SOLVED: 'unknown trust' errors when running ubos-install on amd64

You are using UBOS on an x86_64 PC. Please tell us something about the hardware.
Post Reply
emceeaich
Posts: 4
Joined: Thu Nov 22, 2018 1:56 am

SOLVED: 'unknown trust' errors when running ubos-install on amd64

Post by emceeaich » Thu Nov 22, 2018 2:36 am

I'm setting up UBOS on a Intel NUC using the following steps:
  • Copied img file to USB stick using Etcher
  • Booted Intel NUC with 8GB RAM and 128 GB SSD with USB stick, the PC was connected to ethernet
  • Ran `ip addr` to confirm IP address assigned
  • Ran `ping google.com` to confirm I could reach internet
  • Ran `lsblk` to confirm which device the 128 GB SSD was, which was `/dev/sda`
  • Ran `sudo ubos-install /dev/sda`
  • Get the error message 'Signature from "UBOS buildmaster <buildmaster@ubos.net>" is unknown trust' three times when downloading hl.db, os.db, and tools.db and their associated signatures
Per troubleshooting, I ran `sudo systemctl is-system-running`, which returned "running". I tried running `sudo ubos-install /dev/sda` again and got the same errors. I rebooted from the USB stick and again, got the same error message.

Should I try an earlier version than LATEST?



j12t
Posts: 110
Joined: Tue Dec 12, 2017 9:17 pm
Contact:

Re: 'unknown trust' errors when running ubos-install on amd64

Post by j12t » Fri Nov 23, 2018 9:07 pm

Could you try the following. As root, execute:

Code: Select all

echo XX ls
ls -ald $(find /etc/pacman.d)
echo XX list-keys
pacman-key --list-keys
echo XX init
pacman-key --init
echo XX populate archlinux
pacman-key --populate archlinux
echo XX populate ubos
pacman-key --populate ubos
echo XX ls
ls -ald $(find /etc/pacman.d)
echo XX list-keys
pacman-key --list-keys
echo XX pacman
pacman -Syu
and post the terminal output? That would help greatly in figuring out what's going on.

To get root as shepherd, execute

Code: Select all

sudo bash
.

emceeaich
Posts: 4
Joined: Thu Nov 22, 2018 1:56 am

Re: 'unknown trust' errors when running ubos-install on amd64

Post by emceeaich » Fri Nov 23, 2018 10:15 pm

Thank you, here's the result of those commands cut for length.

Let me know if you need all the keys from the pacman list-keys command.

