pikaur icon indicating copy to clipboard operation
pikaur copied to clipboard

Published 20 hours ago verified publisher icon actionless

Have pacman problem with gpg keys when elevating pikaur privileges

Open rafnov opened this issue 1 year ago • 8 comments 

pikaur -Vq
Pikaur v1.30.2
Pacman v7.0.0 - libalpm v15.0.0 - pyalpm v0.10.6
Description:

I have this problem since more than 24 hours with any file I try to update with pikaur -Syu, while pacman installs them fine, without any issue.

Attached log:
[rav: ~]$ LANG=C pikaur --pikaur-debug -Syu
△  debug: main_1000: Setting stdout to utf-8...
△  debug: main_1000: already set - nothing to do
△  debug: main_1000: Setting stderr to utf-8...
△  debug: main_1000: already set - nothing to do
△  debug: main_1000: Pikaur operation found for args ['/usr/bin/pikaur', '--pikaur-debug', '-Syu']: cli_install_packages
=> sudo -- /usr/bin/pikaur --pikaur-debug -Syu --pikaur-config=/home/rav/.config/pikaur.conf --user-id=1000 --home-dir=/home/rav --xdg
-cache-home=/home/rav/.cache --xdg-config-home=/home/rav/.config --xdg-data-home=/home/rav/.local/share
△  debug: main_0: Setting stdout to utf-8...
△  debug: main_0: already set - nothing to do
△  debug: main_0: Setting stderr to utf-8...
△  debug: main_0: already set - nothing to do
△  debug: main_0: Pikaur operation found for args ['/usr/bin/pikaur', '--pikaur-debug', '-Syu', '--pikaur-config=/home/rav/.config/pik
aur.conf', '--user-id=1000', '--home-dir=/home/rav', '--xdg-cache-home=/home/rav/.cache', '--xdg-config-home=/home/rav/.config', '--xd
g-data-home=/home/rav/.local/share']: cli_install_packages
△  debug: news: init
△  debug: news: fetch_latest
=> GET https://archlinux.org/feeds/news/
=> pacman --color=always --sync --refresh
:: Synchronizing package databases...
 core is up to date
 extra is up to date
△  debug: pacman: Discarding repo cache...

△  Starting full AUR upgrade...
△  debug: install_info_fetcher: 
Gonna fetch install info for:
    install_package_names=[]
    not_found_repo_pkgs_names=[]
    pkgbuilds_packagelists={}
    manually_excluded_packages_names=[]
    skip_checkdeps_for_pkgnames=[]

