Problem
Original Problem
When updating with sudo pacman -Syyu, after downloading all update packages, pacman tries to download and import required keys. However, none of the keys can be imported:
Total (78/78) 819.0 MiB 7.89 MiB/s 01:44 [###############################################] 100%
(79/79) checking keys in keyring [###############################################] 100%
downloading required keys...
:: Import PGP key 7A4E76095D8A52E4, "Antonio Rojas <[email protected]>"? [Y/n] y
error: key "7A4E76095D8A52E4" could not be imported
:: Import PGP key 150C200743ED46D8, "Mark Wagie <[email protected]>"? [Y/n] y
error: key "150C200743ED46D8" could not be imported
:: Import PGP key 539DFD48135182EF, "Juergen Hoetzel <[email protected]>"? [Y/n] y
error: key "539DFD48135182EF" could not be importedAttempted Fixes
Tried to update pacman mirrors and refresh keys via:
sudo pacman-mirrors --continent
sudo pacman-key --refresh-keys && sudo pacman-key --populateMirror update succeeds, but key refresh shows the following error for each key it tries to refresh:
snowsr ❯ sudo pacman-key --refresh-keys && sudo pacman-key --populate
gpg: checking the trustdb
gpg: [don't know]: invalid packet (ctb=00)
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keyring_get_keyblock failed: Invalid keyring
gpg: failed to rebuild keyring cache: Invalid keyring
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: [don't know]: invalid packet (ctb=00)
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keydb_get_keyblock failed: Invalid keyring
gpg: validate_key_list failed
gpg: [don't know]: invalid packet (ctb=00)
gpg: keydb_search failed: Invalid packet
gpg: checking the trustdb
gpg: [don't know]: invalid packet (ctb=00)
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keyring_get_keyblock failed: Invalid keyring
gpg: failed to rebuild keyring cache: Invalid keyring
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: [don't know]: invalid packet (ctb=00)
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keydb_get_keyblock failed: Invalid keyring
gpg: validate_key_list failed
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: [don't know]: invalid packet (ctb=00)
gpg: keyserver refresh failed: Invalid packet
==> ERROR: Could not update key: A04F9397CDFD6BB0I have also changed DbOptinal to DbNever in pacman.conf . Still no magic.
Solution
Method
- I followed instructions here. The blog provides a bash script that can fully “reset” pacman (mirrors, keys, trustdbs, etc.)
- Running the downloaded script with
--aggressiveflag solves the problem.
Code
#!/usr/bin/env bash
# This script is copied from "https://forum.manjaro.org/t/howto-work-around-gpg-verification-issue-on-left-behind-systems/125822"
set -o errexit #>Exit when a command fails (returns non-zero)
set -o pipefail #>Exit when a command within a pipeline fail (returns non-zero)
set -o nounset #>Forbid to use unset
# Reset language to defaultx
export LANG=C
# Switch to root account
RunasRoot () { sudo --login --user=root "$@"; }
# Colors for messages
PrintInfo () { printf '\e[32m[INFO]\e[0m \e[33m%s\e[0m\n' "$1"; }
PrintError () { printf '\e[31m[ERROR]\e[0m \e[33m%s\e[0m\n' "$1"; }
PrintQuestion () { printf '\e[35m[QUESTION]\e[0m \e[33m%s\e[0m\n' "$1"; }
RmLockFiles ()
{
PrintInfo "Remove lock files of pamac and pacman"
RunasRoot find /var/tmp/pamac/ -type f -iname "*db.lck" -exec rm --force --verbose "{}" \;
RunasRoot find /var/lib/pacman/ -type f -iname "*db.lck" -exec rm --force --verbose "{}" \;
}
AskForUpgrade ()
{
PrintInfo "Performing a full upgrade with pacman"
while true; do
PrintQuestion "Do you want to continue? [Yy/Nn] (Be aware that a full upgrade needs enough ram on a live session)"
read -p "> [Yy/Nn] " yn
case $yn in
[Yy]*)
RunasRoot pacman --sync --refresh --refresh --sysupgrade --sysupgrade --noconfirm
PrintInfo "Done. Note that you need to refresh the database for pamac also."
break
;;
[Nn]*)
break
;;
*)
PrintError "No valid answer. Continue." && continue ;;
esac
done
}
AskForRefreshKeys ()
{
PrintInfo "Refresh GnuPG Database of pacman from the Internet"
while true; do
PrintQuestion "Do you want to continue? [Yy/Nn] (Note that this can take a while.)"
