I have been trying to do a fresh install for two days now and every time I try to refresh the keys it fails. This is the July release.
hello,I saw that.
1 Like
Which keyservers do you use?
for aur packages
This is the live ISO here is the output:
gpg: next trustdb check due at 2021-01-01
gpg: refreshing 119 keys from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: General error
==> ERROR: A specified local key could not be updated from a keyserver.
Press ENTER to close this window:
Joekamprad spoke in a thread about this problem…
OK let me search for it. I must have overlooked it.
1 Like
You wouldn’t happen to have a link? The only threads I see relate to errors with keys. This has no error…
I’ve been having issues with pool.sks-keyservers.net over the past few days, and I think this is common for others too. A different keyserver will work (e.g. keyserver.ubuntu.com).
2 Likes
It appears to be an error with the SSL certificate of pool.sks-keyservers.net. The server is providing a certificate for pgp.ocf.berkeley.edu.
EDIT: The certificate is also expired.
3 Likes
I should have taken my own advice and read the Arch wiki more carefully. I’ll try this later:
Adding developer keys
The official developer and Trusted Users (TU) keys are signed by the master keys, so you do not need to use pacman-key to sign them yourself. Whenever pacman encounters a key it does not recognize, it will prompt to download it from a keyserver configured in /etc/pacman.d/gnupg/gpg.conf (or by using the --keyserver option on the command line). Wikipedia maintains a list of keyservers.
Once you have downloaded a developer key, you will not have to download it again, and it can be used to verify any other packages signed by that developer.
Note: The archlinux-keyring package, which is a dependency of pacman, contains the latest keys. However keys can also be updated manually using pacman-key --refresh-keys (as root). While doing --refresh-keys , your local key will also be looked up on the remote keyserver, and you will receive a message about it being not found. This is nothing to be concerned about.
1 Like
Hey all, I’ve successfully changed my keyserver to hkps://keyserver.ubuntu.com/ like jonathon recommended, but when trying to update, I get an error that the signature from "EndeavourOS <info@endeavouros.com>" is unknown trust and thus, welcome, eos-update-notifier and grub-tools can’t be updated. How would I go about “trusting” that signature? I’ve already tried a pacman-key --refresh-keys, which does what Elloquin described at the end of their message.
Either install endeavouros-keyring or locally sign the specific key using pacman-key --lsign.
Thanks for your help! Locally signing the key worked. (Reinstalling endeavouros-keyring wouldn’t have worked since it also is signed with the key)
1 Like
It will if you install the package file using pacman -U. 
2 Likes
root@elloquin-elloquin ~]# sudo pacman -U endeavouros-keyring
loading packages...
error: 'endeavouros-keyring': could not find or read package
[root@elloquin-elloquin ~]#
wget https://mirror.alpix.eu/endeavouros/repo/endeavouros/x86_64/endeavouros-keyring-1-4-any.pkg.tar.xz
sudo pacman -U endeavouros-keyring-1-4-any.pkg.tar.xz
should work?
3 Likes
Woops it’s not signed?
[root@elloquin-elloquin ~]# sudo pacman -U https://mirror.alpix.eu/endeavouros/repo/endeavouros/x86_64/endeavouros-keyring-1-4-any.pkg.tar.xz
loading packages...
error: '/var/cache/pacman/pkg/endeavouros-keyring-1-4-any.pkg.tar.xz': package missing required signature
[root@elloquin-elloquin ~]#
1 Like
I think one of the devs will have to do some manual intervention. No pun intended. 