Reading repository package databases...
Reading local package database...
△  debug: install_info_fetcher: Gonna get repo pkgs install info...
△  debug: pacman: Gonna get sysupgrade info...
=> pacman --color=always --sync --sysupgrade --print-format %r/%n
△  debug: install_info_fetcher: gonna get AUR pkgs install info for:
    aur_packages_versionmatchers=[]
    self.aur_updates_install_info=[]
    aur_packages_names_to_versions={}
△  debug: install_info_fetcher: found AUR pkgs:
    aur_pkg_list=[]
not found AUR pkgs:
    not_found_aur_pkgs=[]
Reading AUR packages info...
△  debug: aur_module: find_aur_packages: 0x0uploader uncached
△  debug: aur_module: find_aur_packages: adbmanager-bin uncached
△  debug: aur_module: find_aur_packages: ascii-image-converter uncached
△  debug: aur_module: find_aur_packages: colord-brightness uncached
△  debug: aur_module: find_aur_packages: dvdisaster-unofficial uncached
△  debug: aur_module: find_aur_packages: freetube-bin uncached
△  debug: aur_module: find_aur_packages: genwipe.sh uncached
△  debug: aur_module: find_aur_packages: hdaps-gl uncached
△  debug: aur_module: find_aur_packages: iwgtk uncached
△  debug: aur_module: find_aur_packages: lcdtest uncached
△  debug: aur_module: find_aur_packages: lightdm-mini-greeter uncached
△  debug: aur_module: find_aur_packages: localepurge uncached
△  debug: aur_module: find_aur_packages: moc-pulse uncached
△  debug: aur_module: find_aur_packages: obsidian-2-theme-git uncached
△  debug: aur_module: find_aur_packages: pakbak-git uncached
△  debug: aur_module: find_aur_packages: pikaur uncached
△  debug: aur_module: find_aur_packages: redshifter uncached
△  debug: aur_module: find_aur_packages: sound-theme-smooth uncached
△  debug: aur_module: find_aur_packages: spectre-meltdown-checker uncached
△  debug: aur_module: find_aur_packages: transmission-gtk3 uncached
△  debug: aur_module: find_aur_packages: uad-ng-bin uncached
△  debug: aur_module: find_aur_packages: ventoy-bin uncached
△  debug: aur_module: find_aur_packages: waterfox-bin uncached
△  debug: aur_module: find_aur_packages: web-os-dev-manager-bin uncached
△  debug: aur_module: find_aur_packages: xame uncached
△  debug: aur_module: find_aur_packages: xfce4-hdaps uncached
△  debug: aur_module: find_aur_packages: zen-browser-bin uncached
△  debug: aur_module: find_aur_packages: obsidian-2-theme uncached
△  debug: aur_module: find_aur_packages: pakbak uncached
=> GET https://aur.archlinux.org/rpc/?v=5&type=info&arg[]=0x0uploader&arg[]=adbmanager-bin&arg[]=ascii-image-converter&arg[]=colord-br
ightness&arg[]=dvdisaster-unofficial&arg[]=freetube-bin&arg[]=genwipe.sh&arg[]=hdaps-gl&arg[]=iwgtk&arg[]=lcdtest&arg[]=lightdm-mini-g
reeter&arg[]=localepurge&arg[]=moc-pulse&arg[]=obsidian-2-theme-git&arg[]=pakbak-git&arg[]=pikaur&arg[]=redshifter&arg[]=sound-theme-s
mooth&arg[]=spectre-meltdown-checker&arg[]=transmission-gtk3&arg[]=uad-ng-bin&arg[]=ventoy-bin&arg[]=waterfox-bin&arg[]=web-os-dev-man
ager-bin&arg[]=xame&arg[]=xfce4-hdaps&arg[]=zen-browser-bin&arg[]=obsidian-2-theme&arg[]=pakbak
△  debug: install_info_fetcher: get_aur_pkgs_info: aur_updates_install_info_by_name={}
△  debug: install_info_fetcher: got AUR pkgs install info: []
△  debug: aur_deps: find_aur_deps: package_names=[]
△  debug: aur_deps: find_aur_deps: result_aur_deps={}
△  debug: install_info_fetcher: get_aur_deps_info: self.aur_deps_relations={}
△  debug: install_info_fetcher: get_aur_deps_info: aur_pkgs={}
△  debug: install_info_fetcher: get_aur_deps_info: [done]
△  debug: install_info_fetcher: get_repo_deps_info: [done]
△  debug: install_info_fetcher: :: marking dependant pkgs...
△  debug: install_info_fetcher:   :: mark_dependant :: get_repo_provided...
△  debug: install_info_fetcher:   :: mark_dependant :: get local pkgs...
△  debug: install_info_fetcher:   :: mark_dependant :: all_requested_pkg_names=[]
△  debug: install_info_fetcher:   :: mark_dependant :: explicit_aur_pkg_names=[]
△  debug: install_info_fetcher:   :: mark_dependant ::  - hwdata
△  debug: install_info_fetcher:       :: mark_dependant ::    providing_for=[]
△  debug: install_info_fetcher: == marked dependant pkgs.
=> pacman --color=always --query --upgrades --quiet
=> pacman --color=always --sync hwdata linux --print-format %r/%n
△  Ignoring package update linux (6.11.2.arch1-1 => 6.11.6.arch1-1) (ignored in Pacman config)
△  debug: install_cli: self.install_info.all_install_info_containers=([<RepoInstallInfo "hwdata" 0.388-1 -> 0.389-1>], [], [], [], [],
 [], [], [])
△  debug: news: print
△  debug: news: loading date from /home/rav/.cache/pikaur/last_seen_news.dat
△  debug: news: data: Sat, 14 Sep 2024 11:40:54 +0000, parsed: 2024-09-14 11:40:54+00:00
△  debug: news: Arch News Date: 2024-09-14 11:40:54+00:00, Last-seen date: 2024-09-14 11:40:54+00:00

△  Repository package will be installed:
 hwdata                                0.388-1              -> 0.389-1

△  debug: prompt: Gonna get input from user...
△  debug: FileLock: Acquiring /tmp/pikaur_prompt_12752.lock...
△  debug: FileLock: Acquired /tmp/pikaur_prompt_12752.lock
△  debug: prompt_nolock: Restoring TTY...
△  debug: prompt_nolock: Using standard input reader...
△  Proceed with installation? [Y/n] 
△  [v]iew package details   [m]anually select packages
△  [r] show if packages are required by already installed packages
>> 
△  debug: FileLock: Releasing /tmp/pikaur_prompt_12752.lock
△  debug: FileLock: Released /tmp/pikaur_prompt_12752.lock
△  debug: prompt: No answer provided - using "Y".
△  debug: install_cli: << GET_PACKAGE_BUILD
△  debug: install_cli: self.pkgbuilds_packagelists={}
△  debug: install_cli: self.package_builds_by_name={}
△  debug: install_cli: self.package_builds_by_provides={}
△  debug: install_cli: >> GET_PACKAGE_BUILD

pikspect => pacman --color=always --sync --sysupgrade
△  debug: pikspect: Opening virtual terminal...
△  debug: pikspect: fd: 5, pid: 35732
                                     :: Starting full system upgrade...
warning: linux: ignoring package upgrade (6.11.2.arch1-1 => 6.11.6.arch1-1)
resolving dependencies...
looking for conflicting packages...
△  debug: pikspect: Found right answer to `Proceed with installation? [Y/n]`: `Y`

Packages (1) hwdata-0.389-1

Total Installed Size:  9.28 MiB
Net Upgrade Size:      0.02 MiB

:: Proceed with installation? [Y/n] Y
(1/1) checking keys in keyring                                                   [##############################################] 100%
(1/1) checking package integrity                                                 [##############################################] 100%
error: GPGME error: General error
error: hwdata: missing required signature
:: File /var/cache/pacman/pkg/hwdata-0.389-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] ^C

rafnov avatar Nov 06 '24 19:11 rafnov

i see from the log that the last command which causing this error is:

pikspect => pacman --color=always --sync --sysupgrade

does the error persists if run that pacman command directly without pikaur?

actionless avatar Nov 06 '24 19:11 actionless

No, it finished fine. Log from translator as I run with my locale:

:: Starting full system upgrade....
warning: linux: ignoring package upgrade (6.11.2.arch1-1 => 6.11.6.arch1-1)
resolving dependencies...
looking for conflicting packages...

Packages (1) hwdata-0.389-1

To install:       9.28 MiB
Change after update:  0.02 MiB

:: Continue installation? [T/n] 
(1/1) checking keys in the database [##############################################] 100%
(1/1) checking package integrity [##############################################] 100%
(1/1) loading file list [##############################################] 100%
(1/1) checking file conflicts [##############################################] 100%
(1/1) checking available disk space [##############################################] 100%
:: Processing package changes.... 
(1/1) updating hwdata [##############################################] 100%
:: Running post-transaction...
(1/1) Arming ConditionNeedsUpdate...```

rafnov avatar Nov 06 '24 21:11 rafnov

this doesn't make any sense

and what happens if you run it again in the pikaur?

actionless avatar Nov 06 '24 21:11 actionless

GPGME error again:

:: Retrieving packages...
 curl-8.11.0-1-x86_64                               1136.8 KiB  1612 KiB/s 00:01 [##############################################] 100%
 libheif-1.19.2-1-x86_64                             516.6 KiB  2.29 MiB/s 00:00 [##############################################] 100%
 gpgme-1.24.0-1-x86_64                               462.2 KiB  2010 KiB/s 00:00 [##############################################] 100%
 Total (3/3)                                           2.1 MiB  1590 KiB/s 00:01 [##############################################] 100%
(3/3) checking keys in keyring                                                   [##############################################] 100%
(3/3) checking package integrity                                                 [##############################################] 100%
error: GPGME error: General error
error: GPGME error: General error
error: GPGME error: General error
error: curl: missing required signature
:: File /var/cache/pacman/pkg/curl-8.11.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: gpgme: missing required signature
:: File /var/cache/pacman/pkg/gpgme-1.24.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: libheif: missing required signature
:: File /var/cache/pacman/pkg/libheif-1.19.2-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

Again pacman upgraded those packages successfully. Maybe that was something wrong with gpgme? I will check again later as now it says "there is nothing to do".

rafnov avatar Nov 06 '24 21:11 rafnov

then make sure you don't have this option set in pikaur's config:

https://github.com/actionless/pikaur?tab=readme-ov-file#gpgdir-default--root-default-etcpacmandgnupg

(or better try with the empty config, so it would just use defaults)

actionless avatar Nov 06 '24 23:11 actionless

That one is not set in ~/.config/pikaur.conf. https://0x0.st/XDp4.conf

rafnov avatar Nov 08 '24 10:11 rafnov

@actionless , what more info do you need? The problem persists. Pikaur never bothered me about missing keys before. On the other hand: it always warned working on root account - now it does not. Pikaur just calls pacman and elevates priviledges when needed, right? So what do I miss? I can install package fine on root account with pikaur, I can't via user account.

rafnov avatar Nov 21 '24 07:11 rafnov

since you have close-to-default pikaur config, and the problem not happens in general with default arch setup but happens to you during privilege escalation only - then some of your custom settings (for example related to gpg keys, pacman or smth else in the middle) is not passing correctly during user escalation:

mb it's this thing: https://github.com/actionless/pikaur?tab=readme-ov-file#preserveenv-default-pkgdestvisualeditorhttp_proxyhttps_proxyftp_proxyhttp_proxyhttps_proxyftp_proxyall_proxy

mb smth else, but the only way to figure it out - you could try running up a docker container or VM with a clean arch install - and next porting there you setting there one by one until it breaks

actionless avatar Nov 21 '24 08:11 actionless