Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#59560 - 3 packages found with invalid PGP signatures

Attached to Project: Community Packages
Opened by Mr. Rug (rug) - Wednesday, 08 August 2018, 01:15 GMT
Last edited by Eli Schwartz (eschwartz) - Wednesday, 08 August 2018, 01:47 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To No-one
Architecture x86_64
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description: libvirt-4.5.0-1-x86_64.pkg.tar.xz virt-install-1.5.1-1-any.pkg.tar.xz and virt-manager-1.5.1-1-any.pkg.tar.xz are all showing invalid PGP signatures from "Christian Rebischke (Arch Linux Security Team-Member) <Chris.Rebischke@archlinux.org>"


Additional info: This is a fully updated system and just install a few days ago. When trying to install KVM capabilities I came across these three packages showing invalid signatures. I ran a system update and tried again and received the same error. All three are showing the same error as well. "signature from "Christian Rebischke (Arch Linux Security Team-Member)Chris.Rebischke@archlinux.org>" is unknown trust" It would seem that either this signature needs to be added or these packages need to be resigned.



Steps to reproduce: Rug the following command
pacman -S libvirt virt-install virt-manager
This task depends upon

Closed by  Eli Schwartz (eschwartz)
Wednesday, 08 August 2018, 01:47 GMT
Reason for closing:  Not a bug
Additional comments about closing:  the signatures are fine, unknown trust implies you don't have archlinux-keyring or your archlinux-keyring is from 2016

Loading...