Issue with the Wiki

I recently restored a snapshot and am having issues with repeating the upgrade.

The main issues appear to be with keys, so I have tried a few steps.

Right now I wanted to try fixing my keys using the Pacman Troubleshooting Wiki.

Following the Wiki:

sudo pacman-mirrors -c Global
sudo pacman -Syyu

First errors appear (after download) prompting all the packages in turn (if accept remove, then it re-downloads and repeats this step):

error: iana-etc: signature from "Jelle van der Waa <jelle@archlinux.org>" is unknown trust File /var/cache/pacman/pkg/iana-etc-20230524-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]

So now I decided to remove dysfunctional keyrings:
sudo rm -r /etc/pacman.d/gnupg

Next we must Initialize pacman keyring:

sudo pacman-key --init                                                              ✔   9:16:19 am +07 
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/2B43B298691339706E8EF995F4E5CC0DE59453A8.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u

• Everything seems good to me. Done.

However, I am unable to follow the next section of the Wiki. Something is not explicit here:

Install the downloaded packages Assuming the files is the current folder and using wildcard so you don’t have to deal with dates and versions - remove the packages after successful installation

The command obviously fails:

❯ sudo pacman -U manjaro-keyring*.pkg.tar.xz archlinux-keyring*.pkg.tar.zst
zsh: no matches found: manjaro-keyring*.pkg.tar.xz

And so I am left, obviously with the same problem.

It is right there in the Wiki as step 1: Download the new keyring packages

user $ rm manjaro-keyring* archlinux-keyring*

I saw that.

I cannot see this command doing that… and it does not state what ‘the current folder’ is either - my terminal’s ‘current folder’ is ~

However, simply installing manjaro-keyring and archlinux-keyring does not fix the problem. Keys are still messed up…

Quick test:

sudo pacman -S strawberry-qt5                                          ✔   5s  10:14:07 am +07 
resolving dependencies...
looking for conflicting packages...

Packages (1) strawberry-qt5-1.0.18-1

Total Download Size:    6.16 MiB
Total Installed Size:  13.57 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
 strawberry-qt5-1.0.18-1-x86_64           6.2 MiB  14.9 MiB/s 00:00 [-------------------------------------] 100%
(1/1) checking keys in keyring                                      [-------------------------------------] 100%
(1/1) checking package integrity                                    [-------------------------------------] 100%
error: strawberry-qt5: signature from "TNE <tne@garudalinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/strawberry-qt5-1.0.18-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 

strawberry-qt5 is not in the Manjaro repository.

Evidently.

Screenshot_20230717_1017221043×887 104 KB

You refer to it as ‘step 1’ - but this is not evident.

Screenshot_20230717_101931987×107 16.3 KB

And the step to which I refer I can read - and you cannot explicitly explain what it means or what to do, right?

Also I tried this:

If you want to remove or reset all the keys installed in your system, you can remove /etc/pacman.d/gnupg folder as root and rerun pacman-key --init followed by pacman-key --populate archlinux to re-add the default keys. If archlinux-keyring is not up-to-date, it may be necessary to run pacman -S archlinux-keyring before a full system update.

I removed /etc/pacman.d/gnupg.
I also did pacman-key --populate archlinux manjaro, I get a string of errors (gpg: error reading key: No public key) followed by ‘locally signing 23 keys’ and ‘importing owner trust values’ followed by Disabling revoked keys (44 of those).

strawberry-qt5 is in AUR

However, micro also fails:

sudo pacman -S micro                                                          ✔  10:38:22 am +07 
warning: micro-2.0.11-4 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (1) micro-2.0.11-4

Total Installed Size:  11.89 MiB
Net Upgrade Size:       0.00 MiB

:: Proceed with installation? [Y/n] 
(1/1) checking keys in keyring                                      [-------------------------------------] 100%
downloading required keys...
:: Import PGP key C32217F6F13FF192, "Alexander Rødseth <rodseth@gmail.com>"? [Y/n] 
(1/1) checking package integrity                                    [-------------------------------------] 100%
error: micro: signature from "Alexander F. Rødseth <xyproto@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/micro-2.0.11-4-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

Some weeks ago there was a great deal of confusion about that page - it described two methods where one was not supposed to work.

The instructions was simplified and veified to be working. The below quote has been amended from wiki formatting to forum formatting

Download the new keyring packages Before you download ensure no keyring packages is in the current folder.

rm manjaro-keyring* archlinux-keyring*

Use either your browser or curl to download. Using curl assumes you know the correct package name as located with the mirror. Replace YYYYMMDD-R as available from the mirror.

curl -O https://mirror.easyname.at/manjaro/pool/overlay/manjaro-keyring-YYYYMMDD-R-any.pkg.tar.xz
curl -O https://mirror.easyname.at/manjaro/pool/sync/archlinux-keyring-YYYYMMDD-R-any.pkg.tar.zst

Remove the dysfunctional keyrings by entering this command:

sudo rm -r /etc/pacman.d/gnupg

Initialize the pacman keyring:

sudo pacman-key --init

Install the downloaded packages Assuming the files is the current folder and using wildcard so you don’t have to deal with dates and versions - remove the packages after successful installation

sudo pacman -U manjaro-keyring*.pkg.tar.xz archlinux-keyring*.pkg.tar.zst

further down, below the warning and the two info boxes
get the packages.