Code: Select all

[root@ubos-pc /]# echo XX ls
XX ls
[root@ubos-pc /]# ls -ald $(find /etc/pacman.d)
drwxr-xr-x 1 root root     58 Nov 22 05:40 /etc/pacman.d
drwxr-xr-x 1 root root    384 Nov 23 21:59 /etc/pacman.d/gnupg
drwx------ 1 root root     14 Nov 22 05:40 /etc/pacman.d/gnupg/crls.d
-rw-r--r-- 1 root root      5 Nov 22 05:40 /etc/pacman.d/gnupg/crls.d/DIR.txt
-rw-r--r-- 1 root root     17 Nov 22 05:40 /etc/pacman.d/gnupg/gpg-agent.conf
-rw-r--r-- 1 root root     74 Nov 22 05:40 /etc/pacman.d/gnupg/gpg.conf
-rw-r--r-- 1 root root      0 Nov 22 05:40 /etc/pacman.d/gnupg/.gpg-v21-migrated
drwx------ 1 root root     88 Nov 22 05:40 /etc/pacman.d/gnupg/openpgp-revocs.d
-rw------- 1 root root   1452 Nov 22 05:40 /etc/pacman.d/gnupg/openpgp-revocs.d/C4F85DDC175902C414020FFC86E5B2CC4CDFAB6D.rev
drwx------ 1 root root     88 Nov 22 05:40 /etc/pacman.d/gnupg/private-keys-v1.d
-rw------- 1 root root    977 Nov 22 05:40 /etc/pacman.d/gnupg/private-keys-v1.d/C2DB9BBC0CF2AA5A85BAA9305C355B0B538B31FE.key
-rw-r--r-- 1 root root 644386 Nov 23 21:59 /etc/pacman.d/gnupg/pubring.gpg
-rw-r--r-- 1 root root 644386 Nov 23 21:59 /etc/pacman.d/gnupg/pubring.gpg~
-rw------- 1 root root      0 Nov 22 05:40 /etc/pacman.d/gnupg/secring.gpg
srwx------ 1 root root      0 Nov 23 21:59 /etc/pacman.d/gnupg/S.gpg-agent
srwx------ 1 root root      0 Nov 23 21:59 /etc/pacman.d/gnupg/S.gpg-agent.browser
srwx------ 1 root root      0 Nov 23 21:59 /etc/pacman.d/gnupg/S.gpg-agent.extra
srwx------ 1 root root      0 Nov 23 21:59 /etc/pacman.d/gnupg/S.gpg-agent.ssh
-rw-r--r-- 1 root root  49152 Nov 23 21:59 /etc/pacman.d/gnupg/tofu.db
-rw-r--r-- 1 root root  13720 Nov 23 21:59 /etc/pacman.d/gnupg/trustdb.gpg
-rw-r--r-- 1 root root  25377 Jul 10 09:42 /etc/pacman.d/mirrorlist
drwxr-xr-x 1 root root    128 Aug 21 00:03 /etc/pacman.d/repositories.d
-rw-r--r-- 1 root root     54 Aug 21 00:03 /etc/pacman.d/repositories.d/hl
-rw-r--r-- 1 root root    188 Aug 21 00:03 /etc/pacman.d/repositories.d/hl-experimental
-rw-r--r-- 1 root root     54 Aug 21 00:03 /etc/pacman.d/repositories.d/os
-rw-r--r-- 1 root root    188 Aug 21 00:03 /etc/pacman.d/repositories.d/os-experimental
-rw-r--r-- 1 root root     60 Aug 21 00:03 /etc/pacman.d/repositories.d/tools
-rw-r--r-- 1 root root    197 Aug 21 00:03 /etc/pacman.d/repositories.d/tools-experimental
-rw-r--r-- 1 root root    164 Aug 21 00:03 /etc/pacman.d/repositories.d/toyapps
[root@ubos-pc /]# echo XX list-keys
XX list-keys
[root@ubos-pc /]# pacman-key --list-keys
gpg: bad data signature from key 20E8A9C77716EB4F: Wrong key usage (0x19, 0x2)
/etc/pacman.d/gnupg/pubring.gpg
-------------------------------
pub   rsa2048 2018-11-22 [SC]
      C4F85DDC175902C414020FFC86E5B2CC4CDFAB6D
uid           [ultimate] Pacman Keyring Master Key <pacman@localhost>

pub   rsa4096 2011-11-29 [SC]
      AB19265E5D7D20687D303246BA1DFB64FFF979E7
uid           [  full  ] Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>

pub   rsa4096 2017-05-15 [SC]
      DDB867B92AA789C165EEFA799B729B06A680C281
uid           [  full  ] Bartłomiej Piotrowski (Arch Linux Master Key) <bpiotrowski@master-key.archlinux.org>
sub   rsa4096 2017-05-15 [E]

  (cut for length)

pub   rsa4096 2014-09-01 [SC]
      CF9DC152CFE2C869FC83C40C64FCC512CBC35F22
uid           [ultimate] UBOS buildmaster <buildmaster@ubos.net>

