A thorough guide about keyring is found at
This screenshot is 2023-06-16T11:57:00Z
Pick the latest
sudo pacman -U https://mirror.easyname.at/manjaro/pool/overlay/manjaro-keyring-20230616-1-any.pkg.tar.xz
1 Like
Dont want to step on the toes of the Danish guru above but…
If you open a terminal and type pamac upgrade do you get any errors? If not, you are most likely fine.
If you DO get errors, this would be a perfect time to use timeshift (if you have that setup).
Restore to a last working session and do not manually update the keys. 
But the above solution by @linux-aarhus looks way more fun. xD
1 Like
It was fine (well now with 20230616-1 is newer than core)
sudo pacman -U https://mirror.easyname.at/manjaro/pool/overlay/manjaro-keyring-20230616-1-any.pkg.tar.xz
[sudo] password for teo:
:: Retrieving packages...
manjaro-keyring-... 562,9 KiB 2,11 MiB/s 00:00 [######################] 100%
loading packages...
resolving dependencies...
looking for conflicting packages...
Packages (1) manjaro-keyring-20230616-1
Total Installed Size: 0,73 MiB
Net Upgrade Size: 0,00 MiB
:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring [######################] 100%
(1/1) checking package integrity [######################] 100%
(1/1) loading package files [######################] 100%
(1/1) checking for file conflicts [######################] 100%
(1/1) checking available disk space [######################] 100%
:: Running pre-transaction hooks...
(1/1) Creating Timeshift snapshot before upgrade...
==> skipping timeshift-autosnap due skipRsyncAutosnap in /etc/timeshift-autosnap.conf set to TRUE.
:: Processing package changes...
==> Delete expired Key by Jonas Strassel
==> Updating trust database...
gpg: next trustdb check due at 2023-07-07
(1/1) upgrading manjaro-keyring [######################] 100%
==> Appending keys from manjaro.gpg...
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
==> Locally signing trusted keys in keyring...
==> ERROR: 3B794DE6D4320FCE594F4171279E7CF5D8D56EC8 could not be locally signed.
error: command failed to execute correctly
:: Running post-transaction hooks...
(1/1) Arming ConditionNeedsUpdate...
Does it look ok? I mean the
==> ERROR: 3B794DE6D4320FCE594F4171279E7CF5D8D56EC8 could not be locally signed.
error: command failed to execute correctly
part?
The key which you have trouble with is the buildserver key
$ gpg --list-keys 3B794DE6D4320FCE594F4171279E7CF5D8D56EC8
pub rsa3072/0x279E7CF5D8D56EC8 2020-10-28 [SC]
3B794DE6D4320FCE594F4171279E7CF5D8D56EC8
uid [ unknown] Manjaro Build Server <build@manjaro.org>
sub rsa3072/0x890DF5D5A286BBC1 2020-10-28 [E]
I recommend resetting the keys using the above linked wiki page.
It did not make any difference. I followed the “improved version” of the troubleshooter, even replaced the manjaro keyring with the new version… still
[teo@teo-lenovo-v15 ~]$ sudo pacman -U $HOME/.cache/pkg/*.tar.xz
loading packages...
warning: manjaro-keyring-20230616-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...
Packages (1) manjaro-keyring-20230616-1
Total Installed Size: 0,73 MiB
Net Upgrade Size: 0,00 MiB
:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring [########################################################] 100%
(1/1) checking package integrity [########################################################] 100%
(1/1) loading package files [########################################################] 100%
(1/1) checking for file conflicts [########################################################] 100%
(1/1) checking available disk space [########################################################] 100%
:: Running pre-transaction hooks...
(1/1) Creating Timeshift snapshot before upgrade...
==> skipping timeshift-autosnap due skipRsyncAutosnap in /etc/timeshift-autosnap.conf set to TRUE.
:: Processing package changes...
(1/1) reinstalling manjaro-keyring [########################################################] 100%
==> Appending keys from manjaro.gpg...
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
==> Locally signing trusted keys in keyring...
==> ERROR: 3B794DE6D4320FCE594F4171279E7CF5D8D56EC8 could not be locally signed.
error: command failed to execute correctly
:: Running post-transaction hooks...
(1/1) Arming ConditionNeedsUpdate...
[teo@teo-lenovo-v15 ~]$
I have this same error today, and also had a similar one a few months back.
Linux-aarhus,
Regarding the Pacman troubleshooting link you posted. It’s not terribly obvious that the first set of commands does not work. The blue info box further down certainly states this, but I have to question why those original commands that no longer work are still posted there?
I tried the first set of commands, and it absolutely posted errors on the second one.
I have to assume the updated info commands worked on my system. I don’t know enough about this to know one way or another unless more error messages show on Pamac GUI when updating.
