EndeavourOS keyring updated, users should update soon

Today package endeavouros-keyring was updated.

This means users should update this package as soon as possible in order to avoid issues when updating other packages.

Similar to what we have been doing when Arch keyring updates, you should run commands

sudo pacman -Sy endeavouros-keyring
sudo pacman -Syu

Edit 2023.05.28:
Alternatively, you can run command

eos-update
43 Likes

What version of endeavouros-keyring is the new one?

sudo pacman -Sy endeavouros-keyring
[sudo] password for don: 
:: Synchronizing package databases...
 endeavouros is up to date
 core is up to date
 extra                                        8.2 MiB  8.35 MiB/s 00:01 [----------------------------------------] 100%
warning: endeavouros-keyring-20230523-1 is up to date -- reinstalling

@manuel if you are going to be out of the EnOS x86_64 github repository for a while, I will go ahead and update the EnOS aarch64 repo with the new keyring.

Pudge

2 Likes

No problem, go for it! :smile:

And it is version 20230523-1.

2 Likes

I think i already have it with normal updating?

[ricklinux@eos-plasma ~]$ sudo pacman -Sy endeavouros-keyring
[sudo] password for ricklinux: 
:: Synchronizing package databases...
 endeavouros is up to date
 core is up to date
 extra is up to date
 multilib is up to date
error: failed retrieving file 'endeavouros.db' from mirrors.gigenet.com : SSL connection timeout
warning: endeavouros-keyring-20230523-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Package (1)                      Old Version  New Version  Net Change

endeavouros/endeavouros-keyring  20230523-1   20230523-1     0.00 MiB

Total Installed Size:  0.01 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] 
1 Like

Yeah, normal update should work for now, but later it might not work anymore. That’s why this thread.

1 Like

It is a done deal. EnOS arm aarch64 github repo has the updated keyring.
It is already at the Alpix mirror ready to sync the remaining mirrors.

Pudge

4 Likes

Can someone point me to an article where the concept of this keyring is explained and why it is necessary to update it like this?

https://archlinux.org/master-keys/

Seems to be for ppl how know more than I do. :smiling_face_with_tear:

1 Like

The keyring package contains all (public) GPG keys of the packagers.
Packagers sign their packages with their (private) GPG key.
pacman validates all packages prior to installation if they were signed with any of these “trusted” keys contained in the keyring. (Thus you can be sure a package was built by an “official packager” and it has not been tampered with. A mirror could otherwise serve whatever garbage it wants and you’d install it blindly)

Now if a packager changes their signing keys (or there is a new packager with a new key) and starts signing packages with it, this new key needs to be in the keyring obviously, otherwise pacman will reject installing it. Thus you sometimes need to update the keyring package (to get this new key(s) being trusted) before installing any other packages.

Now that is a very simplified explanation. For more details, see:
https://wiki.archlinux.org/title/Pacman/Package_signing

15 Likes

Done, thank you @manuel . For anyone confused, just run the suggested two commands, there should be no issues.

3 Likes

@manuel thanks for pointing out. Done without any issues

4 Likes

thanks … i was just thinking… may i write some details about what the hell is a keyring ?

From this side of the counter it all looks completely natural and is nothing that surprises us… but from the other side you are handed a colorful cocktail… :cocktail:

hmmmm now i want to write an article about encryption and keys and rings in general…

7 Likes

Top notch idea.

There is always the wiki option

Discourse ‘Wiki Post’

However, this news plugin would be cool too, as a way to put information/articles front and foremost

News plugin

1 Like

@manuel , thanks for the notice. Thanks that EOS welcome pointed out there was new Software News. I find that I very good way to get my attention :slight_smile:, especially for someone who spends much time offline

2 Likes

thank you manuel, thist worked for me. found link to this on the arch (aur) linux package forum.

2 Likes
:: File /var/cache/pacman/pkg/yay-12.0.5-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

Issue solved. Thank you

3 Likes

Ran in to a mild issue, thought I’d share just in case anyone else hit it.
Just running yay or sudo pacman -Syu, there was an update for yay and the keyring.

yay failed to update citing corruption or invalid key.
The trick was to run yay, skip the yay update, and allow the keyring update to apply first, then update yay.
I tried all the manual keyring clear and update to no avail, in the end it was, as it usually is, an order of operations issue.

That’s not related to the keyring, so you should open a new topic for your issue.

1 Like

Personally, I prefer to use the eos-update script for updating. That checks for current keyrings before the system update and does a few other useful things.

This means that most keyring problems do not occur.

LANG=C pacman -Qo "$(type -p eos-update)"
/usr/bin/eos-update is owned by eos-bash-shared 23-19.1

I created an alias for it:

alias eosu='eos-update --yay'
4 Likes

Done. No issues on my end.

3 Likes