ALHP/ALHP.GO
6
42
Fork 9
Code Issues 25 Pull Requests Projects Releases Wiki Activity

Invalid signature #100

New Issue
Closed
opened 2022-02-21 01:46:17 +01:00 by Beyley · 24 comments
Beyley commented 2022-02-21 01:46:17 +01:00
Copy Link

Whenever i attempt to install or update anything, i get a signature error that blocks it

error: community-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) cie@harting.dev" is invalid
error: database 'community-x86-64-v3' is not valid (invalid or corrupted database (PGP signature))

Whenever i attempt to install or update anything, i get a signature error that blocks it error: community-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is invalid error: database 'community-x86-64-v3' is not valid (invalid or corrupted database (PGP signature))
anonfunc commented 2022-02-21 03:46:00 +01:00
Owner
Copy Link

What mirror do you use? It may be related to #82.

What mirror do you use? It may be related to #82.
Beyley commented 2022-02-21 07:11:21 +01:00
Author
Copy Link

What mirror do you use? If may be related to #82.

mirror

> What mirror do you use? If may be related to #82. ![mirror](https://i.beyleyisnot.moe/nrU2IBs.png)
anonfunc commented 2022-02-21 18:13:59 +01:00
Owner
Copy Link

Since this is @incognico 's mirror I can only poke him and recommend that you switch to another mirror if your problem persists. Nothing more I can do here at the moment.

@incognico Maybe signature and db are not matching? That's the only reasoning I can come up with. Maybe they are not expired simultaneously? (either sig or db itself is newer/older then the other one)

Since this is @incognico 's mirror I can only poke him and recommend that you switch to another mirror if your problem persists. Nothing more I can do here at the moment. @incognico Maybe signature and db are not matching? That's the only reasoning I can come up with. Maybe they are not expired simultaneously? (either sig or db itself is newer/older then the other one)
Beyley commented 2022-02-22 03:23:58 +01:00
Author
Copy Link

Switching mirror did fix the problem, i guess this issue should be kept open until the problem with the mirror is solved

Switching mirror did fix the problem, i guess this issue should be kept open until the problem with the mirror is solved
👍 1
anonfunc added the
bug
 label 2022-02-22 07:57:54 +01:00
incognico commented 2022-04-09 12:19:07 +02:00
Copy Link

Sorry but I don't why this happens. Could also not reproduce it by myself.
I have lowered the max-age for non-pkgs to less than the sync interval now, it was higher before. It is a guess but let's hope it helps.

Sorry but I don't why this happens. Could also not reproduce it by myself. I have lowered the max-age for non-pkgs to less than the sync interval now, it was higher before. It is a guess but let's hope it helps.
👍 1
Althorion commented 2022-05-13 13:13:35 +02:00
Copy Link

I started to get the same error today. I’ve checked all four official mirrors, but all of them seem to have the same problem. Have the keys changed or something?

I started to get the same error today. I’ve checked all four official mirrors, but all of them seem to have the same problem. Have the keys changed or something?
anonfunc commented 2022-05-13 13:49:38 +02:00
Owner
Copy Link

Not to my knowledge. Are you using alhp-keyring?

Not to my knowledge. Are you using `alhp-keyring`?
Althorion commented 2022-05-13 13:57:00 +02:00
Copy Link

Yes. I’ve tried to rebuild it—it is exactly the same, but I’ve reinstalled it just in case. I’ve tried pacman -Syyu. I’ve tried manually adding the keys with pacman-key --recv-keys and pacman-key --lsign-key. I’ve tried pacman -Scc. Still no dice.

Anything else I can try?

Yes. I’ve tried to rebuild it—it is exactly the same, but I’ve reinstalled it just in case. I’ve tried `pacman -Syyu`. I’ve tried manually adding the keys with `pacman-key --recv-keys` and `pacman-key --lsign-key`. I’ve tried `pacman -Scc`. Still no dice. Anything else I can try?
anonfunc commented 2022-05-13 14:01:52 +02:00
Owner
Copy Link

You can have a look at

pacman-key --list-keys 0D4D2FDAF45468F3DDF59BEDE3D0D2CD3952E298

That should list the alhp buildbot key.

You can have a look at ``` pacman-key --list-keys 0D4D2FDAF45468F3DDF59BEDE3D0D2CD3952E298 ``` That should list the alhp buildbot key.
Althorion commented 2022-05-13 14:03:03 +02:00
Copy Link

I already have it:

pub   rsa4096 2020-08-12 [SC] [expires: 2022-07-09]
      0D4D2FDAF45468F3DDF59BEDE3D0D2CD3952E298
uid           [  full  ] Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>
I already have it: ``` pub rsa4096 2020-08-12 [SC] [expires: 2022-07-09] 0D4D2FDAF45468F3DDF59BEDE3D0D2CD3952E298 uid [ full ] Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev> ```
anonfunc commented 2022-05-13 14:06:15 +02:00
Owner
Copy Link

Can you give us the exact error message you get?

