Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#74538 - [libratbag] Package signing key expired

Attached to Project: Community Packages
Opened by drikqlis (drikqlis) - Friday, 22 April 2022, 18:02 GMT
Last edited by David Thurstenson (thurstylark) - Friday, 22 April 2022, 20:24 GMT
Task Type Bug Report
Category Packages
Status Assigned
Assigned To Filipe Laíns (FFY00)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No

Details

When trying to install there is an signature error:

sudo pacman -S libratbag
warning: libratbag-0.16-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (1) libratbag-0.16-1

Total Installed Size: 4,21 MiB
Net Upgrade Size: 0,00 MiB

:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring [##################################################] 100%
(1/1) checking package integrity [##################################################] 100%
error: libratbag: signature from "Filipe Laíns (FFY00) <lains@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/libratbag-0.16-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).

Tested on a clean VM. Keyring is up to date.
This task depends upon

Comment by Doug Newgard (Scimmia) - Friday, 22 April 2022, 22:33 GMT
I don't understand how this is happening.

debug: checking signature for /var/cache/pacman/pkg/libratbag-0.16-1-x86_64.pkg.tar.zst
debug: 1 signatures returned
debug: fingerprint: D235B495EAACDF78327ED8B0F893C674816AA95D
debug: summary: key expired
debug: status: Key expired
debug: timestamp: 1624548661
debug: exp_timestamp: 0
debug: validity: unknown; reason: Success
debug: key: 3DCE51D60930EBA47858BA4146F633CBB0EB4BF2, Filipe Laíns (FFY00) <lains@archlinux.org>, owner_trust unknown, disabled 0
debug: signature is valid
debug: signature is unknown trust

Yet:

pacman-key --list-keys 3DCE51D60930EBA47858BA4146F633CBB0EB4BF2
gpg: Note: trustdb not writable
pub rsa4096 2018-04-18 [SC] [expires: 2023-04-17]
3DCE51D60930EBA47858BA4146F633CBB0EB4BF2
uid [ full ] Filipe Laíns (FFY00) <lains@archlinux.org>
uid [marginal] Filipe Laíns (FFY00) <lains@aurorafoss.org>
uid [marginal] Filipe Laíns (FFY00) <filipe.lains@gmail.com>
uid [ unknown] Filipe Laíns (FFY00) <lains@riseup.net>
sub rsa4096 2018-04-18 [E] [expires: 2023-04-17]

It doesn't seem to expire for another year?
Comment by Stefan Klinger (Geldorn) - Friday, 22 April 2022, 22:45 GMT
While I was searching for the cause I got a hint by the following command:

gpg --verify -v lrzip-0.641-1-x86_64.pkg.tar.zst.sig
gpg: assuming signed data in 'lrzip-0.641-1-x86_64.pkg.tar.zst'
gpg: Signature made Wed 24 Mar 2021 07:36:45 PM CET
gpg: using RSA key D235B495EAACDF78327ED8B0F893C674816AA95D
gpg: Note: signature key F893C674816AA95D expired Fri 22 Apr 2022 02:09:42 PM CEST
gpg: using subkey F893C674816AA95D instead of primary key 46F633CBB0EB4BF2
gpg: Note: signature key F893C674816AA95D expired Fri 22 Apr 2022 02:09:42 PM CEST
gpg: Note: signature key F893C674816AA95D expired Fri 22 Apr 2022 02:09:42 PM CEST
gpg: using subkey F893C674816AA95D instead of primary key 46F633CBB0EB4BF2
gpg: using pgp trust model
gpg: Good signature from "Filipe Laíns (FFY00) <lains@archlinux.org>" [unknown]
gpg: aka "Filipe Laíns (FFY00) <lains@riseup.net>" [unknown]
gpg: aka "Filipe Laíns (FFY00) <lains@aurorafoss.org>" [unknown]
gpg: aka "Filipe Laíns (FFY00) <filipe.lains@gmail.com>" [unknown]
gpg: Note: signature key F893C674816AA95D expired Fri 22 Apr 2022 02:09:42 PM CEST
gpg: using subkey F893C674816AA95D instead of primary key 46F633CBB0EB4BF2
gpg: Note: signature key F893C674816AA95D expired Fri 22 Apr 2022 02:09:42 PM CEST
gpg: Note: This key has expired!
Primary key fingerprint: 3DCE 51D6 0930 EBA4 7858 BA41 46F6 33CB B0EB 4BF2
Subkey fingerprint: D235 B495 EAAC DF78 327E D8B0 F893 C674 816A A95D
gpg: binary signature, digest algorithm SHA256, key algorithm rsa4096
Comment by loqs (loqs) - Saturday, 23 April 2022, 00:15 GMT
The following shows the expired subkey D235B495EAACDF78327ED8B0F893C674816AA95D which gpg hides by default
gpg --homedir /etc/pacman.d/gnupg --fingerprint --fingerprint --list-options show-unusable-subkeys --list-key d235b495eaacdf78327ed8b0f893c674816aa95d

Loading...