0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

The way pacman-key & GPG use proxy (proxyを通過させる)

Last updated at Posted at 2025-03-11

注意:以下の記事を参考にされ、問題が生じた場合、責任は負いかねます。

manjaro keyring error / 241112

I have had keyring error, when I upgrade Manjaro system. Here is a small memo.

0. Conclusion about pacman-key & GPG using proxy

0-1. Manually add option

--keyserver-options http-proxy=http://ID:PASS@PROXY_IP:port

sudo gpg --keyserver-options http-proxy=http://ID:PASS@PROXY_IP:port --keyserver hkp://keyserver.ubuntu.com --recv-keys 29C71CE612B57264

0-2. Add http-proxy http://ID:PASS@proxy_IP:PORT to belows.

/etc/gnupg/dirmngr.conf
/etc/pacman.d/gnupg/dirmngr.conf

sudo vi /etc/gnupg/dirmngr.conf

http-proxy http://ID:PASS@proxy_IP:PORT
sudo vi /etc/pacman.d/gnupg/dirmngr.conf

http-proxy http://ID:PASS@proxy_IP:PORT

And run follows or restart PC.

systemctl --user daemon-reload
systemctl --user restart dirmngr.service

Following is the process for fixing the keyring error at that time.

1. keyring error, during upgrade system

sudo pacam -Syyuu
....

### https://zenn.dev/miwarin/articles/e0ca2e9d78a1614fe296
## エラー: ruby-rexml: "Ike Devolder <ike.devolder@archlinux.org>" の署名は信頼されていません
:: ファイル /var/cache/pacman/pkg/ruby-rexml-3.2.6-1-any.pkg.tar.zst は破損しています (無効または破損し たパッケージ (PGP 鍵))。
ファイルを削除しますか? [Y/n]

2. confirm key

pacman-key --list-sigs | fgrep "Daniel M. Capella"

fgrep: warning: fgrep is obsolescent; using grep -F
gpg: 注意: 信用データベースが、書き込み不能です
uid           [期限切れ] Daniel M. Capella <polyzen@archlinux.org>
sig      N   29C71CE612B57264 2024-02-02  Daniel M. Capella <polyzen@archlinux.org>
uid           [  充分  ] Daniel M. Capella <polyzen@archlinux.org>
sig      N   EA4F7B321A906AD9 2024-02-09  Daniel M. Capella <polyzen@archlinux.org>

3. sign key

sudo pacman-key --lsign-key EA4F7B321A906AD9

  -> Locally signed 1 key.
==> 信頼データベースを更新...
gpg: 次回の信用データベース検査は、2024-11-18です

4. sign another key of same person

same person's another key but no user ID ...?
Something is wrong?

sudo pacman-key --lsign-key 29C71CE612B57264

  -> Locally signed 1 key.
==> 信頼データベースを更新...
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: 公開鍵DB323392796CA067は、署名よりも3037日、新しいものです
gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: 深さ: 0  有効性:   1  署名:  25  信用: 0-, 0q, 0n, 0m, 0f, 1u
gpg: 深さ: 1  有効性:  25  署名: 103  信用: 1-, 0q, 0n, 24m, 0f, 0u
gpg: 深さ: 2  有効性:  75  署名:  30  信用: 75-, 0q, 0n, 0m, 0f, 0u
gpg: 次回の信用データベース検査は、2024-11-18です

Same kind of error occurs during upgarde

sudo pacman -Syyuu

## エラー: ruby-rexml: "Ike Devolder <ike.devolder@archlinux.org>" の署名は信頼されていません
:: ファイル /var/cache/pacman/pkg/ruby-rexml-3.2.6-1-any.pkg.tar.zst は破損しています (無効または破損し たパッケージ (PGP 鍵))。
ファイルを削除しますか? [Y/n]

5. refresh key

  • gpg or pacman-key should use proxy.
  • so add --keyserver-options manually
  • use Ubuntu key-server, because default server now work at that time.
sudo gpg --keyserver-options http-proxy=http://ID:PASS@PROXY_IP:port --keyserver hkp://keyserver.ubuntu.com --recv-keys 29C71CE612B57264

gpg: *警告*: homedir '/home/hoge/.gnupg'の安全でない所有
gpg: 鍵29C71CE612B57264: 公開鍵"Daniel M. Capella <polyzen@archlinux.org>"をインポートしました
gpg:           処理数の合計: 1
gpg:             インポート: 1

all key becomes [full] and it seems to be fine !

LANG=C sudo pacman-key --list-sigs | grep -i capella
uid           [  full  ] Daniel M. Capella <polyzen@archlinux.org>
sig      N   29C71CE612B57264 2024-02-02  Daniel M. Capella <polyzen@archlinux.org>
uid           [  full  ] Daniel M. Capella <polyzen@archlinux.org>
sig      N   EA4F7B321A906AD9 2024-02-09  Daniel M. Capella <polyzen@archlinux.org>

6. just in case, update keyring...

sudo pacman -S archlinux-keyring manjaro-keyring

警告: archlinux-keyring-20241015-1 は最新です -- 再インストール
警告: manjaro-keyring-20230719-3 は最新です -- 再インストール

パッケージ (2) archlinux-keyring-20241015-1  manjaro-keyring-20230719-3

合計インストール容量:        1.76 MiB
最終的なアップグレード容量:  0.00 MiB

==> manjaro.gpg からキーを追加...
==> キーリングの信頼されたキーに署名...
  -> Locally signed 1 key.
==> 所有者信頼値をインポート...
==> 信頼データベースを更新...

gpg: 次回の信用データベース検査は、2024-11-18です

7. upgrade system without error

sudo pacman -Syyuu

reference

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?