MSYS2-packages: error: xxx: signature from "Christoph Reiter (MSYS2 master key) " is unknown trust

Do these command help?

rm -r /etc/pacman.d/gnupg/
pacman-key --init
pacman-key --populate msys2

From here https://www.msys2.org/news/#2020-06-29-new-packagers

Found fix for this problem here and it helped: https://blog.bachi.net/?p=5035

# rm -r /etc/pacman.d/gnupg/ # pacman-key --init # pacman-key --populate msys2

$ curl -O http://repo.msys2.org/msys/x86_64/msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz $ curl -O http://repo.msys2.org/msys/x86_64/msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz.sig

# pacman -U --config <(echo) msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz

$ pacman -Syu

UPDATE: solved after deleting /var/lib/pacman/sync/*.db

What worked for me was to delete /var/lib/pacman/sync/*.db.sig as well (i.e delete /var/lib/pacman/sync/*)

Fix for “error: mingw32: signature from “Christoph Reiter (MSYS2 development key) reiter.christoph@gmail.com” is unknown trust”

I got the error: mingw32: signature from "Christoph Reiter (MSYS2 development key) <reiter.christoph@gmail.com>" is unknown trust. To fix this you have to import the required gnupg key and assign it a high trust level.

Steps for the fix:

Double click C:\msys2.exe

$ pacman -S mingw-w64-x86_64-roswell

You get the error: error: mingw32: signature from “Christoph Reiter (MSYS2 development key) reiter.christoph@gmail.com” is unknown trust

How to find the key:

Christoph Reiter’s page: https://lazka.github.io/

search results for the key: http://keyserver.ubuntu.com/pks/lookup?op=vindex&search=0x46bd761f7a49b0ec

The signature of Christoph Reiter’s key ends with: 46bd761f7a49b0ec

Set the firewall to allow outside connections.

Import the key using gpg, while still inside the msys2.exe window:

$ gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv 46bd761f7a49b0ec

Set the trust level for the key: Set it using pacman-key, NOT gpg, because it doesn’t work after setting it with gpg --edit-key, you still get the error “[…] Christoph Reiter (MSYS2 master key) […]is unknown trust” .

Set it to 5 i.e. ultimate trust - I don’t know the difference between trust levels- if level 4 is sufficient or 5 is required.

pacman-key --edit-key 5F944B027F7FE2091985AA2EFA11531AA0AA7F57

type trust at the gpg prompt:

gpg> trust

type 5: Your decision? 5

type y for yes: y

type quit gpg> quit

While being inside the msys2.exe window run:

$ pacman-key --refresh-keys

synchronize the repository databases and update the system’s packages using: $ pacman -Syu

---

P.S. I had problems installing sbcl (I didn’t test using ros install sbcl-bin) using the roswell verson from msys2, so I had to install it manually. I don’t know why the recent versions of roswell’s ros.exe (and sbcl) from msys2 don’t work on Windows, or if this is related to Windows 7.

Solution does not work:

Error: msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz: signature format error
Error: GPGME error: No Data
Error: 'msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz': Invalid or broken packet (PGP-Signatur)

Iain, But what is the procedure to resolve it? I tried a change in /etc/paman.conf: Siglevel = Never #Siglevel = required databaseoptional And nothing has changed!

I had same issue, I believe my firewall was too quick to prevent the complete download of the proper signatures. I was able to authorise them, but perhaps too late.

The mentioned commands solved it,

rm -r /etc/pacman.d/gnupg/ pacman-key --init pacman-key --populate msys2

Might be due to anti virus or other security software.

Do these command help?

rm -r /etc/pacman.d/gnupg/
pacman-key --init
pacman-key --populate msys2

From here https://www.msys2.org/news/#2020-06-29-new-packagers

They do not, GPG is simply broken here.

$ pacman-key --populate msys2
==> Appending keys from msys2.gpg...
gpg: starting migration from earlier GnuPG versions
gpg: can't connect to the agent: IPC connect call failed
gpg: error: GnuPG agent unusable. Please check that a GnuPG agent can be started.
gpg: migration aborted
gpg: can't connect to the agent: IPC connect call failed
gpg: can't connect to the agent: IPC connect call failed
gpg: can't connect to the agent: IPC connect call failed

$ gpg-connect-agent /bye
gpg-connect-agent: no running gpg-agent - starting '/usr/bin/gpg-agent'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: waiting for the agent to come up ... (4s)
gpg-connect-agent: waiting for the agent to come up ... (3s)
gpg-connect-agent: waiting for the agent to come up ... (2s)
gpg-connect-agent: waiting for the agent to come up ... (1s)
gpg-connect-agent: can't connect to the agent: IPC connect call failed
gpg-connect-agent: error sending standard options: No agent running

I faced the same problem when run MSYS2 by “./msys2_shell.cmd -msys” which is the default way.

This problem disappeared when I do it in the following way:

1. in command line (e.g., powershell), run bash - this bash is the one in “~/msys64/usr/bin”. (I installed msys64 under $HOME)
2. export PATH=“$PATH:~/msys64/usr/bin”
3. pacman -Syu

The first time of “pacman -Syu” has error at the end: error: command (/usr/bin/sh /usr/bin/sh -c while read -r f; do install-info “$f” /usr/share/info/dir 2> /dev/null; doneA) failed to execute correctly (this error message in each “pacman -S” command)

Then, I rerun “pacman -Syu” and it says:

$  pacman -Syu
:: Synchronizing package databases...
 mingw32 is up to date
 mingw64 is up to date
 ucrt64 is up to date
 clang32 is up to date
 clang64 is up to date
 msys is up to date
:: Starting core system upgrade...
 there is nothing to do
:: Starting full system upgrade...
 there is nothing to do

So, looks everyting is fine?

Current workaround is just to disable signature verification until GPG is fixed.