Can you give us the exact error message you get?
Althorion commented 2022-05-13 14:07:46 +02:00
Copy Link

Same as the one from the original post:

sudo pacman -Syu
error: community-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is invalid
:: Synchronising package databases...
community-x86-64-v3.db              100%[================================================================>]   2.95M  1.04MB/s    in 2.8s    
error: community-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is invalid
error: failed to synchronize all databases (unexpected error)
Same as the one from the original post: ``` sudo pacman -Syu error: community-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is invalid :: Synchronising package databases... community-x86-64-v3.db 100%[================================================================>] 2.95M 1.04MB/s in 2.8s error: community-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is invalid error: failed to synchronize all databases (unexpected error) ```
anonfunc commented 2022-05-13 14:19:38 +02:00
Owner
Copy Link

Well, I can not reproduce it for alhp.harting.dev/alhp.anonfunc.dev. You are sure you switched mirrors?

Well, I can not reproduce it for `alhp.harting.dev`/`alhp.anonfunc.dev`. You are sure you switched mirrors?
Althorion commented 2022-05-13 14:27:29 +02:00
Copy Link

Yes. I’ve checked all four mirrors from the alhp-mirrorlist, and I get the same error on all of them. Both core-x86-64-v3 and extra-x86-64-v3 are fine, it’s only the community-x86-64-v3 that causes problems.

Yes. I’ve checked all four mirrors from the alhp-mirrorlist, and I get the same error on all of them. Both `core-x86-64-v3` and `extra-x86-64-v3` are fine, it’s only the `community-x86-64-v3` that causes problems.
Althorion commented 2022-05-13 14:33:13 +02:00
Copy Link
$ grep -A 3 "\[community-x86-64-v3\]" /etc/pacman.conf
[community-x86-64-v3]
Include = /etc/pacman.d/alhp-mirrorlist

[core]
$ cat /etc/pacman.d/alhp-mirrorlist
##
## ALHP repository mirrorlist
## Updated on 2021-11-25
## https://git.harting.dev/anonfunc/alhp-mirrorlist
##

## Europe
#Server = https://alhp.panibrez.com/$repo/os/$arch/
Server = https://alhp.harting.dev/$repo/os/$arch/

## Worldwide (Cloudfare)
#Server = https://alhp.krautflare.de/$repo/os/$arch/

## North America
#Server = https://www.gardling.com/alhp/$repo/os/$arch/

$ sudo pacman -Syyu
error: community-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is invalid
:: Synchronising package databases...
core-x86-64-v3.db                   100%[================================================================>] 147.71K   490KB/s    in 0.3s    
extra-x86-64-v3.db                  100%[================================================================>]   1.49M  1.67MB/s    in 0.9s    
community-x86-64-v3.db              100%[================================================================>]   2.95M  2.14MB/s    in 1.4s    
core.db                             100%[================================================================>] 155.33K  --.-KB/s    in 0.1s    
extra.db                            100%[================================================================>]   1.68M  1.02MB/s    in 1.6s    
community.db                        100%[================================================================>]   6.61M  1.75MB/s    in 4.2s    
multilib.db                         100%[================================================================>] 172.77K  --.-KB/s    in 0.1s    
error: community-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is invalid
error: failed to synchronize all databases (unexpected error)

$ cat /etc/pacman.d/alhp-mirrorlist
##
## ALHP repository mirrorlist
## Updated on 2021-11-25
## https://git.harting.dev/anonfunc/alhp-mirrorlist
##

## Europe
#Server = https://alhp.panibrez.com/$repo/os/$arch/
#Server = https://alhp.harting.dev/$repo/os/$arch/

## Worldwide (Cloudfare)
Server = https://alhp.krautflare.de/$repo/os/$arch/

## North America
#Server = https://www.gardling.com/alhp/$repo/os/$arch/

$ sudo pacman -Syyu
error: community-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is invalid
:: Synchronising package databases...
core-x86-64-v3.db                   100%[================================================================>] 147.71K   736KB/s    in 0.2s    
extra-x86-64-v3.db                  100%[================================================================>]   1.49M  1.30MB/s    in 1.2s    
community-x86-64-v3.db              100%[================================================================>]   2.95M  1.04MB/s    in 2.8s    
core.db                             100%[================================================================>] 155.33K   742KB/s    in 0.2s    
extra.db                            100%[================================================================>]   1.68M  1.07MB/s    in 1.6s    
community.db                        100%[================================================================>]   6.61M  1.43MB/s    in 5.1s    
multilib.db                         100%[================================================================>] 172.77K  1.12MB/s    in 0.2s    
error: community-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is invalid
error: failed to synchronize all databases (unexpected error)

