Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Why is a linux novice using Arch? It's actually Steam OS 3.
Most pacman packages, when I try to download/install them, yield a series of ibgusb: signature from "{identity}" is marginal trust errors. I've tried every solution I can find on the internet, including, but not limited to, and in various combinations:
ntpd -qg
THEN sudo hwclock -w
sudo pacman-key --init
Checking that the arch mirror is up-to-date (not-applicable: steamos3 only has one mirror)
sudo pacman -Sy archlinux-keyring (I think this results in an older keyring)
THEN sudo pacman-key --populate archlinux
THEN sudo pacman-key --refresh-keys (finishes but seems to throw a lot of errors and warnings in the readout)
If I run one of the marginally-trusted IDs, in this case dvzrv@archlinux.org through pacman-key --list-sigs, I get:
Quote:
gpg: Note: trustdb not writable
pub ed25519 2022-05-10 [SC] [expires: 2026-05-09]
991F6E3F0765CF6295888586139B09DA5BF0D338
uid [ unknown] David Runge <dvzrv@archlinux.org>
sig 3 139B09DA5BF0D338 2022-05-10 David Runge <dvzrv@archlinux.org>
sig B1B73B02CC52A02A 2022-07-09 [User ID not found]
sig A88E23E377514E00 2022-06-05 [User ID not found]
sig 4DC95B6D7BE9892E 2022-05-19 [User ID not found]
sig 3 7258734B41C31549 2022-05-10 David Runge <dvzrv@archlinux.org>
sub ed25519 2022-05-10 [A] [expires: 2026-05-09]
sig 139B09DA5BF0D338 2022-05-10 David Runge <dvzrv@archlinux.org>
sub cv25519 2022-05-10 [E] [expires: 2026-05-09]
sig 139B09DA5BF0D338 2022-05-10 David Runge <dvzrv@archlinux.org>
pub ed25519 2019-10-01 [SC] [expires: 2023-09-30]
C7E7849466FE2358343588377258734B41C31549
uid [ unknown] David Runge <dvzrv@archlinux.org>
sig 3 7258734B41C31549 2019-10-01 David Runge <dvzrv@archlinux.org>
sig 4DC95B6D7BE9892E 2021-06-05 [User ID not found]
sig 6BC26A17B9B7018A 2019-10-18 [User ID not found]
sig D6D055F927843F1C 2019-10-17 [User ID not found]
sig 3348882F6AC6A4C2 2019-10-17 [User ID not found]
sig 7F2D434B9741E8AC 2019-10-15 [User ID not found]
sig 8DBD63B82072D77A 2019-10-12 [User ID not found]
sig 9B729B06A680C281 2019-10-11 [User ID not found]
sig BA1DFB64FFF979E7 2019-10-10 [User ID not found]
sig 54C28F4FF5A1A949 2019-10-10 [User ID not found]
sig 89AA27231C530226 2019-10-10 [User ID not found]
sig 12C87A28FEAC6B20 2019-10-07 [User ID not found]
sig 6E80CA1446879D04 2019-10-07 [User ID not found]
sig A88E23E377514E00 2019-10-06 [User ID not found]
sig 94657AB20F2A092B 2019-10-05 [User ID not found]
sig 3 786C63F330D7CB92 2019-10-05 Felix Yan <felixonmars@archlinux.org>
sig 46F633CBB0EB4BF2 2019-10-05 [User ID not found]
sig 06096A6AD1CEDDAC 2019-10-05 Laurent Carlier <lordheavym@gmail.com>
sub cv25519 2019-10-01 [E] [expires: 2023-09-30]
sig 7258734B41C31549 2019-10-01 David Runge <dvzrv@archlinux.org>
Any direction on this would be greatly appreciated.
pacman -Sy <anything> should not be run, unless you follow that with pacman -Su
I understand why you did that. To update the keyring first. But now you have a new pacman database with old packages installed on the machine. When you next run pacman -S <something>, if the update is a system package, you face breaking the box. You are going to have a partially updated mess.
If you are going to run arch, first stop is the wiki.
(1)(deck@steamdeck ~)$ sudo pacman -Syu
[sudo] password for deck:
:: Synchronizing package databases...
jupiter is up to date
holo is up to date
core is up to date
extra is up to date
community is up to date
multilib is up to date
:: Starting full system upgrade...
warning: archlinux-keyring: local (20220727-1) is newer than core (20220125-1)
there is nothing to do
Then how did you get that version of keyring? Sounds like you are using different mirrors. What are jupiter and halo?
I was following the instructions here. I have also attempted the aforementioned measures with keyring 20220125-1, which I think is the current default.
Quote:
Originally Posted by teckk
Does steamos have a /etc/pacman.d/mirrorlist
It does, but it only has one line:
Quote:
Server = https://steamdeck-packages.steamos.cloud/archlinux-mirror/$repo/os/$arch
I would stop using yay until you understand it. I would not use yay with pacman. And stop doing partial updates. Bring your machine up to date to the pacman database and repos that steam uses.
If you want to install something outside of pacman, then make a package with makepkg, and then install it with pacman. Then you'll have no more broken machines.
Then how did you get that version of keyring? Sounds like you are using different mirrors.
The answer is in post #1. Anyhow, it's just a warning.
Quote:
What are jupiter and halo?
SteamOS repos, would be my guess.
Judging from the output in post #3 I'd say everything is OK, no further action required at this point.
But hopefully OP has learned a lesson here. Leave good enough alone, and, with all things arch, the Arch wiki is always the first stop, not some random blog post.
#
# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives
#
# GENERAL OPTIONS
#
[options]
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir = /
#DBPath = /var/lib/pacman/
#CacheDir = /var/cache/pacman/pkg/
#LogFile = /var/log/pacman.log
#GPGDir = /etc/pacman.d/gnupg/
#HookDir = /etc/pacman.d/hooks/
HoldPkg = pacman glibc
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
#IgnorePkg =
#IgnoreGroup =
#NoUpgrade =
#NoExtract =
# Misc options
#UseSyslog
Color
#TotalDownload
# We cannot check disk space from within a chroot environment
CheckSpace
#VerbosePkgLists
ParallelDownloads = 10
# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseNever
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required
# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.
#
# REPOSITORIES
# - can be defined here or included from another file
# - pacman will search repositories in the order defined here
# - local/custom mirrors can be added here or in separate files
# - repositories listed first will take precedence when packages
# have identical names, regardless of version number
# - URLs will have $repo replaced by the name of the current repo
# - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
# [repo-name]
# Server = ServerName
# Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#
# The testing repositories are disabled by default. To enable, uncomment the
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.
#[testing]
#Include = /etc/pacman.d/mirrorlist
[jupiter]
Include = /etc/pacman.d/mirrorlist
SigLevel = Never
[holo]
Include = /etc/pacman.d/mirrorlist
SigLevel = Never
# An example of a custom package repository. See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs
Quote:
Originally Posted by teckk
I would stop using yay until you understand it. I would not use yay with pacman. And stop doing partial updates. Bring your machine up to date to the pacman database and repos that steam uses.
I really must not understand it, because I don't remember using it at all! Is it a synonym for one of the commands I did use?
Quote:
Originally Posted by teckk
I would try removing the archlinux-keyring that you have and install the correct one.
Code:
pacman -Rns archlinux-keyring
That results in:
Code:
error: failed to prepare transaction (could not satisfy dependencies)
:: removing archlinux-keyring breaks dependency 'archlinux-keyring' required by pacman
Package building sounds fruitful. I'll read up on the wiki. Thanks, teckk.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Struggling to fix invalid pacman keys:
