#archlinux32 | Logs for 2024-11-26
Back
[00:20:04] -!- drathir_tor has joined #archlinux32
[06:36:52] -!- n0tiz has quit [Ping timeout: 260 seconds]
[06:39:44] -!- n0tiz has joined #archlinux32
[09:26:36] -!- mavchatz has joined #archlinux32
[09:27:17] -!- mvchtz has quit [Ping timeout: 265 seconds]
[09:51:19] -!- srvntx has joined #archlinux32
[10:13:51] mavchatz is now known as mvchtz
[11:18:22] -!- eloy has quit [Quit: eloy]
[11:19:26] -!- eloy has joined #archlinux32
[11:53:36] <KillerWasp> again i have problem for install archlinux32-keyring, �":: File /var/cache/pacman/pkg/archlinux32-keyring-20241114-1.1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature))."� hahahah!
[12:00:33] <KillerWasp> https://bugs.archlinux32.org
[12:00:35] <phrik> Title: FS#360 : Archlinux32-Keyring was trusted but became untrusted (at bugs.archlinux32.org)
[12:00:39] <KillerWasp> this web don't work anymore...
[12:06:17] <KillerWasp> http://archlinux32.org
[12:06:18] <phrik> Title: Arch Linux 32 - archlinux32-keyring 20241114-1.1 (any) (at archlinux32.org)
[12:06:22] <KillerWasp> seem broken.
[12:06:37] <KillerWasp> show "not found in pkg-api" in all the properties.
[12:08:21] <KillerWasp> how to fix this problem? I need install the new keyring.
[12:17:21] -!- drathir_tor has quit [Ping timeout: 260 seconds]
[17:07:20] <KillerWasp> all are wrong... I already add the two keys from validpgpkeys from this web: https://git.archlinux32.org
[17:07:21] <phrik> Title: PKGBUILD « archlinux32-keyring-transition « core - packages - Archlinux32 package modifications (at git.archlinux32.org)
[17:07:46] <KillerWasp> and still can't install archlinux32-keyring{,-transition}
[17:08:01] <KillerWasp> also i'm follow those instructions: https://bugs.archlinux32.org
[17:08:03] <phrik> Title: FS#318 : [multiple]: Note: This key has expired! (at bugs.archlinux32.org)
[17:08:23] <KillerWasp> i add the two keys with 'curl' and 'gpg'
[17:10:56] <KillerWasp> i also i'm check with sha512sum in archlinux32-keyring, from with i download with 'pacman -S' and with sha from https://git.archlinux32.org
[17:10:57] <phrik> Title: PKGBUILD « archlinux32-keyring « core - packages - Archlinux32 package modifications (at git.archlinux32.org)
[17:11:29] <KillerWasp> both sha512sum are different, but the date is same: 20241114
[17:11:58] <KillerWasp> what happen?
[17:21:48] <KillerWasp> arch=('any')
[17:21:49] <KillerWasp> lol
[17:22:49] <KillerWasp> again the database is broken, i can't access to info of archlinux32-keyring...
[17:23:01] <KillerWasp> https://archlinux.org
[17:23:02] <phrik> Title: Arch Linux - Package Search (at archlinux.org)
[17:23:03] <KillerWasp> 0 matches
[17:23:56] <KillerWasp> now i'm out of ideas here...
[20:01:03] <bill-auger> KillerWasp: arch does not distribute archlinux32-keyring-transition anymore - arch32/core is the only way to get it now
[20:01:53] <KillerWasp> bill-auger: ok, but still archlinux32-keyring have problems.
[20:02:16] <bill-auger> yes its signing key expired 2024-01-29
[20:03:38] <bill-auger> you would need to install archlinux32-keyring with signature checking disabled - that was its only purpose
[20:03:54] <KillerWasp> bill-auger: It's strange, because a few days or weeks ago I updated it correctly, and now that I want to install ffmpeg, it turns out that it gives 404 and I try to update it, and now it gives an error with gpg.
[20:04:24] <KillerWasp> bill-auger: but it's secure? both keyrings have different sha512sum. Which's the correct checksum of keyring?
[20:04:46] <bill-auger> the only purpose of archlinux32-keyring-transition is to install archlinux32-keyring without diaabling signature checking
[20:05:20] <KillerWasp> with both keyrings i mean archlinux32-keyring from pacman -S and the database of archlinux32.org
[20:06:52] <bill-auger> i dont understand that - pacman should show you only one archlinux32-keyring
[20:07:39] <KillerWasp> i need the real archlinux32-keyring with the correct sha. From pacman and database are different.
[20:08:31] <bill-auger> maybe try pacman -Syy
[20:09:03] <bill-auger> you maybe got a DB file from a lagging mirror
[20:14:26] <bill-auger> this is the sha512 of the one parabola has 0d86f53629d50699af73f53c7ba146ae278163fbc866b41435de94012b3bd916c7eae0e77251a1348dfcc3082fbfc2ac285ddcf6815acf067721ba0e4a2e79b9 archlinux32-keyring-20241114-1.1-any.pkg.tar.zst
[20:16:46] <KillerWasp> bill-auger: thanks. Yes, i have the correct keyring.
