ALHP
/
ALHP.GO
6
34
Fork 9
Code Issues 30 Pull Requests Projects Releases Wiki Activity

Include alph-keyring, alhp-mirrors in repo #133

New Issue
Open
opened 2022-07-11 20:18:20 +02:00 by JackCasual · 8 comments
JackCasual commented 2022-07-11 20:18:20 +02:00
Copy Link

Signature seems to have expired, blocking updates

$ pacman -Syu
error: core-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is unknown trust
error: extra-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is unknown trust
error: community-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is unknown trust
error: database 'core-x86-64-v3' is not valid (invalid or corrupted database (PGP signature))
error: database 'extra-x86-64-v3' is not valid (invalid or corrupted database (PGP signature))
error: database 'community-x86-64-v3' is not valid (invalid or corrupted database (PGP signature))

$ pacman-key --list-keys
pub   rsa4096 2020-08-12 [SC] [expired: 2022-07-09]
      0D4D2FDAF45468F3DDF59BEDE3D0D2CD3952E298
uid           [ expired] Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>
Signature seems to have expired, blocking updates ``` $ pacman -Syu error: core-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is unknown trust error: extra-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is unknown trust error: community-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is unknown trust error: database 'core-x86-64-v3' is not valid (invalid or corrupted database (PGP signature)) error: database 'extra-x86-64-v3' is not valid (invalid or corrupted database (PGP signature)) error: database 'community-x86-64-v3' is not valid (invalid or corrupted database (PGP signature)) ``` ``` $ pacman-key --list-keys pub rsa4096 2020-08-12 [SC] [expired: 2022-07-09] 0D4D2FDAF45468F3DDF59BEDE3D0D2CD3952E298 uid [ expired] Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev> ```
❤️ 1
anonfunc commented 2022-07-11 20:28:54 +02:00
Owner
Copy Link

What's your version of alhp-keyring?

What's your version of [alhp-keyring](https://aur.archlinux.org/packages/alhp-keyring)?
JackCasual commented 2022-07-11 20:43:14 +02:00
Author
Copy Link

I have just this one package.

$ pacman -Qs alhp
local/alhp-repo 20211125-1
    ALHP Repository

I will get alhp-keyring...

I have just this one package. ``` $ pacman -Qs alhp local/alhp-repo 20211125-1 ALHP Repository ``` I will get alhp-keyring...
JackCasual commented 2022-07-11 20:45:43 +02:00
Author
Copy Link
$ makepkg
==> Making package: alhp-keyring 20220522-1 (2022-07-11T20:44:38 CEST)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Downloading alhp-keyring-20220522.tar.gz...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 18171  100 18171    0     0    99k      0 --:--:-- --:--:-- --:--:--  100k
  -> Downloading alhp-keyring-20220522.tar.gz.sig...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   566  100   566    0     0   4053      0 --:--:-- --:--:-- --:--:--  4101
==> Validating source files with b2sums...
    alhp-keyring-20220522.tar.gz ... Passed
    alhp-keyring-20220522.tar.gz.sig ... Skipped
==> Verifying source file signatures with gpg...
    alhp-keyring-20220522.tar.gz ... FAILED (unknown public key 48998B4039BED1CA)
==> ERROR: One or more PGP signatures could not be verified!
``` $ makepkg ==> Making package: alhp-keyring 20220522-1 (2022-07-11T20:44:38 CEST) ==> Checking runtime dependencies... ==> Checking buildtime dependencies... ==> Retrieving sources... -> Downloading alhp-keyring-20220522.tar.gz... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 18171 100 18171 0 0 99k 0 --:--:-- --:--:-- --:--:-- 100k -> Downloading alhp-keyring-20220522.tar.gz.sig... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 566 100 566 0 0 4053 0 --:--:-- --:--:-- --:--:-- 4101 ==> Validating source files with b2sums... alhp-keyring-20220522.tar.gz ... Passed alhp-keyring-20220522.tar.gz.sig ... Skipped ==> Verifying source file signatures with gpg... alhp-keyring-20220522.tar.gz ... FAILED (unknown public key 48998B4039BED1CA) ==> ERROR: One or more PGP signatures could not be verified! ```
anonfunc added the
support
 label 2022-07-11 20:45:56 +02:00
anonfunc commented 2022-07-11 20:46:48 +02:00
Owner
Copy Link

Please read the AUR User Guidelines before using the AUR.

Please read the [AUR User Guidelines](https://wiki.archlinux.org/title/Arch_User_Repository) before using the AUR.
JackCasual commented 2022-07-11 20:54:02 +02:00
Author
Copy Link

A nice version of RTFM thanks ;)
Wouldn't a good solution be: To have the alhp-keyring package in the alhp repos so it gets updated when your keys expire?

A nice version of RTFM thanks ;) Wouldn't a good solution be: To have the alhp-keyring package in the alhp repos so it gets updated when your keys expire?
anonfunc commented 2022-07-11 20:57:06 +02:00
Owner
Copy Link

Yep, that would be nice, and is already on the todo.

That aside, that would not have prevented this issue (probably).

Yep, that would be nice, and is already on the [todo](https://git.harting.dev/ALHP/ALHP.GO/issues/38#issuecomment-911). That aside, that would not have prevented this issue (probably).
👍 1
JackCasual commented 2022-07-11 21:08:43 +02:00
Author
Copy Link

Yes it would have prevented this issue definitely.
Because the linked AUR manual has nothing to say about your specific keyring delivery.
At least the instructions on the frontpage are missing the fact: You have to manually track update to alhp-keyring in the AUR.
So lets make this an enhancement or warning to users issue :D

Yes it would have prevented this issue definitely. Because the linked AUR manual has nothing to say about your specific keyring delivery. At least the instructions on the frontpage are missing the fact: You have to manually track update to alhp-keyring in the AUR. So lets make this an enhancement or warning to users issue :D
anonfunc commented 2022-07-11 21:12:45 +02:00
Owner
Copy Link

Sure, we can track the inclusion here.

Sure, we can track the inclusion here.
anonfunc added
enhancement
 and removed
support
 labels 2022-07-11 21:12:53 +02:00
anonfunc changed title from Failed to update because signature expired to Include alph-keyring, alhp-mirrors in repo 2022-07-11 21:13:13 +02:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
Labels
Clear labels   
blocked upstream

   
bug

Something is not working

  
build-failure

package build fails because of our added buildflags

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
informational

Provides information about something

  
invalid

Something is wrong

  
invalid/corrupt package

Package needs to be rebuild

  
packaging issue

   
priority: high

High priority

  
question

More information is needed

  
support

   
wontfix

This won't be fixed

No Label
blocked upstream
bug
build-failure
duplicate
enhancement
help wanted
informational
invalid
invalid/corrupt package
packaging issue
priority: high
question
support
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ALHP/ALHP.GO#133
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?