CDN mismatched db signatures #4

New Issue

Closed

opened 2024-10-04 18:18:13 +02:00 by ljmc2000 · 7 comments

ljmc2000 commented 2024-10-04 18:18:13 +02:00

Copy Link

error: extra-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) cie@harting.dev" is invalid
error: failed to synchronize all databases (unexpected error)
-> error refreshing databases - exit status 1

error: extra-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is invalid error: failed to synchronize all databases (unexpected error) -> error refreshing databases - exit status 1

Bad3r commented 2024-10-06 19:51:10 +02:00

Copy Link

Same issue.

❯ pacman-key -l cie@harting.dev                                          
gpg: Note: trustdb not writable
pub   rsa4096 2020-08-12 [SC] [expires: 2026-04-24]
      0D4D2FDAF45468F3DDF59BEDE3D0D2CD3952E298
uid           [  full  ] Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>

Attempted sloutions

1. Refreshing the key

❯ sudo pacman-key --refresh-keys 0D4D2FDAF45468F3DDF59BEDE3D0D2CD3952E298

gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
gpg: error retrieving 'cie@harting.dev' via WKD: No fingerprint
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key E3D0D2CD3952E298: "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

2. Resetting the keys

sudo rm -r /etc/pacman.d/gnupg/ && sudo pacman-key --init && sudo pacman-key --populate archlinux alhp

3. rebuilding the keyring

None fixed the issue.

Same issue. ```sh ❯ pacman-key -l cie@harting.dev gpg: Note: trustdb not writable pub rsa4096 2020-08-12 [SC] [expires: 2026-04-24] 0D4D2FDAF45468F3DDF59BEDE3D0D2CD3952E298 uid [ full ] Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev> ``` Attempted sloutions 1. Refreshing the key ```sh ❯ sudo pacman-key --refresh-keys 0D4D2FDAF45468F3DDF59BEDE3D0D2CD3952E298 gpg: no valid OpenPGP data found. gpg: Total number processed: 0 gpg: error retrieving 'cie@harting.dev' via WKD: No fingerprint gpg: refreshing 1 key from hkps://keyserver.ubuntu.com gpg: key E3D0D2CD3952E298: "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" not changed gpg: Total number processed: 1 gpg: unchanged: 1 ``` 2. Resetting the keys ```sh sudo rm -r /etc/pacman.d/gnupg/ && sudo pacman-key --init && sudo pacman-key --populate archlinux alhp ``` 3. rebuilding the keyring None fixed the issue.

anonfunc commented 2024-10-06 22:46:26 +02:00

Owner

Copy Link

Not sure how you jumped to the conclusion its expired, because its certainly not:

pacman-key -l cie@harting.dev                                                                                                                                                                                                    
pub   rsa4096 2020-08-12 [SC] [expires: 2026-04-24]
      0D4D2FDAF45468F3DDF59BEDE3D0D2CD3952E298
uid           [  full  ] Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>

What mirror do you use? We got a lot of reports lately that CDN mirror are having problems keeping db/sig in sync. Can you try a non-cdn mirror to confirm?

Not sure how you jumped to the conclusion its expired, because its certainly not: ```bash pacman-key -l cie@harting.dev pub rsa4096 2020-08-12 [SC] [expires: 2026-04-24] 0D4D2FDAF45468F3DDF59BEDE3D0D2CD3952E298 uid [ full ] Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev> ``` What mirror do you use? We got a lot of reports lately that CDN mirror are having problems keeping db/sig in sync. Can you try a non-cdn mirror to confirm?

ljmc2000 commented 2024-10-06 22:55:58 +02:00

Author

Copy Link

I jumped to the conclusion it expired because that sounded the most likely reason why a signing key would be invalid. That's also why I made an issue on the alhp-keyring issue tracker instead of anywhere else, because pacman said it was a key problem.

I opened /etc/pacman.d/alhp-mirrorlist in nano and commented out the 2 entries under the "## Worldwide (CDN)" heading and now my pacman -Syu is working again. Guess that was the problem. Thanks.

I jumped to the conclusion it expired because that sounded the most likely reason why a signing key would be invalid. That's also why I made an issue on the alhp-keyring issue tracker instead of anywhere else, because pacman said it was a key problem. I opened /etc/pacman.d/alhp-mirrorlist in nano and commented out the 2 entries under the "## Worldwide (CDN)" heading and now my pacman -Syu is working again. Guess that was the problem. Thanks.

ljmc2000 closed this issue 2024-10-06 22:55:58 +02:00

anonfunc commented 2024-10-06 23:03:41 +02:00

Owner

Copy Link

Not sure its a good idea to close this, I think we should try to solve this instead of recommending switching mirrors. The CDNs probably have a cache purge problem, I'll try to implement a stricter cache purge policy as soon as I find time.

Not sure its a good idea to close this, I think we should try to solve this instead of recommending switching mirrors. The CDNs probably have a cache purge problem, I'll try to implement a stricter cache purge policy as soon as I find time.

👍 1

anonfunc reopened this issue 2024-10-06 23:03:42 +02:00

anonfunc referenced this issue 2024-10-07 20:50:31 +02:00

signature from "Archlinux CIE Repos (Build 2020/2021) <cie@harting.dev>" is unknown trust #1

anonfunc referenced this issue from ALHP/ALHP.GO 2024-10-18 08:39:47 +02:00

extra-x86-64-v4: signature invalid #259

anonfunc commented 2024-10-19 16:04:52 +02:00

Owner

Copy Link

I overhauled the cache purging, lets see how that goes.

I overhauled the cache purging, lets see how that goes.

anonfunc changed title from GPG key has expired, AUR package out of date to CDN mismatched db signatures 2024-10-22 21:14:00 +02:00

anonfunc referenced this issue from ALHP/ALHP.GO 2024-10-22 21:14:23 +02:00

extra-x86-64-v3: signature is invalid #262

ivdok referenced this issue from ALHP/ALHP.GO 2024-10-24 12:10:08 +02:00

extra-x86-64-v3: stale CDN cache #263

anonfunc referenced this issue from ALHP/ALHP.GO 2024-10-24 18:16:37 +02:00

extra-x86-64-v3: stale CDN cache #263

anonfunc commented 2024-10-24 18:17:58 +02:00

Owner

Copy Link

Well, seems that the new method does not clear correctly either. I now implemented a more "radical" purge method, lets see if that helps.

Well, seems that the new method does not clear correctly either. I now implemented a more "radical" purge method, lets see if that helps.

anonfunc added the

bug

label 2024-10-24 19:06:50 +02:00

anonfunc commented 2024-10-25 18:26:50 +02:00

Owner

Copy Link

I implemented cache-tagging, should work fine from now on. Please reopen if the problem persists for you.

I implemented cache-tagging, should work fine from now on. Please reopen if the problem persists for you.

anonfunc closed this issue 2024-10-25 18:26:50 +02:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

20250509

20250401

20230504

20220522

20211125

Labels

Clear labels

bug

Something is not working

duplicate

This issue or pull request already exists

enhancement

New feature

help wanted

Need some help

invalid

Something is wrong

question

More information is needed

wontfix

This won't be fixed

No Label

bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

anonfunc

No Assignees

3 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: ALHP/alhp-keyring#4

No description provided.