FS#47921 : archlinux-keyring should be upgraded before other packages to prevent inadvertent PGP errors

FS#47921 - archlinux-keyring should be upgraded before other packages to prevent inadvertent PGP errors

Attached to Project: Arch Linux
Opened by Max Pray (synthead) - Thursday, 28 January 2016, 04:03 GMT
Last edited by Doug Newgard (Scimmia) - Thursday, 28 January 2016, 04:24 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	No-one
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description: archlinux-keyring should be upgraded before other packages (much like pacman). Attempting to install new packages signed by new trusted users before upgrading archlinux-keyring will throw a PGP error that claims that the package is corrupt.

An example of this is "confuse", version 2.8-2, signed by Thorsten Töpper. Before installing "archlinux-keyring" version 20160123-1, this message is displayed:

error: confuse: signature from "Thorsten Töpper <atsutane@freethoughts.de>" is unknown trust
:: File /var/cache/pacman/pkg/confuse-2.8-2-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]

As a workaround, archlinux-keyring can be specifically upgraded and affected packages should upgrade without an issue.

This task depends upon

Closed by Doug Newgard (Scimmia)
Thursday, 28 January 2016, 04:24 GMT
Reason for closing: Duplicate
Additional comments about closing: ~~FS#47892~~

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#47921 - archlinux-keyring should be upgraded before other packages to prevent inadvertent PGP errors

Details

Loading...