I have been trying to do a fresh install for two days now and every time I try to refresh the keys it fails. This is the July release.
hello,I saw that.
Which keyservers do you use?
for aur packages
This is the live ISO here is the output:
gpg: next trustdb check due at 2021-01-01 gpg: refreshing 119 keys from hkps://hkps.pool.sks-keyservers.net gpg: keyserver refresh failed: General error ==> ERROR: A specified local key could not be updated from a keyserver. Press ENTER to close this window:
Joekamprad spoke in a thread about this problem…
OK let me search for it. I must have overlooked it.
You wouldn’t happen to have a link? The only threads I see relate to errors with keys. This has no error…
It appears to be an error with the SSL certificate of pool.sks-keyservers.net. The server is providing a certificate for pgp.ocf.berkeley.edu.
EDIT: The certificate is also expired.
I should have taken my own advice and read the Arch wiki more carefully. I’ll try this later:
Adding developer keys
The official developer and Trusted Users (TU) keys are signed by the master keys, so you do not need to use pacman-key to sign them yourself. Whenever pacman encounters a key it does not recognize, it will prompt to download it from a
keyserver configured in
/etc/pacman.d/gnupg/gpg.conf (or by using the
--keyserver option on the command line). Wikipedia maintains a list of keyservers.
Once you have downloaded a developer key, you will not have to download it again, and it can be used to verify any other packages signed by that developer.
Note: The archlinux-keyring package, which is a dependency of pacman, contains the latest keys. However keys can also be updated manually using
pacman-key --refresh-keys (as root). While doing
--refresh-keys , your local key will also be looked up on the remote keyserver, and you will receive a message about it being not found. This is nothing to be concerned about.
Hey all, I’ve successfully changed my keyserver to
hkps://keyserver.ubuntu.com/ like jonathon recommended, but when trying to update, I get an error that the
signature from "EndeavourOS <email@example.com>" is unknown trust and thus,
grub-tools can’t be updated. How would I go about “trusting” that signature? I’ve already tried a
pacman-key --refresh-keys, which does what Elloquin described at the end of their message.
endeavouros-keyring or locally sign the specific key using
Thanks for your help! Locally signing the key worked. (Reinstalling
endeavouros-keyring wouldn’t have worked since it also is signed with the key)
It will if you install the package file using
root@elloquin-elloquin ~]# sudo pacman -U endeavouros-keyring loading packages... error: 'endeavouros-keyring': could not find or read package [root@elloquin-elloquin ~]#
wget https://mirror.alpix.eu/endeavouros/repo/endeavouros/x86_64/endeavouros-keyring-1-4-any.pkg.tar.xz sudo pacman -U endeavouros-keyring-1-4-any.pkg.tar.xz
Woops it’s not signed?
[root@elloquin-elloquin ~]# sudo pacman -U https://mirror.alpix.eu/endeavouros/repo/endeavouros/x86_64/endeavouros-keyring-1-4-any.pkg.tar.xz loading packages... error: '/var/cache/pacman/pkg/endeavouros-keyring-1-4-any.pkg.tar.xz': package missing required signature [root@elloquin-elloquin ~]#
I think one of the devs will have to do some manual intervention. No pun intended.