Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#38763 - Expired GPG public key for Thorsten Töpper

Attached to Project: Arch Linux
Opened by Kyle (2bluesc) - Sunday, 02 February 2014, 00:44 GMT
Last edited by Eric Belanger (Snowman) - Sunday, 02 February 2014, 15:22 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To No-one
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
The GPG public key (295AFBF4) for maintainer "Thorsten Töpper" has expired and as a result pacman fails to verify downloads and install them. In my particular case this package was john-1.7.9-7-x86_64.pkg.tar.xz.

I'm sure there are other packages with this problem, potentially all of these:
https://www.archlinux.org/packages/?maintainer=ttoepper


Steps to reproduce:
$ pacman-key -v ./john-1.7.9-7-x86_64.pkg.tar.xz.sig
==> Checking ./john-1.7.9-7-x86_64.pkg.tar.xz.sig ...
gpg: Signature made Fri 21 Sep 2012 07:31:51 AM PDT using DSA key ID 295AFBF4
gpg: NOTE: trustdb not writable
gpg: Good signature from "Thorsten Töpper <atsutane@freethoughts.de>"
gpg: aka "Thorsten Töpper <t.toepper@gmx.de>"
gpg: aka "Thorsten Toepper (Atsutane) <atsutane@freethoughts.de>"
gpg: Note: This key has expired!
Primary key fingerprint: 39F8 80E5 0E49 A4D1 1341 E8F9 39E4 F17F 295A FBF4
==> ERROR: The signature identified by ./john-1.7.9-7-x86_64.pkg.tar.xz.sig could not be verified.

$ pacman-key -l 295AFBF4
gpg: NOTE: trustdb not writable
pub 2048D/295AFBF4 2009-02-20 [expired: 2014-01-22]
uid Thorsten Töpper <atsutane@freethoughts.de>
uid Thorsten Töpper <t.toepper@gmx.de>
uid Thorsten Toepper (Atsutane) <atsutane@freethoughts.de>

This task depends upon

Closed by  Eric Belanger (Snowman)
Sunday, 02 February 2014, 15:22 GMT
Reason for closing:  Not a bug
Comment by Eric Belanger (Snowman) - Sunday, 02 February 2014, 15:22 GMT
Update your system: pacman -Syu

$ pacman-key -v ./john-1.7.9-7-x86_64.pkg.tar.xz.sig
==> Checking ./john-1.7.9-7-x86_64.pkg.tar.xz.sig ...
gpg: Signature made Fri 21 Sep 2012 10:31:51 AM EDT using DSA key ID 295AFBF4
gpg: NOTE: trustdb not writable
gpg: Good signature from "Thorsten Töpper <atsutane@freethoughts.de>"
gpg: aka "Thorsten Töpper <t.toepper@gmx.de>"
gpg: aka "Thorsten Toepper (Atsutane) <atsutane@freethoughts.de>"
(x86_64) PWD: /tmp
143 eric@ovide $ pacman -Q archlinux-keyring
archlinux-keyring 20140124-1

Loading...