And so on, for the other two.

``` $ grep -A 3 "\[community-x86-64-v3\]" /etc/pacman.conf [community-x86-64-v3] Include = /etc/pacman.d/alhp-mirrorlist [core] $ cat /etc/pacman.d/alhp-mirrorlist ## ## ALHP repository mirrorlist ## Updated on 2021-11-25 ## https://git.harting.dev/anonfunc/alhp-mirrorlist ## ## Europe #Server = https://alhp.panibrez.com/$repo/os/$arch/ Server = https://alhp.harting.dev/$repo/os/$arch/ ## Worldwide (Cloudfare) #Server = https://alhp.krautflare.de/$repo/os/$arch/ ## North America #Server = https://www.gardling.com/alhp/$repo/os/$arch/ $ sudo pacman -Syyu error: community-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is invalid :: Synchronising package databases... core-x86-64-v3.db 100%[================================================================>] 147.71K 490KB/s in 0.3s extra-x86-64-v3.db 100%[================================================================>] 1.49M 1.67MB/s in 0.9s community-x86-64-v3.db 100%[================================================================>] 2.95M 2.14MB/s in 1.4s core.db 100%[================================================================>] 155.33K --.-KB/s in 0.1s extra.db 100%[================================================================>] 1.68M 1.02MB/s in 1.6s community.db 100%[================================================================>] 6.61M 1.75MB/s in 4.2s multilib.db 100%[================================================================>] 172.77K --.-KB/s in 0.1s error: community-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is invalid error: failed to synchronize all databases (unexpected error) $ cat /etc/pacman.d/alhp-mirrorlist ## ## ALHP repository mirrorlist ## Updated on 2021-11-25 ## https://git.harting.dev/anonfunc/alhp-mirrorlist ## ## Europe #Server = https://alhp.panibrez.com/$repo/os/$arch/ #Server = https://alhp.harting.dev/$repo/os/$arch/ ## Worldwide (Cloudfare) Server = https://alhp.krautflare.de/$repo/os/$arch/ ## North America #Server = https://www.gardling.com/alhp/$repo/os/$arch/ $ sudo pacman -Syyu error: community-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is invalid :: Synchronising package databases... core-x86-64-v3.db 100%[================================================================>] 147.71K 736KB/s in 0.2s extra-x86-64-v3.db 100%[================================================================>] 1.49M 1.30MB/s in 1.2s community-x86-64-v3.db 100%[================================================================>] 2.95M 1.04MB/s in 2.8s core.db 100%[================================================================>] 155.33K 742KB/s in 0.2s extra.db 100%[================================================================>] 1.68M 1.07MB/s in 1.6s community.db 100%[================================================================>] 6.61M 1.43MB/s in 5.1s multilib.db 100%[================================================================>] 172.77K 1.12MB/s in 0.2s error: community-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is invalid error: failed to synchronize all databases (unexpected error) ``` And so on, for the other two.
anonfunc commented 2022-05-13 14:45:43 +02:00
Owner
Copy Link

Signature on community-x86-64-v3 is fine on the server:

gpg: assuming signed data in 'community-x86-64-v3/os/x86_64/community-x86-64-v3.db.tar.xz'
gpg: Signature made Fri 13 May 2022 14:14:30 CEST
gpg:                using RSA key 0D4D2FDAF45468F3DDF59BEDE3D0D2CD3952E298
gpg: Good signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" [ultimate]

And I get no verification error on my multiple machines running this repo as well. Whatever it is, currently I can only conclude it must be on your side somehow. Nuking the pacman keyring and repopulating it crossed my mind, but that is the nuclear option.

Signature on `community-x86-64-v3` is fine on the server: ``` gpg: assuming signed data in 'community-x86-64-v3/os/x86_64/community-x86-64-v3.db.tar.xz' gpg: Signature made Fri 13 May 2022 14:14:30 CEST gpg: using RSA key 0D4D2FDAF45468F3DDF59BEDE3D0D2CD3952E298 gpg: Good signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" [ultimate] ``` And I get no verification error on my multiple machines running this repo as well. Whatever it is, currently I can only conclude it must be on your side somehow. Nuking the pacman keyring and repopulating it crossed my mind, but that is the nuclear option.
😕 1
Althorion commented 2022-05-13 17:29:42 +02:00
Copy Link

Nuclear option wasn’t enough. If anybody has any other ideas, I’d be glad to test them.

EDIT:
The exact commands I’ve used: rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux && pacman -U alhp-keyring-20211125-1-any.pkg.tar

