Pacman Signature Fail

Just updated from a new install, and I get this error when installing new packages

error: libdca: signature from “Luca Giambonini XXX@XXXXX” is unknown trust
:: File /var/cache/pacman/pkg/libdca-0.0.5-3-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]

I’ve read thru this

pacman.conf (2.7 KB)

do this:

# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Chakra GNU/Linux
# packagers with `pacman-key --populate chakra`.

source: /etc/pacman.conf

Got some odd results or at least I haven’t seen them respond before
pacman_log.txt (6.5 KB)

it is wired…
in your pacman log is a wrong path:

[root@fred-pc fred]# pacman-key --populate Chakra
==> ERROR: The keyring file /usr/share/pacman/keyrings/Chakra.gpg does not exist.

correct is this:

[tom@donar tmp]$ LC_ALL=C pacman -Qo /usr/share/pacman/keyrings/chakra.gpg 
/usr/share/pacman/keyrings/chakra.gpg is owned by chakra-keyring 20190324-4

is chakra-keyring installed?

The error was I used Chakra instead of the correct chakra.
Yes I have chakra-keyring installed.
I see I have keys for everyone except for Luca Giambonini.
pacman_log_2.txt (2.8 KB)

how to import a key https://wiki.archlinux.org/index.php/Pacman-key#Adding_developer_keys
unfortunately i haven’t his key

I ran the command to check keys and found Luca’s has expired. Are others experiencing this?
pub rsa4096 2014-11-23 [SCEA] [expired: 2019-11-25]
5076CA6B47A352DECDDE23ABC4F76A333DB6614F
uid [ expired] Luca Giambonini gluca86@gmail.com

1 Like

I ran the command to check keys and found Luca’s has expired. Are others experiencing this?
pub rsa4096 2014-11-23 [SCEA] [expired: 2019-11-25]
5076CA6B47A352DECDDE23ABC4F76A333DB6614F
uid [ expired] Luca Giambonini gluca86@gmail.com

@AlmAck you should check this

@Fred_Talmadge

i think this problem is on your system

[tom@donar ~]$ LC_ALL=C sudo pacman -S libdca
resolving dependencies...
looking for conflicting packages...

Packages (1) libdca-0.0.5-3

Total Download Size:   0.10 MiB
Total Installed Size:  0.25 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
 libdca-0.0.5-3-x86_64            101.7 KiB   925 KiB/s 00:00 [#################################] 100%
(1/1) checking keys in keyring                                [#################################] 100%
(1/1) checking package integrity                              [#################################] 100%
(1/1) loading package files                                   [#################################] 100%
(1/1) checking for file conflicts                             [#################################] 100%
(1/1) checking available disk space                           [#################################] 100%
:: Processing package changes...
(1/1) installing libdca                                       [#################################] 100%
:: Running post-transaction hooks...
(1/1) Arming ConditionNeedsUpdate...
[tom@donar ~]$ pacman -Q chakra-keyring 
chakra-keyring 20190324-4

in that case,you may want to make sure the keys in your pacman-key db is updated via

pacman-key --refresh-keys
2 Likes

after that Luca’s signature was updated but now the problem is with the
Samir’s signature “marginal”

pub   rsa4096 2013-08-24 [SC] [expires: 2020-08-11]
      3BC891A496ADE81C474ED4F482600055EBC85A93
uid           [marginal] Samir Benmendil <me@rmz.io>
uid           [marginal] Samir Benmendil <samir.benmendil@gmail.com>
sub   rsa4096 2013-08-24 [E] [expires: 2020-08-11]
1 Like

in that case, you can
pacman-key --lsign-key 3BC891A496ADE81C474ED4F482600055EBC85A93

1 Like

or run:

sudo pacman-key --refresh-keys

to update the keys

1 Like

…or the solution for lazy people: reinstall ckakra-keyring, this will trigger all necessary actions

1 Like

Hello guys,
I have the same problem, too. Installing gimp I came up with the following errors:

error: libglade: signature from “Luca Giambonini XXX@XXXXX” is unknown trust
:: File /var/cache/pacman/pkg/libglade-2.6.4-4-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).

error: pygtk: signature from “Luca Giambonini XXX@XXXXX” is unknown trust
:: File /var/cache/pacman/pkg/pygtk-2.24.0-3-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).

following the post I launched the following commands to try to solve the problem by running the following commands:

$ sudo rm -r /etc/pacman.d/gnupg #remove all the keys installed in my system
re-add the default keys
$ sudo pacman-key --init # followed
$ sudo pacman-key --populate chakra
$ sudo pacman-key --refresh-keys
Finally
$ sudo pacman -Syu

The problem mentioned above remains. How can I fix and install gimp correctly?

(post withdrawn by author, will be automatically deleted in 64 hours unless flagged)

I’m also facing that problem at least for some packages (recently for w3m e.g.) - not sure why it still happens even after I refreshed they keys.

Anyway, my workaround in these cases is that I temporarily change my pacman.conf as @totte recommended in another thread:

Then install/update the package and revert the edit.

Hope this helps for the time being.