Bug #3177
[archlinux32-keyring]: prevents system upgrade (along with a few other concerns)
0%
Description
I can't upgrade my system because pacman has a new dependency (archlinux32-keyring) which is signed with a key that is not available in pacman-keyring.
- steps to reproduce:
1) # pacman -Syyu
- expected result:
System upgrade with no errors
- actual result:
pacman fails to upgrade the system at the signature check stage: archlinux32-keyring signature is unknown trust
- have tried unsuccessfully: * running `pacman-key --refresh-keys`; gpg exits with "Server indicated a failure" error * cleaning pacman cache, completely updating repositories, reinstalling parabola-keyring * manually running `pacman-key --populate parabola` manually
What is odd to me is this pacman dependency. The wiki states that archlinuxarm-keyring is only required for ARM users and archlinux32-keyring is for i386 users. Why are x86_64 users required to install these?
Another issue is the keyserver used by pacman-key, `pgp.cyberbits.eu`. It works on HTTP, but not on HTTPS. I am not sure if the Parabola devs chose this specific keyserver or if it was Arch Linux's, but I thought I'd just let people here know about this.
History
Updated by Jetpack about 2 years ago
I forgot to link the wiki page that states the target users for those keyrings: https://wiki.parabola.nu/Parabola_Keyring. I can't edit the original issue so I'll just link it here.
I should also mention that I tried to run pacman-key with the MIT keyserver (hkps://pgp.mit.edu) and the Cyberbits one (hkps://pgp.cyberbits.eu) and they also give the same error.
Updated by bill-auger about 2 years ago
- Assignee set to bill-auger
- Status changed from unconfirmed to confirmed
- Subject changed from Missing key on parabola-keyring prevents system upgrade (along with a few other concerns) to [archlinux32-keyring]: prevents system upgrade (along with a few other concerns)
archlinux32-keyring 20220131-1.1.parabola1 fixes this
archlinux32-keyring is needed because there are some packages which come from archlinux32 (PCMCIA support for example)
normally, parabola users never need to run `pacman-key --referesh`, nor to contact any keyserver - it is best avoided, and easily avoided, by installing new keyring packages, as they become available - it is useful only very rarely, if pacman's keyring is broken entirely - even in that case, --refresh is usually not needed to repair the keyring
your situation was due to a missing keyring package - all that any parabola user needed to do, was to open a bug report about it, and wait for the fix - i packaged it a few days ago and forgot to publish it - that is corrected now