BACKGROUND: We had pgp software installed on old servers but on our new servers the infrastructure team installed gpg. So we have to do everything using gpg tool now. I am new to this.
So when we try to import a PGP public key block using the gpg import command we get the following error
>gpg --import /<filepath>/PGPKey.asc --user xyzzzd
gpg: Warning: using insecure warning!
gpg please see http://www.gnupg.org/faq.html for more inoformation
gpg key 0DBC987k: "zyzzd <pgpadmin#xyprod.#####.com>" not changed
gpg can't open '--user':No such file or directory
gpg can't open 'xyzzzd':No such file or directory
gpg Total number processed: 1
gpg unchanged: 1
Note we have placed the PGPKey.asc in the temp directory and the commands have been executed from that directory
There is no --user option in GnuPG, especially not for --import which expects all further arguments to be files to be imported; and I could neither find one for PGP.
The message says that the key 0DBC987k was already successfully imported into the GnuPG keyring, and no files could be found for --user nor xyzzzd.
Very likely you're fine just removing --user xyzzzd, otherwise you'll have to explain in detail what you're trying to achieve.
Related
Ever since June 2020, I have been unable to update my packages with pacman -Syu. When I try, I get the following error:
(It gets up to "Checking package integrity", then shows errors like this for every single package)
error: gcc-libs: signature from "David Macek <david.macek.0#gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/gcc-libs-10.2.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
Now, helpfully, MSYS2 does have a post explaining why this occurred and how to fix it: https://www.msys2.org/news/#2020-06-29-new-packagers
However, despite following all of those steps, nothing changed and I get the same errors.
For clarity, I did the following:
curl -O http://repo.msys2.org/msys/x86_64/msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz
curl -O http://repo.msys2.org/msys/x86_64/msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz.sig
pacman-key --verify msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz.sig
pacman -U msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz
Those "worked" (no errors) but didn't fix anything, so I tried:
rm -r /etc/pacman.d/gnupg/
pacman-key --init
pacman-key --populate msys2
But that didn't accomplish anything either.
What do I do?
The original key updating procedure News-MSYS2 can be made to work by adding one more command:
$ pacman-key --keyserver keyserver.ubuntu.com --refresh-keys
The packager's key as delivered in msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz has expired, and needs to be refreshed.
pub rsa4096 2018-01-14 [SC] [expired: 2021-06-19]
87771331B3F1FF5263856A6D974C8BE49078F532
uid [ expired] David Macek <david.macek.0#gmail.com>
Unfortunately, the keyserver used by older version of pacman-key command is not valid anymore.
$ pacman-key --refresh-keys
gpg: error retrieving 'alexey.pawlow#gmail.com' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: F40D263ECA25678A
Keyserver value in newer pacman-key was changed to keyserver.ubuntu.com by this msys2/MSYS2-keyring commit. Hence, the explicit --keyserver option for the pacman-key command at the beginning of this answer.
This worked for me. From "Nulano":
pacman -S msys2-keyring
Then use pacman -Syu as normal.
Tried the solutions at Msys 2020-06-29 - new packagers. Didn't work for me.
After trying a few other things (like disabling sourceforge mirrors) I found none worked.
Instead, I downloaded the latest tar of the project (since I cannot run the .exe) which is located at:
http://repo.msys2.org/distrib/msys2-x86_64-latest.tar.xz
Once downloaded, I went into C:/msys64/ and made a copy of the /home folder, then deleted all of the contents.
I then copied in the latest from the tar into there, and finally copied the /home folder back.
Now, MSYS2 finally works properly again. Though it does mean installing all packages over again.
I am fairly new to virtualbox and i want to install Oracle Database on my mac but i keep getting this error upon importing to virtualbox
i tried uninstall and reinstalling the virtualbox but keeps getting the same error can someone help me?
