Yeah, normal update should work for now, but later it might not work anymore. That’s why this thread.
It is a done deal. EnOS arm aarch64 github repo has the updated keyring.
It is already at the Alpix mirror ready to sync the remaining mirrors.
Can someone point me to an article where the concept of this keyring is explained and why it is necessary to update it like this?
Seems to be for ppl how know more than I do.
The keyring package contains all (public) GPG keys of the packagers.
Packagers sign their packages with their (private) GPG key.
pacman validates all packages prior to installation if they were signed with any of these “trusted” keys contained in the keyring. (Thus you can be sure a package was built by an “official packager” and it has not been tampered with. A mirror could otherwise serve whatever garbage it wants and you’d install it blindly)
Now if a packager changes their signing keys (or there is a new packager with a new key) and starts signing packages with it, this new key needs to be in the keyring obviously, otherwise pacman will reject installing it. Thus you sometimes need to update the keyring package (to get this new key(s) being trusted) before installing any other packages.
Now that is a very simplified explanation. For more details, see:
Done, thank you @manuel . For anyone confused, just run the suggested two commands, there should be no issues.
@manuel thanks for pointing out. Done without any issues
thanks … i was just thinking… may i write some details about what the hell is a keyring ?
From this side of the counter it all looks completely natural and is nothing that surprises us… but from the other side you are handed a colorful cocktail…
hmmmm now i want to write an article about encryption and keys and rings in general…
Top notch idea.
There is always the wiki option
However, this news plugin would be cool too, as a way to put information/articles front and foremost
@manuel , thanks for the notice. Thanks that EOS
welcome pointed out there was new Software News. I find that I very good way to get my attention , especially for someone who spends much time offline
thank you manuel, thist worked for me. found link to this on the arch (aur) linux package forum.
:: File /var/cache/pacman/pkg/yay-12.0.5-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
Issue solved. Thank you
Ran in to a mild issue, thought I’d share just in case anyone else hit it.
Just running yay or sudo pacman -Syu, there was an update for yay and the keyring.
yay failed to update citing corruption or invalid key.
The trick was to run yay, skip the yay update, and allow the keyring update to apply first, then update yay.
I tried all the manual keyring clear and update to no avail, in the end it was, as it usually is, an order of operations issue.
That’s not related to the keyring, so you should open a new topic for your issue.
Personally, I prefer to use the eos-update script for updating. That checks for current keyrings before the system update and does a few other useful things.
This means that most keyring problems do not occur.
LANG=C pacman -Qo "$(type -p eos-update)"
/usr/bin/eos-update is owned by eos-bash-shared 23-19.1
I created an alias for it:
alias eosu='eos-update --yay'
Done. No issues on my end.
Good afternoon EOS community
After doing the procedure described in this thread, the update of the system went OK but after rebooting Plasma appears with glitches as shown on the screenshot provided. It happens with both stable and xanmod kernels.
Any suggestions are welcome. Thanks in advance.
Thank you so much, I’ll take a look at that thread.
Uuh, thanks for the info !!
I had problems with GPG, but now it’s blown away.
I also have an update-script and like to integrate this.
How do you use the 2 lines in your script?
Only C’n’P or …?