Nuclear option wasn’t enough. If anybody has any other ideas, I’d be glad to test them. EDIT: The exact commands I’ve used: `rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux && pacman -U alhp-keyring-20211125-1-any.pkg.tar`
Althorion commented 2022-05-16 13:56:08 +02:00
Copy Link

I start to believe it might be connected to the optimisations introducing bugs to Pacman/downloader/verifier/whatever.

Why? Because if I comment out the repositories and pacman -Syuu with the official repos, and then uncomment the repositories, they sync and verify just fine; but any syncing after installing the optimised versions from the repo fail. With the Pacman’s default XferCommand it errors on the signature verification, as above, but if I switch to wget instead, I get this:

error: could not read db 'core-x86-64-v3' (Lzma library error: Corrupted input data)
error: could not read db 'core-x86-64-v3' (Lzma library error: Corrupted input data)
error: could not read db 'core-x86-64-v3' (Lzma library error: Corrupted input data)
error: could not read db 'core-x86-64-v3' (Lzma library error: Corrupted input data)
error: could not read db 'core-x86-64-v3' (Lzma library error: Corrupted input data)
…

(going on until you ^c it)

I start to believe it might be connected to the optimisations introducing bugs to Pacman/downloader/verifier/whatever. Why? Because if I comment out the repositories and `pacman -Syuu` with the official repos, and _then_ uncomment the repositories, they sync and verify just fine; but any syncing after installing the optimised versions from the repo fail. With the Pacman’s default `XferCommand` it errors on the signature verification, as above, but if I switch to `wget` instead, I get this: ``` error: could not read db 'core-x86-64-v3' (Lzma library error: Corrupted input data) error: could not read db 'core-x86-64-v3' (Lzma library error: Corrupted input data) error: could not read db 'core-x86-64-v3' (Lzma library error: Corrupted input data) error: could not read db 'core-x86-64-v3' (Lzma library error: Corrupted input data) error: could not read db 'core-x86-64-v3' (Lzma library error: Corrupted input data) … ``` (going on until you ^c it)
anonfunc commented 2022-05-16 14:24:53 +02:00
Owner
Copy Link

Can you try downgrading xz (to official repo versions) when that problem occurs and see if that fixes it?

Can you try downgrading `xz` (to official repo versions) when that problem occurs and see if that fixes it?
Althorion commented 2022-05-16 14:37:34 +02:00
Copy Link

Seems to help, thanks for the advice.

Will keep an eye on it to see if it will cause any problems in the nearest future and that it indeed was the issue (and not something else). I don’t think any actions should be taken just yet, I’d give it a week or so—but that’s, of course, up to you.

Seems to help, thanks for the advice. Will keep an eye on it to see if it will cause any problems in the nearest future and that it indeed was the issue (and not something else). I don’t think any actions should be taken just yet, I’d give it a week or so—but that’s, of course, up to you.
anonfunc commented 2022-05-16 14:51:23 +02:00
Owner
Copy Link

I queued xz for a rebuild, just to see if that fixes it. If not we have to dig deeper, maybe LTO messes something up.

I queued xz for a rebuild, just to see if that fixes it. If not we have to dig deeper, maybe LTO messes something up.
👍 1
anonfunc commented 2022-05-16 15:16:13 +02:00
Owner
Copy Link

Please try xz-5.2.5-3.2.

Please try `xz-5.2.5-3.2`.
Althorion commented 2022-05-16 15:18:38 +02:00
Copy Link

Seems to be working fine. Thank you.

Will report back if something breaks in the future, and will remember to check against the ‘official’ xz release.

Seems to be working fine. Thank you. Will report back if something breaks in the future, and will remember to check against the ‘official’ `xz` release.
anonfunc commented 2023-05-04 16:45:42 +02:00
Owner
Copy Link

Closing this due to inactivity.

Closing this due to inactivity.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
blocked upstream
bug
Something is not working
build-failure
package build fails
duplicate
This issue or pull request already exists
enhancement
New feature
help wanted
Need some help
informational
Provides information about something
invalid
Something is wrong
invalid/corrupt package
Package needs to be rebuild
packaging issue
priority: high
High priority
question
More information is needed
support
wontfix
This won't be fixed
No Label
bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
anonfunc
No Assignees
4 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: ALHP/ALHP.GO#100
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?