[20:17:33] <bill-auger> ok so i just checked the signature parabola has ond it is good - you should be able to do the same
[20:17:51] <bill-auger> $ pacman-key --verify archlinux32-keyring-20241114-1.1-any.pkg.tar.zst.sig
[20:23:44] <KillerWasp> no, is useless... i add the gpg keys from archlinux32-keyring, and still give a error from pacman: is corrupted (invalid or corrupted package (PGP signature))
[20:24:41] <bill-auger> if that doesnt work for you, you cuold get the signing key from the web https://archlinux32.org , import that into your gpg keyring (not pacman's gpg) to verify the signature, then install it without signature checking
[20:25:25] <bill-auger> that is the key of the signature in the parabola repos
[20:25:30] <KillerWasp> error: alsa-lib: signature from "Andreas Baumann (sign) <mail@andreasbaumann.cc>" is unknown trust
[20:25:51] <bill-auger> you need to fix you keyring first before installing any packages
[20:26:15] <bill-auger> you seem be have the chicken-and-egg problem now
[20:26:53] <KillerWasp> bill-auger: thanks, with your url of the keys list now i can install! 😀
[20:28:11] <bill-auger> those keys are AFAIK undocumented - i remember from some bug reports in the past, that was the only way to install the new keyring
[20:29:20] <KillerWasp> !keyring is <reply>curl -Ss https://archlinux32.org | gpg --homedir /etc/pacman.d/gnupg/ --import
[20:29:20] <phrik> KillerWasp: Error: You must be registered to use this command. If you are already registered, you must either identify (using the identify command) or add a hostmask matching your current hostmask (using the "hostmask add" command).
[20:30:19] <bill-auger> KillerWasp: that shuold work but note that i did not suggest doing that - you really should not tamper with the pacman keyring directly
[20:31:07] <KillerWasp> !keyring is <reply>curl -Ss https://archlinux32.org | gpg --homedir /etc/pacman.d/gnupg/ --import
[20:31:08] <phrik> KillerWasp: Error: Factoid "keyring" already exists.
[20:31:16] <KillerWasp> !keyring
[20:31:17] <phrik> http://allanmcrae.com
[20:31:31] <KillerWasp> !keyring-keys is <reply>curl -Ss https://archlinux32.org | gpg --homedir /etc/pacman.d/gnupg/ --import
[20:31:32] <phrik> KillerWasp: Is that… Is that really a word?
[20:33:19] <KillerWasp> bill-auger: I only use the method to get out of trouble. But it should be fine according to the website: https://bugs.archlinux32.org
[20:33:20] <phrik> Title: FS#318 : [multiple]: Note: This key has expired! (at bugs.archlinux32.org)
[20:34:04] <bill-auger> that method is very dangerous - it could cause you much more trouble that it fixes
[20:37:17] <KillerWasp> i see.
[20:37:34] <bill-auger> installing the keyring package will install the keys safely - instead of installing the key manually, youre better off installing the keyring package manually, checking the signature on a side channel, like we are doing now)
[20:38:50] <bill-auger> so yer good now? no more problems?
[20:39:39] <KillerWasp> bill-auger: yes, seem don't give problems anymore.
[20:40:01] <KillerWasp> !keyring-keys
[20:40:01] <phrik> curl -Ss https://archlinux32.org > gpg --homedir /etc/pacman.d/gnupg/ --import
[20:40:26] <bill-auger> oh i see that advice came from the bot - the bot is giving suggesting a bad habit there
[20:41:18] <KillerWasp> i set keyring-keys in the bot. 😛 is only a temp solution.
[20:41:39] <bill-auger> that precisely is wrong also > should be a pipe - but it is bad advice nonetheless
[20:42:54] <bill-auger> generally you do not want to run curl as root, especially not if doing so modifies core system files
[20:45:20] <bill-auger> that sort of advice should be on the wiki in more detail than a one-iiner in chat
[20:47:19] <bill-auger> https://wiki.parabola.nu is the "goto" adive i point ppl to
[20:47:20] <phrik> Title: Parabola Keyring - ParabolaWiki (at wiki.parabola.nu)
[20:51:33] <bill-auger> that article does expect that the keyring packages are self-contained - that is, the key needed to verify the keyring package itself is contain within the keyring package itself or already in pacman's keyring (that is all the transition package did) - it can not help the "transition" situation anymore though becuase the 'transition' package has the same problem now - that needs to be done manually like i suggested
[21:02:48] <KillerWasp> bill-auger: the bot can't assume "|", which i replace by ">".
[21:04:20] <KillerWasp> bill-auger: then i do all bad with curl, if don't give the good security that i'm thinked. 🙁
[21:07:48] <KillerWasp> sorry if i'm missunderstand something. I'm programming with ffmpeg since this morning, like now my brain is a cheese with holes full of rats.... A strong mess...