I actually even did populate as per the old guide. Same result (archlinux fine, manjaro - 37B…error). Than i did refresh. If i now run populate, i get even more errors. So much said for the Wiki…
[teo@teo-lenovo-v15 ~]$ sudo pacman-key --populate archlinux manjaro
[sudo] password for teo:
==> Appending keys from archlinux.gpg...
gpg: public key DB323392796CA067 is 3037 days newer than the signature
==> Appending keys from manjaro.gpg...
gpg: public key DB323392796CA067 is 3037 days newer than the signature
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
==> Locally signing trusted keys in keyring...
==> ERROR: 3B794DE6D4320FCE594F4171279E7CF5D8D56EC8 could not be locally signed.
[teo@teo-lenovo-v15 ~]$
Guys, we have it. Just update normally with sudo pacman -Syu
The new version 20230616-3 that appeared seconds ago resolves the errors (expired key by Jonas Strassel i guess).
I know this is open source but still, sometimes it is better to just say in advance “We are sorry we have a BUG and we are working on it”…instead of waiting the users to panic, post topics, and break their systems attempting to fix what is not broken. That is the Microsoft approach…
hmmmm…
Yeah, not sure your anger is 100% valid here. xD
I get you though, it’s frustrating sometimes, but it usually also gets solved in the end.
Get some precautions setup like timeshift and a backup solution so if something happens in the future, you have simple ways out of it so you can retry whatever was happening.
There is a ton of good stuff to learn from browsing Tutorials - Manjaro Linux Forum
I agree the information the page contained was less than optimal.
I have validated the process of fixing the keyrings and I have edited the English page source - translators will have to followup on their translations.
2 Likes
manjaro-keyring 20230616-3 still produces the error messages
If the last lines bleow the errors looks similar to this, you are ok:
==> Locally signing trusted keys in keyring...
-> Locally signed 3 keys.
==> Importing owner trust values...
gpg: setting ownertrust to 4
==> Disabling revoked keys in keyring...
-> Disabled 8 keys.
==> Updating trust database...
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 21 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 21 signed: 96 trust: 0-, 0q, 0n, 21m, 0f, 0u
gpg: depth: 2 valid: 73 signed: 27 trust: 73-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2023-07-07
Running post-transaction hooks...
Arming ConditionNeedsUpdate... [1/2]
Refreshing PackageKit... [2/2]
Transaction successfully finished.
I also got errors while doing the commands on the page
Maybe you forgot to delete old keys? Or to init? Why don’t you post the commands and output from your terminal. Just start a new, then grab everything and paste it in code tags.
No I did it right and it still producing errors
This looks like an clock issue - a dead cmos battery on 10y old mainboard?
Of course - taking into account - the nature of the entire topic - it is not conclusive - but it sure looks like it.
And the buildkey
I have tested the commands for resetting the keyrings - several times - open a terminal and execute - in order the following excerpt from my test vm - of course if you read this thread in 6months from 2023-06-16T22:00:00Z the filenames will be different
55 curl -O https://mirror.easyname.at/manjaro/pool/overlay/manjaro-keyring-20230616-3-any.pkg.tar.xz
56 curl -O https://mirror.easyname.at/manjaro/pool/sync/archlinux-keyring-20230504-1-any.pkg.tar.zst
57 sudo rm -r /etc/pacman.d/gnupg
58 sudo pacman-key --init
59 sudo pacman -U manjaro-keyring*.pkg.tar.xz archlinux-keyring*.pkg.tar.zst
Lines like below can be safely ignored
gpg: error reading key: No public key
Resetting the keys works fine by me after the 16-3 version. The last time i did it according to the corrected version of the old wiki, which was essentially the new wiki. To sum up: i did not use --refresh-keys.
The time issue occured on my previous attempts with --refresh keys. I do not thik its was that good of a decision that command so i did not do it after the newest reset. Explanation: it run about 15 minutes, it contacted dosens of servers, some of them unreachable, it deleted dosens of cetrificates, it added dosens new, and it trew error on another dosen, so it basically just messes the things up.
I can try again if you want just for the sake of debugging (just tell me again the command because is not in the wiki anymore).
The laptop is 1 month old, the battery should be fine. And the first thing was to install ntp. I am dual booting with windows however, so it messes the clock from UTC to RTC after rebooting (GMT+2 DST, so it can be 2 hours off after rebooting, but it was not yesterday).
But 2 hours are not 3000 days…
So i don’t want to use the word bug 
again but it seems a little like it. There is probably some certificate with messed date, from the dosens that are fetched from who knows where with -refresh command.
It was just an observation - and a guess on a the probable cause.
In my test there was no need to execute other commands.
[fh@lxqt ~]$ pacman-mirrors
Pacman-mirrors version 4.23.2
Local mirror status for stable branch
Mirror #1 OK 00:17 Austria https://mirror.easyname.at/manjaro/
After the reset described - pacman functioned as expected
[fh@lxqt ~]$ sudo pacman -Syyu
:: Synchronizing package databases...
core 143,6 KiB 756 KiB/s 00:00 [-----------------] 100%
extra 1636,8 KiB 3,61 MiB/s 00:00 [-----------------] 100%
multilib 145,5 KiB 674 KiB/s 00:00 [-----------------] 100%
:: Starting full system upgrade...
there is nothing to do
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.