A quick win you should add to your power shell scripts whenever you execute a binary file by doing an integrity check based on checksums.
$pathToBinaryFile = "/your/file.path"
$pathToSha1File = $($pathToBinaryFile + ".sha1")
If (test-path $pathToBinaryFile) {
$calculatedFileHash = Get-FileHash -LiteralPath $pathToBinaryFile -Algorithm SHA1
$sha1FileContent = Get-Content $pathToSha1File
Write-Host ":: Checking file integrity."
#we are expecting a sha1 file with one line of content.
# this one line should look like:<file name>\t<sha1 sum>
#we are exploding the expected content by " "
# first array entry is <file name>
# second array entry is \t
# third array entry is <sha1 sum>
$expectedFileHash = $sha1FileContent.Split(" ")[2]
If ($expectedFileHash -ne $calculatedFileHash.HASH) {
Write-Host $(" Binary file integrity check failed. Expected checksum >>" + $expectedFileHash + "<<, current checksum >>" + $calculatedFileHash.HASH + "<<.")
}
}
A bit more advanced script can be found here in my examples collection.
I ran into this error error: archzfs: signature from "ArchZFS Bot <buildbot@archzfs.com>" is unknown trust on multiple machines over the last days.
Since one machine was working which is also running one of my dns servers, I was searching into this direction.
After a while, I switched all my machines using this one dns server without fixing the real issue.
Furthermore, by just trying to refresh keys with sudo pacman-key --refresh-keys, I ran into another error: gpg: WARNING: Tor is not running.
I could solve this with a one liner:
echo "no-use-tor" >> ~/.gnupg/dirmngr.conf
Next step was finally to delete the broken key and re-import ist again.