Use either your browser or curl to download. Using curl assumes you know the correct package name as located with the mirror. Replace YYYYMMDD-R as available from the mirror.

user $ curl -O https://mirror.easyname.at/manjaro/pool/overlay/manjaro-keyring-YYYYMMDD-R-any.pkg.tar.xz COPY TO CLIPBOARD

user $ curl -O https://mirror.easyname.at/manjaro/pool/sync/archlinux-keyring-YYYYMMDD-R-any.pkg.tar.zst

They will then be downloaded to and be in the current directory - wherever that is
~ is fine
just don’t change directory during the process

It may be. But you are being dishonest, because you are pulling it from some unsupported repo.

Wow, okay - well with all the confusion I decided it might be time to go with a fresh install.

Interestingly, after a fresh install - when I started the update I also got a warning about keys…

Error while configuring manjaro-keyring
Error while configuring manjaro-keyring
Error while configuring manjaro-keyring
Error while configuring manjaro-keyring
Error while configuring manjaro-keyring
Error while configuring manjaro-keyring
Error while configuring manjaro-keyring
Error while configuring manjaro-keyring
A restart is required for the changes to take effect.

So I’m hoping that this will disappear pretty soon, just copying some stuff over now.

A simple cache clean and other few commands should be enough though. (plus maybe removing that repo)

Well now the problem is really upsetting me.

I reinstalled. I installed authy, and also kwin-scripts-forceblur.

Now I have familiar errors… only since the update.

Download of kwin-scripts-forceblur (0.6.1-1.3) started                                                                                                         
Download of kwin-scripts-forceblur (0.6.1-1.3) finished                                                                                                        
Download of authy (2.3.0-1.3) started                                                                                                                          
Download of authy (2.3.0-1.3) finished                                                                                                                         
Checking keyring...                                                                                                                                   [114/114]
Checking integrity...                                                                                                                                 [114/114]
Error: authy: signature from "TNE <tne@garudalinux.org>" is unknown trust
Error: kwin-scripts-forceblur: signature from "TNE <tne@garudalinux.org>" is unknown trust
Removing invalid files and retrying...
Resolving dependencies...
Checking inter-conflicts...
Download of authy (2.3.0-1.3) started                                                                                                                          
Download of kwin-scripts-forceblur (0.6.1-1.3) started                                                                                                         
Download of kwin-scripts-forceblur (0.6.1-1.3) finished                                                                                                        
Download of authy (2.3.0-1.3) finished                                                                                                                         
Checking keyring...                                                                                                                                   [114/114]
Checking integrity...                                                                                                                                 [114/114]
Error: authy: signature from "TNE <tne@garudalinux.org>" is unknown trust
Error: kwin-scripts-forceblur: signature from "TNE <tne@garudalinux.org>" is unknown trust
Error: Failed to commit transaction: invalid or corrupted package:

Now I’m left feeling totally incompetent… especially as I was able to install and use Authy and Bitwarden just ten minutes ago.

Right now I’m also unable to launch Pamac GUI with an error:

Message recipient disconnected from message bus without replying 

cat /etc/pacman.conf

Added Chaotic at the bottom there

#
# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives

#
# GENERAL OPTIONS
#
[options]
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir     = /
#DBPath      = /var/lib/pacman/
CacheDir = /var/cache/pacman/pkg/
#LogFile     = /var/log/pacman.log
#GPGDir      = /etc/pacman.d/gnupg/
#HookDir     = /etc/pacman.d/hooks/
HoldPkg      = pacman glibc manjaro-system
# If upgrades are available for these packages they will be asked for first
SyncFirst    = manjaro-system archlinux-keyring manjaro-keyring
#XferCommand = /usr/bin/curl -L -C - -f -o %o %u
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
#UseDelta    = 0.7
Architecture = auto

#IgnorePkg   =
#IgnorePkg   =
#IgnoreGroup =

#NoUpgrade   =
#NoExtract   =

# Misc options
#UseSyslog
#Color
#NoProgressBar
# We cannot check disk space from within a chroot environment
CheckSpace
#VerbosePkgLists
#ParallelDownloads = 5

# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel    = Required DatabaseOptional
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required

# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Manjaro Linux
# packagers with `pacman-key --populate archlinux manjaro`.

#
# REPOSITORIES
#   - can be defined here or included from another file
#   - pacman will search repositories in the order defined here
#   - local/custom mirrors can be added here or in separate files
#   - repositories listed first will take precedence when packages
#     have identical names, regardless of version number
#   - URLs will have $repo replaced by the name of the current repo
#   - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
#       [repo-name]
#       Server = ServerName
#       Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#

# The testing repositories are disabled by default. To enable, uncomment the
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.

[core]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

[extra]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

[community]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

# If you want to run 32 bit applications on your x86_64 system,
# enable the multilib repositories as required here.

[multilib]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

# An example of a custom package repository.  See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

[chaotic-aur]
Include = /etc/pacman.d/chaotic-mirrorlist

I’m trying to keep up, I think pacui has fixed some issues here - I told it to upgrade without checking keys, and then it asked if I wanted to prevent the error.

If this is from old image (because your pacman.conf still has community), try updating pacman and keyrings first. And comment chaotic out for now.

pacman -Sy "pacman>=6.0.2-7"
pacman -S {archlinux,manjaro}-keyring
pacman -Syu

• manjaro-kde-22.1.3-230529-linux61 ISO
  Freshly downloaded for the ventoy USB to install.

I do now have pacman 6.0.2-7 after the reinstall. (and I did remember to include ILoveCandy).

I just didn’t have the time to continue fixing it for another day… but thanks for all the help.

Mostly I failed to parse the sentence calling pacman to install downloaded manjaro-keyring packages. Hopefully it won’t come up again!

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.