[root@ubos-pc /]# echo XX init
XX init
[root@ubos-pc /]# pacman-key --init
[root@ubos-pc /]# echo XX populate archlinux
XX populate archlinux
[root@ubos-pc /]# pacman-key --populate archlinux
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signing key DDB867B92AA789C165EEFA799B729B06A680C281...
  -> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
  -> Locally signing key 91FFE0700E80619CEB73235CA88E23E377514E00...
  -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
  -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
  -> Disabling key 7FA647CD89891DEDC060287BB9113D1ED21E1A55...

  cut for length
  
==> Updating trust database...
gpg: next trustdb check due at 2018-12-13
[root@ubos-pc /]# echo XX populate ubos
XX populate ubos
[root@ubos-pc /]# pacman-key --populate ubos
==> Appending keys from ubos.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signing key CF9DC152CFE2C869FC83C40C64FCC512CBC35F22...
==> Importing owner trust values...
==> Updating trust database...
gpg: next trustdb check due at 2018-12-13
[root@ubos-pc /]# echo XX ls
XX ls
[root@ubos-pc /]# ls -ald $(find /etc/pacman.d)
drwxr-xr-x 1 root root     58 Nov 22 05:40 /etc/pacman.d
drwxr-xr-x 1 root root    384 Nov 23 21:59 /etc/pacman.d/gnupg
drwx------ 1 root root     14 Nov 22 05:40 /etc/pacman.d/gnupg/crls.d
-rw-r--r-- 1 root root      5 Nov 22 05:40 /etc/pacman.d/gnupg/crls.d/DIR.txt
-rw-r--r-- 1 root root     17 Nov 22 05:40 /etc/pacman.d/gnupg/gpg-agent.conf
-rw-r--r-- 1 root root     74 Nov 22 05:40 /etc/pacman.d/gnupg/gpg.conf
-rw-r--r-- 1 root root      0 Nov 22 05:40 /etc/pacman.d/gnupg/.gpg-v21-migrated
drwx------ 1 root root     88 Nov 22 05:40 /etc/pacman.d/gnupg/openpgp-revocs.d
-rw------- 1 root root   1452 Nov 22 05:40 /etc/pacman.d/gnupg/openpgp-revocs.d/C4F85DDC175902C414020FFC86E5B2CC4CDFAB6D.rev
drwx------ 1 root root     88 Nov 22 05:40 /etc/pacman.d/gnupg/private-keys-v1.d
-rw------- 1 root root    977 Nov 22 05:40 /etc/pacman.d/gnupg/private-keys-v1.d/C2DB9BBC0CF2AA5A85BAA9305C355B0B538B31FE.key
-rw-r--r-- 1 root root 644386 Nov 23 21:59 /etc/pacman.d/gnupg/pubring.gpg
-rw-r--r-- 1 root root 644386 Nov 23 21:59 /etc/pacman.d/gnupg/pubring.gpg~
-rw------- 1 root root      0 Nov 22 05:40 /etc/pacman.d/gnupg/secring.gpg
srwx------ 1 root root      0 Nov 23 21:59 /etc/pacman.d/gnupg/S.gpg-agent
srwx------ 1 root root      0 Nov 23 21:59 /etc/pacman.d/gnupg/S.gpg-agent.browser
srwx------ 1 root root      0 Nov 23 21:59 /etc/pacman.d/gnupg/S.gpg-agent.extra
srwx------ 1 root root      0 Nov 23 21:59 /etc/pacman.d/gnupg/S.gpg-agent.ssh
-rw-r--r-- 1 root root  49152 Nov 23 21:59 /etc/pacman.d/gnupg/tofu.db
-rw-r--r-- 1 root root  13720 Nov 23 21:59 /etc/pacman.d/gnupg/trustdb.gpg
-rw-r--r-- 1 root root  25377 Jul 10 09:42 /etc/pacman.d/mirrorlist
drwxr-xr-x 1 root root    128 Aug 21 00:03 /etc/pacman.d/repositories.d
-rw-r--r-- 1 root root     54 Aug 21 00:03 /etc/pacman.d/repositories.d/hl
-rw-r--r-- 1 root root    188 Aug 21 00:03 /etc/pacman.d/repositories.d/hl-experimental
-rw-r--r-- 1 root root     54 Aug 21 00:03 /etc/pacman.d/repositories.d/os
-rw-r--r-- 1 root root    188 Aug 21 00:03 /etc/pacman.d/repositories.d/os-experimental
-rw-r--r-- 1 root root     60 Aug 21 00:03 /etc/pacman.d/repositories.d/tools
-rw-r--r-- 1 root root    197 Aug 21 00:03 /etc/pacman.d/repositories.d/tools-experimental
-rw-r--r-- 1 root root    164 Aug 21 00:03 /etc/pacman.d/repositories.d/toyapps
[root@ubos-pc /]# echo XX list-keys
XX list-keys
[root@ubos-pc /]# pacman-key --list-keys
gpg: bad data signature from key 20E8A9C77716EB4F: Wrong key usage (0x19, 0x2)
/etc/pacman.d/gnupg/pubring.gpg
-------------------------------
pub   rsa2048 2018-11-22 [SC]
      C4F85DDC175902C414020FFC86E5B2CC4CDFAB6D
uid           [ultimate] Pacman Keyring Master Key <pacman@localhost>

