Invalid or corrupted database (PGP signature), Need Help

Having an issue with updating the system as well as packages. I keep on getting this error and I’ve googled and done the things I’ve found and none have worked. How do I fix this issue?

What I’ve Done:

1. “Failed to prepare transaction” in Manjaro usually indicates dependency conflicts, corrupted databases, or outdated mirrors. To fix it, update mirrors (sudo pacman-mirrors -f), refresh databases (sudo pacman -Syyu)," Could not do the next step because I have no idea where to find the info or wtf its talking about.

Screenshot_2026-04-30_16-21-27668×226 32.5 KB

2. Tried a couple of other things in the terminal the other day and don’t remember what they were, I was hoping for this to work by now.

Screenshot_2026-04-30_16-15-451366×768 71.1 KB

Screenshot_2026-04-30_16-16-231366×768 66.4 KB

Screenshot_2026-04-30_16-16-371366×768 63.5 KB

Help would be greatly appreciated. Thanks.

Open a Terminal. Then run:

sudo pacman -S archlinux-keyring manjaro-keyring

After that, run:

sudo pacman -Syu

Do not get me wrong, we will try to help, but your general way of asking and attitude towards the OS make me wonder

That is one of the things I’ve tried in the past, it did not work. Here’s the result of the first thing…

sudo pacman -S archlinux-keyring manjaro-keyring
[sudo] password for herzeleidmeister: 
error: GPGME error: No data
error: GPGME error: No data
error: GPGME error: No data
error: database 'core' is not valid (invalid or corrupted database (PGP signature))
error: database 'extra' is not valid (invalid or corrupted database (PGP signature))
error: database 'multilib' is not valid (invalid or corrupted database (PGP signature))

@Teo
I’ve used Manjaro many times before and never had these issues on the same exact laptop as I’m on now. Technically I’m not a newbie to this distro or computers. That being said my problems with remembering things are because I’ve had a TBI in the past and I have disabilities that sometimes limit my memory skills. I did not use any attitude with you or anyone else in my previous post. Why you assume things is beyond me.

Mod edit: Consecutive posts merged and formatting corrected.

Hi,
I got the same error message a long time ago and i used these commands.

sudo rm /var/lib/pacman/sync/*

sudo pacman-mirrors -g
sudo pacman -Syyu

Do a backup of the sync folder before, just in case, idk if it’s still valid way of doing…
(i used -g option for world mirrors, because the chosen mirror may be the issue, then chose back a closer mirror after, if the fix works).
I hope it may help.

That’s the correct first step.

Now you are getting PGP signature errors.

Make sure your system clock is accurate first. Many encryption systems depend on correct time, and this is one of them.

Good chance it’s a problem with the keyring, so I’d just rebuild it entirely.

So the next steps after running the above pacman -S .. command are:

# Nuke keyrings
sudo rm -rf /etc/pacman.d/gnupg

# Rebuild it
sudo pacman-key --init
sudo pacman-key --populate archlinux manjaro

# Optional, but probably won't hurt to clear old cache
sudo pacman -Sc

# And finally
sudo pacman -Syyu

And hopefully that’s it.

That’s right “attitude” is the wrong word in this context - I think Todor meant “approach (to solve the problem)”. The error message shows the PGP signatures don’t fit. So first step is

sudo pacman -S archlinux-keyring manjaro-keyring

but this isn’t sufficient see @Molski’s post for the rest of it, ie, one has to rebuild pacman’s keyring. Actually nothing else makes sense.

These LLMs are text generators - they won’t solve problems other than by accident, and blindly following their answers has a good chance to cause more accidents.

Indeed. Especially if you know you have memory problems it is important to write down what you did so that you can undo it, if needed.

On the topic it seems to me you have both problems - signatures and database, solutions for both are already given.

Now if that is not enough it will be important to post the full error and comand. Copy from terminal, paste in the forum, the right tag is code, the button </>. Do not post pictures of text.

If any other solution fails, this one should work:

There were also a script to help you:

You could do e.g.:

history | tail -50

Adjust the number accordingly, for how many you want.

