"error: GPGME error: No data" when I'm trying to update

Support
,
1

When I’m trying to update using pacman, say using sudo pacman -Syyu, I’m getting a bunch of errors that I can’t seem to fix. Here’s what’s happening:

[10:48:10] snowden17_38@dell-latitude  $  ~  sudo pacman -Syyu
error: GPGME error: No data
error: GPGME error: No data
error: GPGME error: No data
error: GPGME error: No data
:: Synchronizing package databases...
 core                                        170.6 KiB   552 KiB/s 00:00 [########################################] 100%
 extra                                      1901.8 KiB  7.52 MiB/s 00:00 [########################################] 100%
 community                                     6.6 MiB  9.08 MiB/s 00:01 [########################################] 100%
 multilib                                    177.4 KiB  3.21 MiB/s 00:00 [########################################] 100%
error: GPGME error: No data
error: GPGME error: No data
error: GPGME error: No data
error: GPGME error: No data
error: failed to synchronize all databases (invalid or corrupted database (PGP signature))

Here are the contents of my /etc/pacman/conf, if that helps:

#
# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives

#
# GENERAL OPTIONS
#
[options]
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir     = /
#DBPath      = /var/lib/pacman/
CacheDir = /var/cache/pacman/pkg/
#LogFile     = /var/log/pacman.log
#GPGDir      = /etc/pacman.d/gnupg/
#HookDir     = /etc/pacman.d/hooks/
HoldPkg      = pacman glibc manjaro-system
# If upgrades are available for these packages they will be asked for first
SyncFirst    = manjaro-system archlinux-keyring manjaro-keyring
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta    = 0.7
Architecture = auto

#IgnorePkg   =
#IgnorePkg   =
#IgnoreGroup =

#NoUpgrade   =
#NoExtract   =

# Misc options
#UseSyslog
#Color
#TotalDownload
# We cannot check disk space from within a chroot environment
CheckSpace
#VerbosePkgLists

# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel    = Required DatabaseOptional
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required

# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Manjaro Linux
# packagers with `pacman-key --populate archlinux manjaro`.

#
# REPOSITORIES
#   - can be defined here or included from another file
#   - pacman will search repositories in the order defined here
#   - local/custom mirrors can be added here or in separate files
#   - repositories listed first will take precedence when packages
#     have identical names, regardless of version number
#   - URLs will have $repo replaced by the name of the current repo
#   - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
#       [repo-name]
#       Server = ServerName
#       Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#

# The testing repositories are disabled by default. To enable, uncomment the
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.

[core]
SigLevel = PackageRequired
# SigLevel = Never
Include = /etc/pacman.d/mirrorlist

[extra]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

[community]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

# If you want to run 32 bit applications on your x86_64 system,
# enable the multilib repositories as required here.

[multilib]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

# An example of a custom package repository.  See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

I’ve also tried the solutions prescribed in the following links. However, they did not work for me:

Do let me know if you need some more information. Thanks in advance.

1 Like
2

I would suggest the following recovery activity:

sudo rm -r /etc/pacman.d/gnupg
sudo pacman -Scc
sudo pacman-mirrors --country all --api --protocols all
sudo pacman -Syy gnupg archlinux-keyring manjaro-keyring
sudo pacman-key --init
sudo pacman-key --populate archlinux manjaro
sudo pacman-key --refresh-keys 
sudo pacman -Syu

Afterwards, reboot.

4

Okay, so I just executed all of these commands and rebooted the system. Still, the problem persists. It gives the same error messages like in the previous post.

However, here is something that I would like to bring to your attention: when I emptied the contents of the folder /var/lib/pacman/sync, and then if I do sudo pacman -Syyu, the errors don’t show up anymore. However, if I open Add/Remove Software (the GUI application), it shows a bunch of updates that are available, all of which are from the AUR. So, now when I proceed to update those, this dialog box shows up:

image
image1366×768 48.1 KB

Then, when I click on ‘Apply’, this dialog box appears:
image

Then, is there something wrong with this in specific?

5

However, after I ran the sudo pacman -Syy gnupg archlinux-keyring manjaro-keyring command, it asked me to run the command sudo pacman-key --init. So I ran it, and the again ran the previous one (sudo pacman -Syy gnupg archlinux-keyring manjaro-keyring). It gave a lot of errors:

:: Synchronizing package databases...
 core                                        170.6 KiB   145 KiB/s 00:01 [########################################] 100%
 extra                                      1901.8 KiB  1041 KiB/s 00:02 [########################################] 100%
 community                                     6.6 MiB  1218 KiB/s 00:06 [########################################] 100%
 multilib                                    177.4 KiB   949 KiB/s 00:00 [########################################] 100%
warning: gnupg-2.2.29-1 is up to date -- reinstalling
warning: archlinux-keyring-20210802-1 is up to date -- reinstalling
warning: manjaro-keyring-20210622-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (3) archlinux-keyring-20210802-1  gnupg-2.2.29-1  manjaro-keyring-20210622-1

