After a few weeks, my wife's machine won't update

mlytle0 · December 28, 2022, 11:28pm

O.K. with holidays and everything this PC didn’t get the attention it deserved. So 228 files needed updated. It passed the Keyring stage so I take it it shouldn’t be unrecoverable, but what to do with this?

         thunar-volman-4.18.0-1  ttf-bitstream-vera-1.10-15  tumbler-4.18.0-1
           unrar-1:6.2.3-1  webkit2gtk-2.38.3-1  webkit2gtk-4.1-2.38.3-1
           webkit2gtk-5.0-2.38.3-1  welcome-3.45-1  whois-5.5.15-1  wireplumber-0.4.13-1
           xcb-util-0.4.1-1  xdg-desktop-portal-1.16.0-1  xfce4-appfinder-4.18.0-1
           xfce4-notifyd-0.6.5-1  xfce4-panel-4.18.0-1  xfce4-power-manager-4.18.0-1
           xfce4-screenshooter-1.10.1-2  xfce4-session-4.18.0-1  xfce4-settings-4.18.1-1
           xfce4-taskmanager-1.5.5-1  xfconf-4.18.0-1  xfdesktop-4.18.0-1  xfsprogs-6.0.0-2
           xfwm4-4.18.0-1  xorg-server-21.1.6-1  xorg-server-common-21.1.6-1
           xorg-xhost-1.0.9-1  xz-5.4.0-1  yad-12.3-1.1  yad-eos-12.1-1.1 [removal]
           zvbi-0.2.38-1

Total Installed Size: 4815.36 MiB
Net Upgrade Size: -59.74 MiB

:: Proceed with installation? [Y/n] y
(227/227) checking keys in keyring [--------------------------------] 100%
(227/227) checking package integrity [--------------------------------] 100%
error: openssl: signature from “Pierre Schmitz pierre@archlinux.org” is marginal trust
:: File /var/cache/pacman/pkg/openssl-3.0.7-4-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: openssl-1.1: signature from “Pierre Schmitz pierre@archlinux.org” is marginal trust
:: File /var/cache/pacman/pkg/openssl-1.1-1.1.1.s-4-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]

It fails after this point.

manuel · December 28, 2022, 11:30pm

Install archlinux-keyring first, then update the system.

mlytle0 · December 28, 2022, 11:31pm

is that a paru or yay command?

manuel · December 28, 2022, 11:32pm

Any of pacman, yay, or paru will do. Pacman needs sudo.

mlytle0 · December 28, 2022, 11:33pm

Found it:
pacman -S archlinux-keyring

manuel · December 28, 2022, 11:34pm

I assume you already used flag y in your previous attempt.

mlytle0 · December 28, 2022, 11:35pm

No, I have no idea about that.

manuel · December 28, 2022, 11:36pm

So,

sudo pacman -Sy archlinux-keyring
paru

mlytle0 · December 28, 2022, 11:38pm

[mark3@mark3-optiplex9020 ~]$ sudo pacman -Sy archlinux-keyring
[sudo] password for mark3:
:: Synchronizing package databases…
error: failed to synchronize all databases (unable to lock database)
[mark3@mark3-optiplex9020 ~]$

Maybe I caused that. I initially tried to timeshift it back before the problem. Maybe caused more problems.

Although if timeshift would do that, when could you ever use it?

manuel · December 28, 2022, 11:41pm

You’ll need to delete the pacman db lock file.
Sorry but I can’t remember its location, and am not at my linux box now.
It is db.lck …

mlytle0 · December 28, 2022, 11:42pm

I’ll check the web, thanks for the insight.

mlytle0 · December 28, 2022, 11:58pm

All fixed, ran pacman -Syu, and that updated synchronized the databases, then keyring, then paru. All good.

Zircon34 · December 29, 2022, 5:11pm

I just had the same problem to update, and installing archlinux-keyring fixed it.

Just out of curiosity, why do I have to install archlinux-keyring to update my system, shouldn’t this be installed out of the box, or is this just updating my keyrings in the system?

manuel · December 29, 2022, 5:15pm

It is about the order of installing packages.
If Arch keyrings change, then we should install new keys before installing other packages (that already depend on the new keys).
I don’t actually know all the details, but this is basically my understanding about it.

pebcak · December 29, 2022, 5:22pm

Since some versions ago, Arch started shipping archlinux-keyring with a

archlinux-keyring-wkd-sync.service

which is triggered by its corresponding timer.

Wasn’t that aimed to remedy this issue of outdated signatures?

manuel · December 29, 2022, 5:31pm

Yes. But it remains to be seen how it helps…

Edit: Maybe systems that haven’t been updated for a long time don’t have that yet.

pebcak · December 29, 2022, 5:38pm

If my memory serves me right, it was introduced a some months ago and perhaps the user invention for enabling the timer was needed. I don’t recall now

So the systems that don’t have it must be quite antiquated, says someone who check for updates like 10 times a day

manuel · December 29, 2022, 5:43pm

Well, that happens… for systems that are not used for a long time. Could be e.g. a virtual machine, or an old laptop stored in a drawer, or whatever.
Happened very recently, within a couple of days, actually.

Yeah, I update many times a day too.

mlytle0 · December 29, 2022, 5:45pm

Question is, what if you went out of the country for a few months or a year and left your laptop behind? Would the keyring reload always work? Is there a time limit?

Is it like a clock or a timer of set duration or something squishier than that?

Never mind, reading further up explained it. Order of upgrading packages.

Zircon34 · December 29, 2022, 5:52pm

True I have not updated my system for about 3 weeks, could be considered ages for arch system