Warning/Error during system update (Public keyring not found / signature is unknown trust)

Shamshiel · September 24, 2023, 3:51am

Wanted to do a system update today and running into the following issue:

:: Proceed with installation? [Y/n] Y
:: Retrieving packages...
 mesa-1:23.1.8-1-x86_64                          15,1 MiB  16,8 MiB/s 00:01 [------------------------------------------] 100%
 lib32-mesa-1:23.1.8-1-x86_64                    13,2 MiB  29,0 MiB/s 00:00 [------------------------------------------] 100%
 gst-plugins-bad-libs-1.22.6-1-x86_64             2,4 MiB  22,4 MiB/s 00:00 [------------------------------------------] 100%
 gst-plugins-base-libs-1.22.6-1-x86_64            2,2 MiB  12,8 MiB/s 00:00 [------------------------------------------] 100%
 gstreamer-1.22.6-1-x86_64                     1836,4 KiB  17,4 MiB/s 00:00 [------------------------------------------] 100%
 lib32-gst-plugins-base-libs-1.22.6-1-x86_64   1592,9 KiB  15,1 MiB/s 00:00 [------------------------------------------] 100%
 freerdp-2:2.11.2-1-x86_64                     1589,4 KiB  14,5 MiB/s 00:00 [------------------------------------------] 100%
 shadow-4.14.0-3-x86_64                        1171,9 KiB  16,3 MiB/s 00:00 [------------------------------------------] 100%
 gst-plugins-bad-1.22.6-1-x86_64               1112,0 KiB  17,2 MiB/s 00:00 [------------------------------------------] 100%
 lib32-gstreamer-1.22.6-1-x86_64               1038,7 KiB  10,6 MiB/s 00:00 [------------------------------------------] 100%
 lib32-sqlite-3.43.1-1-x86_64                   693,6 KiB  11,3 MiB/s 00:00 [------------------------------------------] 100%
 lib32-vkd3d-1.9-1-x86_64                       410,8 KiB  6,69 MiB/s 00:00 [------------------------------------------] 100%
 rsync-3.2.7-5-x86_64                           335,3 KiB  4,25 MiB/s 00:00 [------------------------------------------] 100%
 gst-plugins-base-1.22.6-1-x86_64               322,2 KiB  4,49 MiB/s 00:00 [------------------------------------------] 100%
 lib32-gmp-6.3.0-1-x86_64                       290,8 KiB  3,74 MiB/s 00:00 [------------------------------------------] 100%
 virtualbox-host-modules-arch-7.0.10-18-x86_64  273,7 KiB  2,52 MiB/s 00:00 [------------------------------------------] 100%
 lib32-libcups-2.4.7-1-x86_64                   246,1 KiB  2,58 MiB/s 00:00 [------------------------------------------] 100%
 gst-plugins-ugly-1.22.6-1-x86_64               211,4 KiB  3,13 MiB/s 00:00 [------------------------------------------] 100%
 libsecret-0.21.1-1-x86_64                      188,7 KiB  2,39 MiB/s 00:00 [------------------------------------------] 100%
 gst-libav-1.22.6-1-x86_64                       95,5 KiB  1447 KiB/s 00:00 [------------------------------------------] 100%
 lib32-libva-2.20.0-1-x86_64                     86,4 KiB  1543 KiB/s 00:00 [------------------------------------------] 100%
 python-python-socks-2.4.2-1-any                 79,8 KiB  1140 KiB/s 00:00 [------------------------------------------] 100%
 lib32-tdb-1.4.9-1-x86_64                        42,3 KiB   741 KiB/s 00:00 [------------------------------------------] 100%
 gtk-update-icon-cache-1:4.12.2-1-x86_64         17,4 KiB   259 KiB/s 00:00 [------------------------------------------] 100%
 python-aiohttp-socks-0.8.2-1-any                16,5 KiB   275 KiB/s 00:00 [------------------------------------------] 100%
 python-trove-classifiers-2023.9.19-1-any        14,9 KiB   266 KiB/s 00:00 [------------------------------------------] 100%
 filesystem-2023.09.18-1-any                     14,4 KiB   425 KiB/s 00:00 [------------------------------------------] 100%
 lib32-libxss-1.2.4-1-x86_64                      6,9 KiB   116 KiB/s 00:00 [------------------------------------------] 100%
 pambase-20230918-1-any                           3,1 KiB  55,2 KiB/s 00:00 [------------------------------------------] 100%
 vivaldi-6.2.3105.51-1-x86_64                   102,8 MiB  15,8 MiB/s 00:06 [------------------------------------------] 100%
 chromium-117.0.5938.92-2-x86_64                 93,2 MiB  14,0 MiB/s 00:07 [------------------------------------------] 100%
 linux-headers-6.5.4.arch2-1-x86_64              24,5 MiB  3,65 MiB/s 00:07 [------------------------------------------] 100%
 linux-6.5.4.arch2-1-x86_64                     127,4 MiB  7,22 MiB/s 00:18 [------------------------------------------] 100%
 Total (33/33)                                  392,4 MiB  22,2 MiB/s 00:18 [------------------------------------------] 100%
(33/33) checking keys in keyring                                            [------------------------------------------] 100%
warning: Public keyring not found; have you run 'pacman-key --init'?
(33/33) checking package integrity                                          [------------------------------------------] 100%
error: filesystem: signature from "David Runge <dvzrv@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/filesystem-2023.09.18-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]

Is that a general issue or only on my system? How should I proceed? Should I interrupt the update with “CRTL + C”? Is that safe to do at this point?

