DEV Community

Arseny Zinchenko
Arseny Zinchenko

Posted on • Originally published at rtfm.co.ua on

Arch Linux: key could not be imported – required key missing from keyring

#archlinux #linux

A couple of days ago I got an additional laptop to take it on meetings.

As it will be used rarely and not as my main laptop – I decided to install Manjaro Linux there instead of usual Arch Linux – to take a look at the Manjaro itself and because don’t want to spend time with Arch configuration on a laptop, which be used even not each day.

After Manjaro installation (well – much easier than Arch, of course) I started the system upgrade, and…:

[setevoy@setevoy-asus-laptop ~]$ sudo pacman -Syu
...
:: Proceed with installation? [Y/n]  
(413/413) checking keys in keyring                                                                                                             [] 100%
downloading required keys...
:: Import PGP key 256E/C7E7849466FE2358343588377258734B41C31549, "David Runge <dvzrv@archlinux.org>", created: 2019-10-01? [Y/n] y
error: key "David Runge <dvzrv@archlinux.org>" could not be imported
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
Enter fullscreen mode Exit fullscreen mode

Well… Okay.

The first upgrade on o system with outdated packages, expected issues – no problem at all.

Do not perform the actions described below until you’ll read the actual reason.

Update archlinux-keyring

The first idea was to upgrade the archlinux-keyring util and it will update its keys:

$ sudo pacman -Sy archlinux-keyring
...
warning: archlinux-keyring-20191018-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...
Packages (1) archlinux-keyring-20191018-1
...
-> Disabling key 44D4A033AC140143927397D47EFD567D4C7EA887...
==> Updating trust database...
gpg: next trustdb check due at 2020-01-22
:: Running post-transaction hooks...
(1/1) Arming ConditionNeedsUpdate...
Enter fullscreen mode Exit fullscreen mode

But this didn’t help.

pacman-key --refresh-keys

Okay, let’s try update keys directly in the pacman-key‘s database:

[setevoy@setevoy-asus-laptop ~]$ sudo pacman-key --refresh-keys
...
gpg: Total number processed: 133
gpg:              unchanged: 66
gpg:           new user IDs: 3
gpg:            new subkeys: 1
gpg:         new signatures: 1172
...
gpg: next trustdb check due at 2020-01-22
Enter fullscreen mode Exit fullscreen mode

Nah, still something is wrong here:

[setevoy@setevoy-asus-laptop ~]$ pacman-key --list-sigs | grep Runge
gpg: Note: trustdb not writable
gpg: key E5BB298470AD4E41 was created 53 days in the future (time warp or clock problem)
gpg: key 6D42BDD116E0068F was created 11 days in the future (time warp or clock problem)
gpg: key 6D42BDD116E0068F was created 11 days in the future (time warp or clock problem)
gpg: key E5BB298470AD4E41 was created 53 days in the future (time warp or clock problem)
sig          54C28F4FF5A1A949 2014-10-06  David Runge <dave@sleepmap.de>
uid          [  full  ] David Runge <dave@sleepmap.de>
sig 3        54C28F4FF5A1A949 2017-05-07  David Runge <dave@sleepmap.de>
sig 3        54C28F4FF5A1A949 2015-01-04  David Runge <dave@sleepmap.de>
uid           [  full  ] David Runge <dave@c-base.org>
sig 3        54C28F4FF5A1A949 2017-05-07  David Runge <dave@sleepmap.de>
sig 3        54C28F4FF5A1A949 2015-10-20  David Runge <dave@sleepmap.de>
uid           [  full  ] David Runge <runge@pool.math.tu-berlin.de>
sig 3        54C28F4FF5A1A949 2017-05-07  David Runge <dave@sleepmap.de>
sig 3        54C28F4FF5A1A949 2014-10-03  David Runge <dave@sleepmap.de>
uid           [  full  ] David Runge <david.runge@campus.tu-berlin.de>
sig 3        54C28F4FF5A1A949 2017-05-07  David Runge <dave@sleepmap.de>
sig 3        54C28F4FF5A1A949 2014-10-03  David Runge <dave@sleepmap.de>
sig          54C28F4FF5A1A949 2017-05-07  David Runge <dave@sleepmap.de>
Enter fullscreen mode Exit fullscreen mode

At least – the developer’s mailbox is not the same as in the error.

there is a hint, but I didn’t notice it

Removing /etc/pacman.d/gnupg

The next thing I did a try – to fully drop (backup, of course, not just delete) pacman‘s GPG database to re-initial it from scratch:

[setevoy@setevoy-asus-laptop ~]$ ls -l /etc/pacman.d/gnupg
total 6276
drwx------ 2 root root    4096 жов 21  2017 crls.d
-rw-r--r-- 1 root root      17 лис  8  2018 gpg-agent.conf
-rw-r--r-- 1 root root     114 жов 24  2015 gpg.conf
drwx------ 2 root root    4096 жов 24  2015 openpgp-revocs.d
...
-rw-r--r-- 1 root root   18920 сер 18 12:28 trustdb.gpg
Enter fullscreen mode Exit fullscreen mode

