress...] (2/2) loading package files [progress...] (2/2) checking for file conflicts [progress...] (2/2) checking available disk space [progress...] (1/2) upgrading gpgme [progress...] (2/2) upgrading ttf-junicode [progress...] Updating font cache... done. |
This task depends upon
Closed by Allan McRae (Allan)
Saturday, 18 February 2012, 07:08 GMT
Reason for closing: Upstream
Additional comments about closing: upstream being the keyserver providers...
Saturday, 18 February 2012, 07:08 GMT
Reason for closing: Upstream
Additional comments about closing: upstream being the keyserver providers...
https://wiki.archlinux.org/index.php/Pacman-key
> error: key "Dave Reisner <d@falconindy.com>" could not be imported
Importing works with some other keys (e.g. key F53A76ED, "Dan McGee <dpmcgee@gmail.com>", created 2007-06-26), but fails with most of the keys.
I also think pacman should exit after it failed to import a key (package verification is unlikely to succeed anyway, right?)
toofishes: adjust the keyserver param to what?
tnx