Go to downloaded link copy down Md5 check sum and verify with md5 command for the downloaded file,if checksum don't match you need to download again.(most probably you have incomplete or corrupted file).Since import failed I think it's best to download again and verify checksum
e.g Dowloaded OracleBigDatalite as well as md5sum.txt
$ cat md5sum.txt
26197c5d1f8e22102dc2f3641a58a851 BigDataLite411.7z.001
91198541deae1925888534ad5bc68e87 BigDataLite411.7z.002
67a2c534d407a18b5193df262173b815 BigDataLite411.7z.003
2da5928c2cca49a8e296a3fc2ef52de0 BigDataLite411.7z.004
ff35b60c518162e9fd4a15c170d53ee1 BigDataLite411.7z.005
970a860bb7e0efacee7a609a1e4d4414 BigDataLite411.7z.006
601927d6910acde33fe1fb377799d4a4 BigDataLite411.7z.007
c6e3763d73217ce7ffc921123f2c7c4b BigDataLite411.7z.008
b71ed4a3fbd79c269d6fe59e630c0ec1 BigDataLite411.7z.009
f2d25d520719e6d7adea273bf48ec147 BigDataLite411.7z.010
dc6db7a2834022747e0b7aba160e0a23 BigDataLite411.7z.011
ade4d056b6c71912f727eb5f57cc3db6 BigDataLite411.7z.012
$ md5sum BigDataLite411.7z.001
26197c5d1f8e22102dc2f3641a58a851 BigDataLite411.7z.001
First file in downloaded files checksum is matching with md5.txt(md5sum command on Ubuntu WSL on Mac I'm hoping it's md5)
P.S:-I don't have enough points to comment
I have downloaded a GNU tar archive (emacs-26.1.tar.xz) and now want to verify it against its signature file. gpg returns with the verify option the following output:
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Obviously the download could not be verified. But what does this mean? Is the tar archive probably corrupt? Or had I not imported the correct keys?
Here is step-by-step what I did:
I downloaded the archive file and its .sig file:
$ wget https://ftp.gnu.org/gnu/emacs/emacs-26.1.tar.xz
$ wget https://ftp.gnu.org/gnu/emacs/emacs-26.1.tar.xz.sig
I downloaded the GNU keyring (the Emacs download page gave me the link):
$ wget https://ftp.gnu.org/gnu/gnu-keyring.gpg
With gpg I imported the GNU keyring:
$ gpg --import gnu-keyring.gpg
Note that this returned:
.
.
.
gpg: Total number processed: 525
gpg: imported: 525 (RSA: 187)
gpg: no ultimately trusted keys found
Finally I verified the tar archive:
gpg --verify emacs-26.1.tar.xz.sig emacs-26.1.tar.xz
This then returned (as stated at the top):
gpg: no valid OpenPGP data found.
gpg: the signature could not be verified.
Please remember that the signature file (.sig or .asc)
should be the first file given on the command line.
So, is the tar archive corrupt or had I not imported the correct keys? If the latter is the case, what are the correct keys for this GNU download?
I am trying to use productsign to sign a XAR archive containing 2 pkg files created using productbuild . The xar tool is creating the file correctly, but I think the signing is corrupting the content, even though the file obtained is signed.
Some relevant command outputs below (I replaced the sensitive information with INFO):
$ ls .
file1.pkg file2.pkg
$
$ xar -cf '../_file.xar' .
$
$ cd ..
$ /usr/bin/productsign --sign 'Developer ID Installer: INFO' '_file.xar' 'file.xar'
productsign: using timestamp authority for signature
productsign: signing product with identity "Developer ID Installer: INFO" from keychain /Users/INFO/Library/Keychains/login.keychain
productsign: adding certificate "Developer ID Certification Authority"
productsign: adding certificate "Apple Root CA"
productsign: Wrote signed product archive to file.xar
$
$ /usr/sbin/pkgutil --check-signature 'file.xar'
Package "file.xar":
Status: signed by a certificate trusted by Mac OS X
Certificate Chain:
1. Developer ID Installer: INFO
SHA1 fingerprint: INFO
-----------------------------------------------------------------------------
2. Developer ID Certification Authority
SHA1 fingerprint: INFO
-----------------------------------------------------------------------------
3. Apple Root CA
SHA1 fingerprint: INFO
$ file file.xar
file.xar: xar archive - version 1
$
$ xar -xf file.xar -D /tmp
Error while extracting archive:(file1.pkg): Error decompressing file
$
Is the productsign command intended to work in some other way? I don't understand what is wrong with my approach.
After some testing, I found out xar is using relative paths inside the archive, so in my case there was a problem because I used "../" inside a path name.
gpg: signing error: Input/output error
When I tried to deploy my maven project using the command mvn deploy -DperformRelease=true and I got to the step where I had to enter my GPG passphrase I got the above error. I thought this was because I mistyped the passphrase, but after multiple attempts I kept getting the same error. I then updated my GPG installation to the most recent modern version, but still the same error.
Then I tried to create a new key, but when I got to the step where I had to create the password I got this error:
gpg: agent_genkey failed: Input/output error
Key generation failed: Input/output error
Also an input/output error. Interestingly enough, I believe that in both cases I had this error spit out 2 lines above those errors:
gpg: AllowSetForegroundWindow(16252) failed: Access is denied.
Whether that is related, I don't know. What can I do to resolve this?
I had a similar error with gpg on Windows (Gpg4win). I fixed it by uninstalling Gpg4win and installing Gpg4win-Vanilla (the most lightweight version of Gpg4win): https://www.gpg4win.org/download.html