Cannot update system; getting invalid or corrupted package (PGP signature) error

update
xfce

#1

I am using Manjaro XFCE. I am unable to update the system due to PGP error. Last time I was able to update system using pacli, but this time it is not working.

On trying to update, I get such errors

error: iana-etc: signature from "Gaetan Bisson <gaetan@fenua.org>" is unknown trust
:: File /var/cache/pacman/pkg/iana-etc-20170512-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: ncurses: signature from "Lukas Fleischer <lfleischer@lfos.de>" is invalid
:: File /var/cache/pacman/pkg/ncurses-6.0+20170429-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: glib2: signature from "Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/glib2-2.52.2+1+gb8bd46bc8-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: icu: signature from "Andreas Radke <andyrtr@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/icu-59.1-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: libxml2: signature from "Andreas Radke <andyrtr@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/libxml2-2.9.4+16+g07418011-2-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 

pacli does not work. I tried manual method mentioned here Invalid or corrupted package (PGP signature) and here https://wiki.manjaro.org/index.php/Pacman_troubleshooting#Errors_about_Keys

But on trying to install keyrings using command

sudo pacman -Sy gnupg archlinux-keyring manjaro-keyring

I get same errors

:: Proceed with installation? [Y/n] 
(3/3) checking keys in keyring                                                             [#####################################################] 100%
(3/3) checking package integrity                                                           [#####################################################] 100%
error: gnupg: signature from "Gaetan Bisson <gaetan@fenua.org>" is unknown trust
:: File /var/cache/pacman/pkg/gnupg-2.1.21-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: archlinux-keyring: signature from "Bartlomiej Piotrowski <b@bpiotrowski.pl>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20170320-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: manjaro-keyring: signature from "Philip Müller (Called Little) <philm@manjaro.org>" is unknown trust
:: File /var/cache/pacman/pkg/manjaro-keyring-20160527-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

What should I do?


#2

Please try first
sudo pacman-mirrors -g
sudo pacman -Syy gnupg archlinux-keyring manjaro-keyring


#3

Same error again.

error: gnupg: signature from "Gaetan Bisson <gaetan@fenua.org>" is unknown trust
:: File /var/cache/pacman/pkg/gnupg-2.1.21-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).

#4

Try the following commands:

sudo rm -R /etc/pacman.d/gnupg/
sudo rm -R /root/.gnupg/ 
sudo gpg --refresh-keys
sudo pacman-key --init && pacman-key --populate archlinux manjaro
sudo pacman-key --refresh-keys
sudo pacman -Syyu

Issues with "signature is marginal trust" or "invalid or corrupted package"
What permissions should the gnupg directory be set to?
Issues with "signature is marginal trust" or "invalid or corrupted package"
#5

Did this. Still the same error. I don’t think packages are really corrupted because I already have downloaded them twice.


#6

If all else fails you can try a little extreme solution disabling pgp signature from /etc/pacman.conf in order to do the updates and change back after you successfully update.

https://wiki.archlinux.org/index.php/Pacman/Package_signing#Disabling_signature_checking
http://www.cupoflinux.com/SBB/index.php/topic,2959.msg20113.html#msg20113


Issues with "signature is marginal trust" or "invalid or corrupted package"
#7

OK. I’ll re download the packages one final time and if it doesn’t work, I’ll go with this option.

Btw there is another issue. The mirrors seem to have slowed down too much for last 3 days. I wonder if I have indeed been a victim of MITM.


#8

Then first take a look here:


#9

It worked this time on re downloading the packages. Maybe they were really corrupted.


closed #10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.