search

anatol / quarry

Rubygems binary repository for Arch Linux
GNU General Public License v3.0
53 stars 25 forks source link

Ruby Rubocop is missing signature #120

Closed rdlu closed 3 years ago

rdlu commented 3 years ago

Tried the full update pacman -Syu minutes ago, but this package is keeping me locked.

Already cleaned the pacman's cache and tried an alternate connection with another provider (broadband -> 4G).

Can you check this please? Thanks a lot!

error: ruby-rubocop: missing required signature
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.

Version: ruby-rubocop-0.91.1-1

anatol commented 3 years ago

The package and its signature are in the repo:

https://pkgbuild.com/~anatolik/quarry/x86_64/ruby-rubocop-0.91.1-1-any.pkg.tar.zst https://pkgbuild.com/~anatolik/quarry/x86_64/ruby-rubocop-0.91.1-1-any.pkg.tar.zst.sig

And I can install it without any problems sudo pacman -U https://pkgbuild.com/~anatolik/quarry/x86_64/ruby-rubocop-0.91.1-1-any.pkg.tar.zst

catwell commented 3 years ago

I have the same issue.

$ sudo pacman -Sy ruby-rubocop
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
 sublime-text is up to date
 quarry is up to date
 staging is up to date
resolving dependencies...
looking for conflicting packages...

Packages (1) ruby-rubocop-0.91.1-1

Total Installed Size:  1.80 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] 
(1/1) checking keys in keyring                     [#####################] 100%
(1/1) checking package integrity                   [#####################] 100%
error: ruby-rubocop: missing required signature
error: failed to commit transaction (package missing required signature)
Errors occurred, no packages were upgraded.

It doesn't come from the signature file.

$ pacman-key -v ruby-rubocop-0.91.1-1-any.pkg.tar.zst.sig ruby-rubocop-0.91.1-1-any.pkg.tar.zst
==> Checking ruby-rubocop-0.91.1-1-any.pkg.tar.zst.sig... (detached)
gpg: Signature made Wed Sep 23 18:07:38 2020 CEST
gpg:                using RSA key 8E1992167465DB5FB045557CB02854ED753E0F1F
gpg: Note: trustdb not writable
gpg: Good signature from "Anatol Pomozov <anatol.pomozov@gmail.com>" [full]

It comes from the database, which does not have %PGPSIG%.

$ wget https://pkgbuild.com/~anatolik/quarry/x86_64/quarry.db.tar.xz
--2020-09-24 17:01:19--  https://pkgbuild.com/~anatolik/quarry/x86_64/quarry.db.tar.xz
Loaded CA certificate '/etc/ssl/certs/ca-certificates.crt'
Resolving pkgbuild.com (pkgbuild.com)... 78.46.178.133, 2a01:4f8:c2c:51e2::1
Connecting to pkgbuild.com (pkgbuild.com)|78.46.178.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1012236 (989K) [application/x-xz]
Saving to: ‘quarry.db.tar.xz’

quarry.db.tar.xz    100%[==================>] 988.51K  5.61MB/s    in 0.2s    

2020-09-24 17:01:20 (5.61 MB/s) - ‘quarry.db.tar.xz’ saved [1012236/1012236]

$ tar xf quarry.db.tar.xz 
$ ack PGPSIG ruby-rubocop-0.91.1-1/desc 
$
anatol commented 3 years ago

Okay, it turns out an incompatibility between repo-add from master that I use and pacman version 5.x client you have.

pacman 5.x does not handle detached signatures correctly. I added --include-sigs flag to my script to enforce adding embedded signatures to the database file. And then rebuilt quarry.db database.

The issue should be fixed now. PTAL and let me know if you still have this issue.