Move it to backups:

[setevoy@setevoy-asus-laptop ~]$ mkdir ~/Backups
[setevoy@setevoy-asus-laptop ~]$ sudo mv /etc/pacman.d/gnupg Backups/
Enter fullscreen mode Exit fullscreen mode

Run initialization:

[setevoy@setevoy-asus-laptop ~]$ sudo pacman-key --init
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
gpg: Generating pacman keyring master key...
gpg: key FBADB7D2586D4A2F marked as ultimately trusted
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/7F47A1EC7C894F56DD6F9E18FBADB7D2586D4A2F.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
Enter fullscreen mode Exit fullscreen mode

Get keys:

[setevoy@setevoy-asus-laptop ~]$ sudo pacman-key --populate
==> Appending keys from archlinux.gpg...
...
Enter fullscreen mode Exit fullscreen mode

Let’s even update them:

[setevoy@setevoy-asus-laptop ~]$ sudo pacman-key --refresh-keys
gpg: refreshing 132 keys from hkps://hkps.pool.sks-keyservers.net
...
Enter fullscreen mode Exit fullscreen mode

Run the OS upgrade again:

[setevoy@setevoy-asus-laptop ~]$ sudo pacman -Syu
...
downloading required keys...
:: Import PGP key 256E/C7E7849466FE2358343588377258734B41C31549, "David Runge <dvzrv@archlinux.org>", created: 2019-10-01? [Y/n]
error: key "David Runge <dvzrv@archlinux.org>" could not be imported
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
Enter fullscreen mode Exit fullscreen mode

sd78dfv:?%67sdc!!!

pacman-key --recv-keys – a direct key’s import

Then I went to look for the key directly in the https://www.archlinux.org/master-keys database:

| David Runge | 0x41C31549 | Yes |

And try to import it directly:

[setevoy-asus-laptop setevoy]# pacman-key --recv-keys dvzrv@archlinux.org
gpg: key E5BB298470AD4E41 was created 53 days in the future (time warp or clock problem)
gpg: key 7258734B41C31549: 2 duplicate signatures removed
gpg: key 7258734B41C31549: 4 signatures not checked due to missing keys
gpg: key 7258734B41C31549: 2 signatures reordered
gpg: key 7258734B41C31549 was created 44 days in the future (time warp or clock problem)
gpg: key 7258734B41C31549 was created 44 days in the future (time warp or clock problem)
gpg: key 7258734B41C31549 was created 44 days in the future (time warp or clock problem)
gpg: key 7258734B41C31549 was created 44 days in the future (time warp or clock problem)
gpg: key 7258734B41C31549: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg:           w/o user IDs: 1
==> ERROR: Remote key not fetched correctly from keyserver.
Enter fullscreen mode Exit fullscreen mode

Eeerrr….

gpg: key 7258734B41C31549 was created 44 days in the future (time warp or clock problem)

44 days in the future – WHAT?

The real cause and solution

Check the date on the operating system now:

[setevoy-asus-laptop setevoy]# date
sun, 18 серпня 2019 12:47:28 +0300
Enter fullscreen mode Exit fullscreen mode

And by using hwclock to heck hardware’s time settings:

[setevoy-asus-laptop setevoy]# hwclock --show
2019-08-18 12:47:55.575491+03:00
Set the real time at this moment:
[setevoy-asus-laptop setevoy]# timedatectl set-time "2019-11-24 09:56:00"
[setevoy-asus-laptop setevoy]# hwclock --show
2019-11-24 09:56:03.404766+02:00
Enter fullscreen mode Exit fullscreen mode

Repeat upgrade:

[setevoy@setevoy-asus-laptop ~]$ sudo pacman -Syu
...
(413/413) checking keys in keyring                                                                                                             [] 100%
downloading required keys...
:: Import PGP key 256E/C7E7849466FE2358343588377258734B41C31549, "David Runge <dvzrv@archlinux.org>", created: 2019-10-01? [Y/n]
(413/413) checking package integrity
...
Enter fullscreen mode Exit fullscreen mode

And everything is working now.

Done.

Similar posts

Top comments (0)

Read next

sergelogvinov profile image

Install Proxmox on any bare metal server

Serge Logvinov -

daniellesiq profile image

Antivírus Kaspersky bloqueia WSL(Windows subsystem Linux)

Danielle Siqueira -

mrcaption49 profile image

du vs df commands in linux

Pranav Bakare -

exein profile image

Pulsar preventing vulnerabilities #1 — polkit (CVE-2021–4034)

Exein -