Re: [arch-general] Unknown Trust and Corrupted Package

2016-01-25 Thread Stefan Tatschner 
It is in testing; updating the keyring pkg from testing fixed the issue on my 
box.
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: [arch-general] Unknown Trust and Corrupted Package

2016-01-25 Thread Bruno Pagani 


Le 25 janvier 2016 03:23:25 GMT+01:00, Levente Polyak  
a écrit :
>On 01/25/2016 03:17 AM, Jayesh Badwaik wrote:
>> Hi,
>> 
>> I'm receiving message about unknown trust while trying to install the
>confuse 
>> package. 
>> 
>
>
>Looks like people tend to forget about updating pacman keyring.
>
>pacman-key --refresh-keys
>
>
>cheers,
>anthraxx

Definitely, just ran into the same issue and had more than thousand new sigs…

Is there somewhere on the wiki, especially beginner guide or install one where 
it’s advised to do this on a regular basis? (I’m on mobile right now, not easy 
to check)

Bruno

Re: [arch-general] Unknown Trust and Corrupted Package

2016-01-25 Thread Jayesh Badwaik 
On Monday, 25 January 2016 09:00:43 IST Bruno Pagani wrote:
> Is there somewhere on the wiki, especially beginner guide or install one
> where it’s advised to do this on a regular basis? (I’m on mobile right now,
> not easy to check)

I found this [1], which suggests that the changes should be updated in the 
archlinux-keyring package, but that may not be enough if the keyring package 
is not recent enough. 

-- 
Cheers
Jayesh Badwaik

[1] https://wiki.archlinux.org/index.php/Pacman/
Package_signing#Adding_developer_keys

Re: [arch-general] Unknown Trust and Corrupted Package

2016-01-25 Thread Damjan Georgievski 
>> I'm receiving message about unknown trust while trying to install the confuse
>> package.
>>
>
> Looks like people tend to forget about updating pacman keyring.
>
> pacman-key --refresh-keys

is'n this done automatically? should it?



-- 
damjan

Re: [arch-general] Unknown Trust and Corrupted Package

2016-01-25 Thread Levente Polyak 
On 01/25/2016 10:27 AM, Damjan Georgievski wrote:
> huh, now what?
> [...]
> gpg: keyserver refresh failed: Permission denied

As the error message indicates, you need to do that as root.
It's also possible to grab the new archlinux-keyring package from [testing].

cheers,
Levente



signature.asc
Description: OpenPGP digital signature

Re: [arch-general] Unknown Trust and Corrupted Package

2016-01-25 Thread Emil Lundberg 
>
> > Looks like people tend to forget about updating pacman keyring.
> >
> > pacman-key --refresh-keys
>
> is'n this done automatically? should it?
>

I personally can't see how it (an upgrade hook in a package) could. The
pacman-keyring package can (and does) do some maintenance operations on
upgrades, but things like OP's issue (I noticed the same thing as well) is
more likely to occur due to a completely unrelated package coming with
signatures from a new key without the pacman-key package being touched.

What could be done would be to make pacman automatically download any and
all needed keys without user intervention. This shouldn't be a security
issue since the web of trust should still be enforced (i.e. this wouldn't
mean you'd just blindly trust random keys, just that pacman would do the
equivalent of `pacman-key --refresh` when necessary). I don't know if this
has already been considered and rejected by the pacman devs.

>

Re: [arch-general] Unknown Trust and Corrupted Package

2016-01-25 Thread Damjan Georgievski 
> Looks like people tend to forget about updating pacman keyring.
>
> pacman-key --refresh-keys

huh, now what?

# pacman-key --refresh-keys
gpg: refreshing 85 keys from hkp://keys.gnupg.net
gpg: keyserver refresh failed: Permission denied
==> ERROR: A specified local key could not be updated from a keyserver.



-- 
damjan

Re: [arch-general] Unknown Trust and Corrupted Package

2016-01-24 Thread Jayesh Badwaik 
On Monday, 25 January 2016 03:23:25 IST Levente Polyak wrote:
> Looks like people tend to forget about updating pacman keyring.
> 
> pacman-key --refresh-keys


Oops, feel very silly now. 

-- 
Cheers
Jayesh Badwaik

Re: [arch-general] Unknown Trust and Corrupted Package

2016-01-24 Thread Levente Polyak 
On 01/25/2016 03:17 AM, Jayesh Badwaik wrote:
> Hi,
> 
> I'm receiving message about unknown trust while trying to install the confuse 
> package. 
> 


Looks like people tend to forget about updating pacman keyring.

pacman-key --refresh-keys


cheers,
anthraxx



signature.asc
Description: OpenPGP digital signature

Re: [arch-general] Unknown Trust and Corrupted Package

2016-01-24 Thread Jonathan Villatoro 
On Sun, Jan 24, 2016 at 9:03 PM, Jayesh Badwaik 
wrote:

> >On Monday, 25 January 2016 03:23:25 IST Levente Polyak wrote:
> >> Looks like people tend to forget about updating pacman keyring.
> >>
> >> pacman-key --refresh-keys
>
>
> >Oops, feel very silly now.
>
>
Interesting, I just had a similar issue when installing i3-wm on a fresh
install
for my laptop. Good to know it was just about refreshing the keys.

Thank you all,

Jonathan