Total Installed Size:  11.43 MiB
Net Upgrade Size:       0.00 MiB

:: Proceed with installation? [Y/n] Y
(3/3) checking keys in keyring                                           [########################################] 100%
downloading required keys...
:: Import PGP key FC1B547C8D8172C8, "Levente Polyak <anthraxx@archlinux.org>"? [Y/n] Y
:: Import PGP key 6D42BDD116E0068F, "Christian Hesse <arch@eworm.de>"? [Y/n] Y
:: Import PGP key 428F7ECC7117F726, "Helmut Stult <helmut@manjaro.org>"? [Y/n] Y
(3/3) checking package integrity                                         [########################################] 100%
error: gnupg: signature from "Levente Polyak <anthraxx@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/gnupg-2.2.29-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] Y
error: archlinux-keyring: signature from "Christian Hesse (Arch Linux Package Signing) <arch@eworm.de>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20210802-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] Y
error: manjaro-keyring: signature from "Helmut Stult (schinfo) <helmut.stult@schinfo.de>" is unknown trust
:: File /var/cache/pacman/pkg/manjaro-keyring-20210622-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] Y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
1 Like
6

Looks like your local signatures are expired and/or invalid and are preventing you from installing the keyring and gnupg packages.

It’s kind-of a catch-22: the local signatures need to be updated to function, but the signatures on the packages containing the required updates don’t match any valid local ones, and thus are prevented from installing.

The fix is simple, but a bit of a security risk. The signatures are there to protect you against MITM (man in the middle) attacks. However, in order to install the new signatures in your system’s current state, you’ll need to temporarily disable those checks.

(@Wollie , let us know if there’s a better way to do this, as I’d be interested in an alternative)

The 5 lines of code below should resolve the issue. They essentially do the following:

  • backup current pacman.conf
  • turn off all signature checks
  • download/install gnupg and keyring packages (ignore manjaro-system updates for now)
  • restore original pacman.conf settings (which turns signature checks back on)
  • update system

(If any of the below commands fail, please post the output here and do not continue.)

sudo cp -f "/etc/pacman.conf" "/etc/pacman.conf.orig"
sudo sed -i 's/SigLevel.*/SigLevel = Never/' /etc/pacman.conf
sudo pacman -Syy gnupg archlinux-keyring manjaro-keyring --ignore manjaro-system
sudo mv -f "/etc/pacman.conf.orig" "/etc/pacman.conf"
sudo pacman -Syu

NOTE: normally you would want to refresh the keys afterward, but there is currently an issue that causes one of the main maintainer signatures to become expired upon doing that, resulting in the inability to install packages signed by that maintainer. (EDIT: maintainer signature issue has been resolved as of 2021/08/23)

3 Likes
7

Thanks a lot! I ran all of the 5 enlisted commands, none of them gave an error. Now, the signature errors don’t show up anymore. However, do I need to do something the next time I get some updates? To the best of my understanding, /etc/pacman.conf is now back to being what it was before in line 4. So, is there anything I need to change back to?

8

Glad to hear. You should be good to go for future updates as far as the keyring signature issue is concerned.

You can verify that signature checking is in place by verifying that none of the SigLevel settings in /etc/pacman.conf are set to “Never”. You can further compare it to the following pacman.conf from a fresh install of manjaro 21.1:

pacman.conf 
#
# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives

#
# GENERAL OPTIONS
#
[options]
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir     = /
#DBPath      = /var/lib/pacman/
CacheDir = /var/cache/pacman/pkg/
#LogFile     = /var/log/pacman.log
#GPGDir      = /etc/pacman.d/gnupg/
#HookDir     = /etc/pacman.d/hooks/
HoldPkg      = pacman glibc manjaro-system
# If upgrades are available for these packages they will be asked for first
SyncFirst    = manjaro-system archlinux-keyring manjaro-keyring
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta    = 0.7
Architecture = auto

# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
#IgnorePkg   =
#IgnoreGroup =

#NoUpgrade   =
#NoExtract   =

# Misc options
#UseSyslog
#Color
#TotalDownload
# We cannot check disk space from within a chroot environment
CheckSpace
#VerbosePkgLists

# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel    = Required DatabaseOptional
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required

# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Manjaro Linux
# packagers with `pacman-key --populate archlinux manjaro`.

#
# REPOSITORIES
#   - can be defined here or included from another file
#   - pacman will search repositories in the order defined here
#   - local/custom mirrors can be added here or in separate files
#   - repositories listed first will take precedence when packages
#     have identical names, regardless of version number
#   - URLs will have $repo replaced by the name of the current repo
#   - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
#       [repo-name]
#       Server = ServerName
#       Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#

# The testing repositories are disabled by default. To enable, uncomment the
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.

[core]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

[extra]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

[community]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

# If you want to run 32 bit applications on your x86_64 system,
# enable the multilib repositories as required here.

[multilib]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

# An example of a custom package repository.  See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

At some point (hopefully soon), manjaro devs will fix the expired maintainer key currently provided by the public keyserver. When they do, you’ll want to run sudo pacman-key --refresh-keys to ensure you have the latest signatures. That is something I normally run every couple months or so on an automated basis to avoid signature-related errors on non-core packages.

1 Like
9

Alright, got it. Thanks a lot for your help! :smile:

10

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.