'pacman-key --populate' failing?


5 posts
by Drew » Sat Jun 23, 2012 2:08 am
I followed the "full guide to first Arch update" guide
viewtopic.php?f=53&t=8512
Thanks, it helped clarify I had found the right fixes for updating Arch on the Pi.

I'm having trouble with …
Code: Select all
pacman-key --populate archlinux

I ran the 'pacman-key init' & used 'find / -name '*' ' to make enough IO noise for the generation but the 'pacman-key populate archlinux' stage always fails with
ERROR: The keyring file /usr/share/pacman/keyrings/archlinux.gpg does not exist
This is technincally correct I only have /usr/share/pacman/ with no keyrings directory.
Is there some additional setup for the archlinux.gpg key?

I am attempting setup over SSH so I have installed & run 'haveged' as the following page states
https://wiki.archlinux.org/index.php/Pa ... he_keyring

I think SigLevel in the pacman.conf needs setting too but I can't seem to get it to work if I 'Require' the signatures, I just get 'missing required signature' for each repository.

Has anyone got any idea how the key & config should be setup, it would be good to have signing for packages. It doesn't work as described on other tutorials, presumably its an ARM build issue?
Posts: 39
Joined: Fri Jan 20, 2012 3:50 am
by nemrod » Sun Jun 24, 2012 1:47 am
If I recall correctly I fixed this by fetching the keyring from the repos:
Code: Select all
pacman -S archlinux-keyring
Posts: 3
Joined: Sun Jun 24, 2012 1:45 am
by Drew » Sun Jun 24, 2012 12:03 pm
That's got it , thanks nemrod.

I'll add a note to the 'full guide', it seems pointless recommending people set up keys that they can't use. The arch guide doesn't explicitly mention how to import them either.

Out of interest, are you requiring signatures & signing them all or are you using SigLevel = Optional TrustAll in pacman.conf? I'm just testing but I'd like to understand what is involved for production too.
Posts: 39
Joined: Fri Jan 20, 2012 3:50 am
by nemrod » Sun Jun 24, 2012 2:42 pm
I'm using 'Optional TrustAll'. If I were to deploy the Pi for use in a production environment I would up the security with requiring trusted keys, but then I'm not sure I would use a rolling release distribution in that kind of environment anyway.
Posts: 3
Joined: Sun Jun 24, 2012 1:45 am
by Drew » Sun Jun 24, 2012 9:19 pm
nemrod wrote:I'm using 'Optional TrustAll'. If I were to deploy the Pi for use in a production environment I would up the security with requiring trusted keys, but then I'm not sure I would use a rolling release distribution in that kind of environment anyway.


Cheers, I'm mostly thinking about a server behind a firewall or for applications where it would be standalone and maybe not on the net.
Posts: 39
Joined: Fri Jan 20, 2012 3:50 am