No user ID for key signature packet of class 10

meanruse · 30 January 2022 20:56

Last update showed a stream of no user ID for key signature packet of class 10.
( that was more or less two hours ago now).

I read Package_signing in the Arch wiki which says:

If you suspect that something is not working right with the keyserver, you could try to switch to the Ubuntu keyserver. To do this, edit /etc/pacman.d/gnupg/gpg.conf and change the keyserver line to:

keyserver hkp://keyserver.ubuntu.com

I'm sure I never touched gpg.conf myself, anyway here it is:

 λ cat /etc/pacman.d/gnupg/gpg.conf
File: /etc/pacman.d/gnupg/gpg.conf
no-greeting
no-permission-warning
lock-never
keyserver-options timeout=10
keyserver-options import-clean
keyserver-options no-self-sigs-only

There's no keyserver specified, yet as seen below hkps://keyserver.ubuntu.com is used anyway, so I did not change anything.

I searched online, found some instructions to completely wipe the keys and reinstall them, but have not tried that yet -- I don't understand so I'm wary of blindly copy pasting commands.
Though I now see those same commands are advised here so I guess I can trust them after all.

What I have done, is garuda-update followed by sudo pacman-key --refresh-keys.

Garuda update refreshed the mirror list (disregarding country preferences I set in /etc/xdg/reflector/reflector.conf, oh well it found nearby mirrors anyways) while pacman-key went on spitting errors and more "no user ID" for 6 minutes -- the output is very long, here is a small excerpt:

gpg: error retrieving 'dan@master-key.archlinux.org' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key A04F9397CDFD6BB0: "Dan McGee (Arch Linux Master Key) <dan@master-key.archlinux.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: error retrieving 'ionut@master-key.archlinux.org' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key 7EFD567D4C7EA887: 1 signature not checked due to a missing key
gpg: key 7EFD567D4C7EA887: "Ionut Biru (Arch Linux Master Key) <ionut@master-key.archlinux.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

Apparently packages were updated though, and both garuda-update and a second pacman -Syu said "nothing to do".

Adding to my confusion, garuda-update said:

Checking for plugin updates
unable to find a matching version for "bounce"

At this point I rebooted.

Then I tried (following these instructions found here) with similar result. Edited for brevity:

sudo pacman -Sy archlinux-keyring chaotic-keyring
...
warning: archlinux-keyring-20220125-1 is up to date -- reinstalling
warning: chaotic-keyring-20220130-1 is up to date -- reinstalling
...
==> Updating trust database...
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
... more of them "no user id" here ...
gpg: public key DB323392796CA067 is 3037 days newer than the signature
gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:  10  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:  10  signed:  94  trust: 0-, 0q, 0n, 10m, 0f, 0u
gpg: depth: 2  valid:  87  signed:  33  trust: 87-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2022-05-06

then pacman -Syu updated a few more packages (qt6 something).
System date and time is correct (I noticed the 3037 days newer).

After an hour I tried again with the same result.

If I understand correctly, this problem is simply due to mirrors not yet up to date, and the above commands should have fixed it, but it doesn't look like they did.

I rebooted again, pacman -Syu updated more packages, but pacman-key --refresh-keys still fails the same way.

I now replaced /etc/pacman.d/mirrorlist again with the .pacnew from jan 16 that I kept around just in case, which garuda-update proceeded to rewrite after an error: failed to synchronize all databases (no servers configured for repository).
This time I got mirrors from all different places, and pacman-key still errors out.
Another example:

gpg: error retrieving 'pgp@nicohood.de' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving 'mail@nicohood.de' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving 'blog@nicohood.de' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving 'shop@nicohood.de' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving 'inbox@nicohood.de' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving 'aur@nicohood.de' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving 'git@nicohood.de' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving 'outbox@nicohood.de' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving 'wohnung@nicohood.de' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving 'nico-2006@nicohood.de' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving 'archlinux@nicohood.de' via WKD: General error
gpg: error reading key: General error
gpg: error retrieving 'mooltipass@nicohood.de' via WKD: General error
gpg: error reading key: General error
gpg: key 51DAE9B7C1AE9161: "NicoHood <pgp@nicohood.de>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
pub   rsa4096 2015-06-17 [SCA] [expires: 2023-04-21]
      97312D5EB9D7AE7D0BD4307351DAE9B7C1AE9161
uid           [ unknown] NicoHood <pgp@nicohood.de>
uid           [  full  ] N <mail@nicohood.de>
uid           [marginal] NNNNN <blog@nicohood.de>
uid           [marginal] NNNNN <shop@nicohood.de>
uid           [marginal] _____ <inbox@nicohood.de>
uid           [marginal] NicoHood <aur@nicohood.de>
uid           [ unknown] NicoHood <git@nicohood.de>
uid           [marginal] _____ <outbox@nicohood.de>
uid           [marginal] _____ <Wohnung@nicohood.de>
uid           [marginal] NNNNN <nico-2006@nicohood.de>
uid           [marginal] NicoHood <archlinux@nicohood.de>
uid           [marginal] NicoHood <mooltipass@nicohood.de>
uid           [  full  ] NicoHood <nicohood@archlinux.org>
sub   rsa4096 2015-06-17 [E] [expires: 2023-04-21]

The question is, is this something I should be concerned about, or should I just wait some more time for the servers to update? Or is there something else I should do / should have not done?

Sorry for newbie question, I'm a newbie after all, and this is one topic I'm totally clueless about.

TNE · 30 January 2022 21:30

Seems like you got a bit confused and started looking at the wrong solutions to a non-issue and ended up breaking stuff including your mirrorlist on accident.

This command should get you back on track: update remote fix

After that everything should work fine again without any additional intervention from you.

This has nothing to do with any server issues, this is an issue on your end

meanruse · 30 January 2022 23:47

I came to the same conclusion... so I gave up and asked before the point of no return
update remote fix is doing its thing smoothly (well this time I got a mirror apparently from Zaire judging by its name which isn't exactly around the corner but so far they work, I'll look at that later), no gpg errors this time, it also updated the kernel so I'll reboot but everything looks fine.

Big thanks!

Now I wish I knew what exactly I did wrong and where all those no user ID came from...

update remote fix finished successfully.

Any idea about the unable to find a matching version for "bounce" I still see?

Next I make sure home backup is up to date then reboot. Back in a few minutes...

meanruse · 30 January 2022 23:54

all systems are go!

system · 1 February 2022 23:54

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.