Never had such an issue during an update so some guidance would be appreciated.

Noctem · September 24, 2023, 4:25am

Not sure if I can help, though have you tried running pacman-key --init as stated by pacman? There seem to be an issue with one of the PGP signatures of one of the maintainers.

Also, has the update proceeded or it aborted?

I updated minutes ago without any issue.

smokey · September 24, 2023, 4:31am

Try this then update
pacman -Sy archlinux-keyring

Shamshiel · September 24, 2023, 4:31am

The update is currently still at the above mentioned question/step:

warning: Public keyring not found; have you run 'pacman-key --init'?
(33/33) checking package integrity                                          [------------------------------------------] 100%
error: filesystem: signature from "David Runge <dvzrv@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/filesystem-2023.09.18-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]

Is it safe to just cancel the update with “CTRL + C” at this point?

smokey · September 24, 2023, 4:33am

I think so as it hasn’t actually updated anything yet it’s only downloaded the packages, I would normally just hit “n” and let it cancel out by itself

Shamshiel · September 24, 2023, 4:36am

❯ sudo pacman -Sy archlinux-keyring
:: Synchronizing package databases...
 endeavouros is up to date
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
warning: archlinux-keyring-20230918-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Package (1)             Old Version  New Version  Net Change

core/archlinux-keyring  20230918-1   20230918-1     0,00 MiB

Total Installed Size:  1,62 MiB
Net Upgrade Size:      0,00 MiB

:: Proceed with installation? [Y/n] Y
(1/1) checking keys in keyring                                              [------------------------------------------] 100%
warning: Public keyring not found; have you run 'pacman-key --init'?
downloading required keys...
error: keyring is not writable
error: required key missing from keyring
error: failed to commit transaction (could not find or read file)
Errors occurred, no packages were upgraded.

smokey · September 24, 2023, 4:39am

Sorry I missed this before and see what @Noctem was referring to, try running this then see if can update

Shamshiel · September 24, 2023, 4:41am

sudo pacman-key --init
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key…
gpg: revocation certificate stored as ‘/etc/pacman.d/gnupg/openpgp-revocs.d/73100B7AC6F89462A1E386FDD42D6758176F2E66.rev’
gpg: Done
==> Updating trust database…
gpg: public key of ultimately trusted key 69AB3CF722FEA55C not found
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
==> ERROR: Trust database could not be updated.

I don’t know why but something seems to be broken on my system…

smokey · September 24, 2023, 4:45am

Hmm, this is a bit beyond me, the closest soultion I can find on the forum is this (I’d read through the whole post). Sorry I can’t be of anymore help at the moment.

Shamshiel · September 24, 2023, 5:01am

Yeah, after looking through this thread I tried the solution of @pebcak and now it works again.

This is what I did:

sudo mv /etc/pacman.d/gnupg /etc/pacman.d/gnupg.bak
sudo pacman-key --init
sudo pacman-key --populate archlinux endeavouros
sudo pacman -Syy archlinux-keyring endeavouros-keyring
sudo pacman -Su

So, from what I gather, these commands are like giving the keyring a fresh start. I’m a bit puzzled why this was the way to go, though. If anyone’s got some insights into what might have tangled up my keyring in the first place, I’m all ears!

smokey · September 24, 2023, 5:02am

Glad to hear you were able to solve it

Shamshiel · September 24, 2023, 5:03am

Yeah, thank you and @Noctem for helping me.

BONK · September 24, 2023, 3:01pm

I always follow this when these issues pop up:

[FAQ] Issues with “signature is marginal trust”, “signature is unknown trust”, or “invalid or corrupted package” - General system / Newbie - EndeavourOS

rubi1200 · October 7, 2023, 7:20am

This also fixed the issue for me. What I am curious to know is why this happened on a freshly installed system with no changes or customizations made.

New Arch user, loving it so far.

EDIT: while the fix did seem to work as far as updating/upgrading is concerned I now have a new problem.

The laptop will not shut down gracefully and I am forced to do a manual hard power down.

As I said, this is a fresh install with no changes. I then reinstalled the system and powering off is normal, i.e. gracefully.

If anyone knows what happened or how to prevent the issue I would be more than happy to know.

r0ckhopper · October 7, 2023, 11:19am

Welcome to the forum @rubi1200