Getting invalid or corrupted package (PGP signature) error when updating

T-Fen · 24 December 2022 00:30

Below is an example of the output I’m getting:

error: speedtest-cli: signature from "Felix Yan <felixonmars@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/speedtest-cli-2.1.3-2-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

This just started happening about a week ago.

For my last update, I edited /etc/pacman.conf and changed the line

SigLevel = Required DatabaseOptional
to look like this:
SigLevel = Optional TrustAll
then ran these:

sudo rm -f /var/lib/pacman/sync/*
sudo pacman-mirrors --continent
sudo pacman-mirrors --api --protocol https
sudo pacman -Scc
sudo pacman -Syyu

per another post in the forums here titled: “Unable to update my system due to signing key errors”

But I get the error above once I restored the line to:
SigLevel = Required DatabaseOptional

I have no idea what may have caused this issue with the PGP signatures nor how to fix.

Any and all suggestions appreciated.

Thanks!

alklined · 24 December 2022 03:49

try refreshing keys using pacman-keys --refresh-keys .

T-Fen · 24 December 2022 11:54

After doing that I am still getting the same issue, at least with the keys it’s trying to validate when installing handbrake.

I did get a number of errors such as

==> ERROR: Could not update key: E3B3F44AC45EE0AA
gpg: error retrieving 'flower_of_life@gmx.net' via WKD: Connection timed out
gpg: error reading key: Connection timed out
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: keyserver refresh failed: Server indicated a failure

Trying to install handbrake after refreshing the keys results in

:: Retrieving packages...
 numactl-2.0.16-1-x86_64                                                                                                                              79.2 KiB   180 KiB/s 00:00 [##############################################################################################################] 100%
 handbrake-1.5.1-2-x86_64                                                                                                                             12.5 MiB  7.25 MiB/s 00:02 [##############################################################################################################] 100%
 Total (2/2)                                                                                                                                          12.6 MiB  7.09 MiB/s 00:02 [##############################################################################################################] 100%
(2/2) checking keys in keyring                                                                                                                                                   [##############################################################################################################] 100%
(2/2) checking package integrity                                                                                                                                                 [##############################################################################################################] 100%
error: numactl: signature from "David Runge <dvzrv@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/numactl-2.0.16-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: handbrake: signature from "Evangelos Foutras <evangelos@foutrelis.com>" is unknown trust
:: File /var/cache/pacman/pkg/handbrake-1.5.1-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

Specifically for one of the signatures in question, here is the relevant output when refreshing the keys with pacman-key --refresh-keys

gpg: error retrieving 'evangelos@foutrelis.com' via WKD: No data
gpg: error reading key: No data
gpg: key 51E8B148A9999C34: "Evangelos Foutras <evangelos@foutrelis.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
pub   rsa2048 2010-11-12 [SC]
      86CFFCA918CF3AF47147588051E8B148A9999C34
uid           [  undef ] Evangelos Foutras <evangelos@foutrelis.com>
uid           [  undef ] Evangelos Foutras <foutrelis@archlinux.org>
uid           [  undef ] Evangelos Foutras <foutrelis@gmail.com>
sub   rsa2048 2010-11-12 [E]

Nachlese · 24 December 2022 19:32

You are likely missing a step - try to search for the issue, like I did.

Failed to commit transaction (invalid or corrupted package (PGP signature))

first post and the solution there mentioned

or still slightly different, like in the second code block here:

Pacman: invalid or corrupted package (PGP signature)

mithrial · 24 December 2022 19:37

Did you check any of the solutions from the search function?

Zesko · 24 December 2022 19:40

Try to run $ sudo pacman -Fy if it helps.

T-Fen · 26 December 2022 00:14

Thank you. Following the first thread appears to have resolved the issue

system · 28 December 2022 14:15

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.