read -p "> [Yy/Nn] " yn
case $yn in
[Yy]*)
RunasRoot pacman-key --refresh-keys && break
;;
[Nn]*)
break
;;
*)
PrintError "No valid answer. Continue." && continue ;;
esac
done
}
AskForRemoveCache ()
{
PrintInfo "Remove cached software packages [optional]"
while true; do
PrintQuestion "Delete them? [Yy/Nn]"
read -p "[Yy/Nn] > " yn
case $yn in
[Yy]*)
PrintInfo "Removing package cache"
RunasRoot pacman --sync --clean --clean --noconfirm
if [[ $(ls /var/cache/pacman/pkg/ |wc -l) != 0]]; then
RunasRoot find /var/cache/pacman/pkg/ -type f -exec rm --force --verbose "{}" \;
fi
;;
[Nn]*)
break
;;
*)
PrintError "No valid answer." && continue ;;
esac
done
}
BasicMethod ()
{
RmLockFiles
PrintInfo "Refresh Package Database"
RunasRoot pacman --sync --refresh --refresh
PrintInfo "Populate local keyrings to the GnuPG Database of pacman"
RunasRoot pacman-key --populate archlinux manjaro
AskForRefreshKeys
AskForUpgrade
}
ModerateMethod ()
{
RmLockFiles
PrintInfo "Remove Pacman's GnuPG Database"
RunasRoot find /etc/pacman.d/gnupg/ -exec rm --recursive --force --verbose "{}" \;
PrintInfo "Initilize Pacman's GnuPG Database"
RunasRoot pacman-key --init
PrintInfo "Populate local keyrings to Pacman's GnuPG Database"
RunasRoot pacman-key --populate archlinux manjaro
AskForRefreshKeys
AskForRemoveCache
AskForUpgrade
}
AggressiveMethod ()
{
RmLockFiles
PrintInfo "Switch to global mirror (Manjaro's CDN)"
RunasRoot pacman-mirrors --country Global
RunasRoot pacman-mirrors --fasttrack 5
PrintInfo "Remove Pacman's GnuPG Database"
RunasRoot find /etc/pacman.d/gnupg/ -exec rm --recursive --force --verbose "{}" \;
PrintInfo "Initilize Pacman's GnuPG Database"
RunasRoot pacman-key --init
PrintInfo "Removing package cache"
RunasRoot pacman --sync --clean --clean --noconfirm
if [[ $(ls /var/cache/pacman/pkg/ |wc -l) != 0]]; then
RunasRoot find /var/cache/pacman/pkg/ -type f -exec rm --force --verbose "{}" \;
fi
PrintInfo "Create a temporary folder in /tmp"
TMPDIR="$(mktemp -d)"
PrintInfo "${TMPDIR}"
PrintInfo "Copy /etc/pacman.conf to ${TMPDIR}/pacman.conf and disable temporarily gpg verification."
RunasRoot cp "/etc/pacman.conf" "${TMPDIR}/pacman.conf"
RunasRoot sed --in-place --regexp-extended 's/^(SigLevel).+$/\1 = Never/g' "${TMPDIR}/pacman.conf"
PrintInfo "Download the newest packages which contains the gpg keyrings in ${TMPDIR}"
RunasRoot pacman --sync --refresh --downloadonly --noconfirm --cachedir "${TMPDIR}" --config "${TMPDIR}/pacman.conf" archlinux-keyring manjaro-keyring gnupg --overwrite "*"
PrintInfo "Install temporarily downloaded keyring packages"
RunasRoot pacman --upgrade --noconfirm --config "${TMPDIR}/pacman.conf" $(find ${TMPDIR} -type f -name "*.tar.*")
PrintInfo "Remove temporary directory: ${TMPDIR}"
RunasRoot find "${TMPDIR}" -type f -exec rm --recursive --force --verbose "{}" \;
RunasRoot rmdir --verbose "${TMPDIR}"
PrintInfo "Switch to a local mirror by Geolocation"
RunasRoot pacman-mirrors --geoip
RunasRoot pacman-mirrors --fasttrack 5
AskForRefreshKeys
AskForUpgrade
}
HelpPage ()
{
printf "\n\t%s\n" "Method 1 - Basic"
printf "\t%s\n" "1. Remove lock files of pamac and pacman"
printf "\t%s\n" "2. Refresh Package Database"
printf "\t%s\n" "3. Populate local keyrings to the GnuPG Database of pacman"