pub   rsa4096 2011-11-29 [SC]
      AB19265E5D7D20687D303246BA1DFB64FFF979E7
uid           [  full  ] Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>

  (cut for length)

pub   rsa4096 2014-09-01 [SC]
      CF9DC152CFE2C869FC83C40C64FCC512CBC35F22
uid           [ultimate] UBOS buildmaster <buildmaster@ubos.net>

[root@ubos-pc /]# echo XX pacman
XX pacman
[root@ubos-pc /]# pacman -Syu
:: Synchronizing package databases...
 hl                        38.9 KiB   506K/s 00:00 [######################] 100%
 hl.sig                   588.0   B  0.00B/s 00:00 [######################] 100%
 os                       403.8 KiB  1704K/s 00:00 [######################] 100%
 os.sig                   588.0   B  0.00B/s 00:00 [######################] 100%
 tools                     32.5 KiB  0.00B/s 00:00 [######################] 100%
 tools.sig                588.0   B  0.00B/s 00:00 [######################] 100%
:: Starting full system upgrade...
 there is nothing to do
[root@ubos-pc /]# 

j12t
Posts: 110
Joined: Tue Dec 12, 2017 9:17 pm
Contact:

Re: 'unknown trust' errors when running ubos-install on amd64

Post by j12t » Sat Nov 24, 2018 3:36 am

It seems it is working now. The package databases downloaded fine and according to the transcript, while the first attempt of the list-keys failed, the second one worked after we re-imported the keys.

Could you try running the ubos-install command again?

P.S. Not obvious what went wrong here. These pacman-key commands should have run during the first boot. If you'd like to be helpful :-) it would be useful to know whether there was any obvious related error message during the very first boot: as root, journalctl should tell us.

P.S.2: On second thought, this might be something else, and I may be wrong in thinking that it might work now (please do tell). There is his strange key usage warning from gpg, which didn't actually go away on the second attempt, which I had overlooked earlier. This post has something related to that message: https://unix.stackexchange.com/question ... e-0x19-0x2

P.S.3: If the problem didn't go away, I'd love to play with your image :-) Any way you can put that somewhere I can get to it? There was this issue, and it may be the same thing: https://github.com/uboslinux/ubos-admin/issues/519

emceeaich
Posts: 4
Joined: Thu Nov 22, 2018 1:56 am

Re: 'unknown trust' errors when running ubos-install on amd64

Post by emceeaich » Sat Nov 24, 2018 6:33 am

The ubos-install command worked.

I looked through the logs from journalctl and did not see anything that looked strange until the pacman-key commands.

I think I can call this resolved for now while I try to get a site up and running.

Post Reply