Still had some error messages…

sudo rm -rf /etc/pacman.d/gnupg

sudo pacman-key --init
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/D461BD25914CF5A3EA5EDB95F18AF83A881BF4BF.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u

sudo pacman-key --populate archlinux manjaro
==> Appending keys from archlinux.gpg...
==> Appending keys from manjaro.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signed 23 keys.
==> Importing owner trust values...
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: inserting ownertrust of 4
gpg: setting ownertrust to 4
gpg: inserting ownertrust of 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: inserting ownertrust of 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
==> Disabling revoked keys in keyring...
  -> Disabled 60 keys.
==> Updating trust database...
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
gpg: (use option "--allow-weak-key-signatures" to override)
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:  21  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:  21  signed: 101  trust: 0-, 0q, 0n, 21m, 0f, 0u
gpg: depth: 2  valid:  75  signed:  19  trust: 75-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2026-05-06

sudo pacman -Sc
error: GPGME error: No data
error: GPGME error: No data
error: GPGME error: No data
Packages to keep:
  All locally installed packages

Cache directory: /var/cache/pacman/pkg/
:: Do you want to remove all other packages from cache? [Y/n] y
removing old packages from cache...
error: could not open file /var/cache/pacman/pkg/download-7zLztj: Error reading fd 7

Database directory: /var/lib/pacman/
:: Do you want to remove unused repositories? [Y/n] y
removing unused sync repositories...

sudo pacman -Syyu
error: GPGME error: No data
error: GPGME error: No data
error: GPGME error: No data
:: Synchronizing package databases...
error: failed to synchronize all databases (unable to lock database)

For some context. This is an old laptop it ran Windows 10 and would not upgrade to 11. I’ve probably had it for at least 10 years-ish. So if there is some possibility that maybe the problem please let me know.

Mod edit: Fixed post formatting.

One question, how long has been since the last system update? If more than three months, may be this is the fastest solution (change to verify only package signatures):

I just installed the latest Manjaro from the downloads area about two weeks ago. Everything seemed fine until I wanted to actually add software in add/remove software. The install seemed to be missing some repositories (but I’m guessing its supposed to not have all of them). So I added them, after that this is what I get with the weird database thing.

Which repositories were missing?

A fresh install should not miss any of the repositories and it should not be necessary to add any.

This should have been your very first post. @Molski’s instructions do work if it had been only about screwed up PGP signatures. But you did something different (and completely unexpected) to your system which caused the problem in the first place. How could anyone know about this unless you tell them so? Please post the output of inxi -zv8 and perhaps you find what was done in the shell history, see

The complete data should be in ~/.zhistory if you use zsh (which is the default shell on Manjaro).

There is way more to this than the OP is telling i am afraid. It is good to remember, in our heads we compare the situation with a pristine system and give troubleshooting steps for 1-2 problems at a time. Not a cascade of mistakes on a completely borked system with gazillion of problems (which i suspected seeing snapd from git…).
The fact that reinit and repopulating the keys did not fill the key store only says the keys package is broken. At that point it either has to be manually reinstalled as per the wiki article “pacman - problems with keys” OR you have to completely disable key verification temporarily as per the forum tutorial above.
So let’s escape the curse of the signatures for a bit, disable them, and focus on the broken package database first.

Good point! I tend to forget this is the default. I assumed history would work the same in zsh though? I should try it, but it’s not on my machines at present.

I must apologise - i didn’t look at the screenshots. There isn’t a single Manjaro package shown. Only Flatpaks and AUR. snapd from the AUR although it is in the official repo? What is going on there?

I wonder what repos did he add. Arch…Chaotic? I really hope this is not the case but let’s see the inxi.

$ echo $0
-zsh
$ diff <(history | tr -s ' ' | cut -d' ' -f3-) <(tail -15 ~/.zhistory)                                                             ✔
1,2d0
< diff <(history) <(tail -15 ~/.zhistory)
< diff <(history | tr -s ' ' | cut -d' ' -f3-) <(tail -15 ~/.zhistory)
16a15
> diff <(history | tr -s ' ' | cut -d' ' -f3-) <(tail -15 ~/.zhistory)

They’re the same! No idea why the last command is the only different one.