printf "\t%s\n" "4. Refresh GnuPG Database of pacman from the Internet [optional]"
printf "\t%s\n" "5. Performing a full upgrade with pacman [optional]"
printf "\n\t%s\n" "Method 2 - Moderate"
printf "\t%s\n" "1. Remove lock files of pamac and pacman"
printf "\t%s\n" "2. Remove Pacman's GnuPG Database"
printf "\t%s\n" "3. Initilize Pacman's GnuPG Database"
printf "\t%s\n" "4. Populate local keyrings to Pacman's GnuPG Database"
printf "\t%s\n" "5. Refresh GnuPG Database of pacman from the Internet [optional]"
printf "\t%s\n" "6. Remove cached software packages [optional]"
printf "\t%s\n" "7. Performing a full upgrade with pacman [optional]"
printf "\n\t%s\n" "Method 3 - Aggressive"
printf "\t%s\n" "1. Remove lock files of pamac and pacman"
printf "\t%s\n" "2. Switch to global mirror (Manjaro's CDN)"
printf "\t%s\n" "3. Remove Pacman's GnuPG Database"
printf "\t%s\n" "4. Initilize Pacman's GnuPG Database"
printf "\t%s\n" "5. Remove cached software packages"
printf "\t%s\n" "6. Create a temporary folder in /tmp"
printf "\t%s\n" "7. Copy /etc/pacman.conf to TMPDIR/pacman.conf and disable temporarily gpg verification."
printf "\t%s\n" "8. Download the newest packages which contains the gpg keyrings in TMPDIR"
printf "\t%s\n" "9. Install temporarily downloaded keyring packages"
printf "\t%s\n" "10. Remove temporary directory TMPDIR"
printf "\t%s\n" "11. Switch to a local mirror by Geolocation"
printf "\t%s\n" "12. Refresh GnuPG Database of pacman from the Internet [optional]"
printf "\t%s\n" "13. Performing a full upgrade with pacman [optional]"
printf "\n\t%s\n\n" "Note: That tool is not designed to fix gpg issues with your local user GnuPG Database, which is commonly used for AUR Packages as an example."
}
HelpUsage () { printf '\e[32m%s\e[0m\n' "$0 [--usage|--help|--basic|--moderate|--aggressive|--ask] (default: [--basic])"; }
Menu ()
{
clear
while true; do
printf '\e[33m%s\e[0m\n' "1. Basic"
printf '\e[33m%s\e[0m\n' "2. Moderate"
printf '\e[33m%s\e[0m\n' "3. Aggressive"
printf '\e[33m%s\e[0m\n' "4. Explanations of the methods"
printf '\n\e[33m%s\e[0m\n\n' "Type [q] to quit."
PrintQuestion "Choose a Method by typing the number and press ENTER on you keyboard."
read -p "[1,2,3,4,q]> " choice
case $choice in
1)
BasicMethod && exit
;;
2)
ModerateMethod && exit
;;
3)
AggressiveMethod && exit
;;
4)
HelpPage && continue
;;
q)
exit
;;
*)
clear && PrintError "No valid answer. Continue." && continue ;;
esac
done
}
[[ -z $@ ]] && BasicMethod && exit
case $1 in
--basic)
BasicMethod && exit
;;
--moderate)
ModerateMethod && exit
;;
--aggressive)
AggressiveMethod && exit
;;
--help)
HelpUsage && HelpPage && exit
;;
--usage)
HelpUsage && exit
;;
--ask)
Menu && exit
;;
*)
PrintError "\"$1\" is not a valid parameter. See \"$0 --usage\""
;;
esacAdditional Notes
- The mirror link provided under
notabug.orgis no longer accessible. Had to manually create the script locally. - My system is pretty up-to-date. Last update was done two weeks ago. Not sure why it would have similar symptom as a “left-behind-system”.
- My Manjaro distro:
DISTRIB_ID="ManjaroLinux"
DISTRIB_RELEASE="24.0.2"
DISTRIB_CODENAME="Wynsdey"
DISTRIB_DESCRIPTION="Manjaro Linux"References
HowTo: Work around gpg verification issue on left behind systems