Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#38763 - Expired GPG public key for Thorsten Töpper
Attached to Project:
Arch Linux
Opened by Kyle (2bluesc) - Sunday, 02 February 2014, 00:44 GMT
Last edited by Eric Belanger (Snowman) - Sunday, 02 February 2014, 15:22 GMT
Opened by Kyle (2bluesc) - Sunday, 02 February 2014, 00:44 GMT
Last edited by Eric Belanger (Snowman) - Sunday, 02 February 2014, 15:22 GMT
|
DetailsDescription:
The GPG public key (295AFBF4) for maintainer "Thorsten Töpper" has expired and as a result pacman fails to verify downloads and install them. In my particular case this package was john-1.7.9-7-x86_64.pkg.tar.xz. I'm sure there are other packages with this problem, potentially all of these: https://www.archlinux.org/packages/?maintainer=ttoepper Steps to reproduce: $ pacman-key -v ./john-1.7.9-7-x86_64.pkg.tar.xz.sig ==> Checking ./john-1.7.9-7-x86_64.pkg.tar.xz.sig ... gpg: Signature made Fri 21 Sep 2012 07:31:51 AM PDT using DSA key ID 295AFBF4 gpg: NOTE: trustdb not writable gpg: Good signature from "Thorsten Töpper <atsutane@freethoughts.de>" gpg: aka "Thorsten Töpper <t.toepper@gmx.de>" gpg: aka "Thorsten Toepper (Atsutane) <atsutane@freethoughts.de>" gpg: Note: This key has expired! Primary key fingerprint: 39F8 80E5 0E49 A4D1 1341 E8F9 39E4 F17F 295A FBF4 ==> ERROR: The signature identified by ./john-1.7.9-7-x86_64.pkg.tar.xz.sig could not be verified. $ pacman-key -l 295AFBF4 gpg: NOTE: trustdb not writable pub 2048D/295AFBF4 2009-02-20 [expired: 2014-01-22] uid Thorsten Töpper <atsutane@freethoughts.de> uid Thorsten Töpper <t.toepper@gmx.de> uid Thorsten Toepper (Atsutane) <atsutane@freethoughts.de> |
This task depends upon
$ pacman-key -v ./john-1.7.9-7-x86_64.pkg.tar.xz.sig
==> Checking ./john-1.7.9-7-x86_64.pkg.tar.xz.sig ...
gpg: Signature made Fri 21 Sep 2012 10:31:51 AM EDT using DSA key ID 295AFBF4
gpg: NOTE: trustdb not writable
gpg: Good signature from "Thorsten Töpper <atsutane@freethoughts.de>"
gpg: aka "Thorsten Töpper <t.toepper@gmx.de>"
gpg: aka "Thorsten Toepper (Atsutane) <atsutane@freethoughts.de>"
(x86_64) PWD: /tmp
143 eric@ovide $ pacman -Q archlinux-keyring
archlinux-keyring 20140124-1