No trusted keys

m-bostaurus · 8 November 2025 11:02

Manjaro Forum Post Draft

Subject: Persistent Package Signature Verification Error - libvips and python-anytree

System Details:

Distribution: Manjaro Linux
Packages Affected: libvips (8.17.1-1), python-anytree (2.13.0-1)
Current Installed Versions:
- libvips: 8.16.0-2
- python-anytree: 2.12.1-4

Problem Description:
I am experiencing persistent package signature verification errors when attempting to update these packages. Despite multiple troubleshooting attempts, including:

Refreshing package keys (pacman-key --refresh-keys)
Cleaning package cache
Attempting forced updates
Verifying mirror configurations

The system consistently returns the following error:

Error: libvips: signature from "Justin Kromlinger <justin@kromlinger.eu>" is unknown trust
Error: python-anytree: signature from "Justin Kromlinger <justin@kromlinger.eu>" is unknown trust
Error: The operation could not be completed (Invalid or corrupted package (PGP signature))

Troubleshooting Steps Already Attempted:

sudo pacman-key --refresh-keys
sudo pacman-mirrors --fasttrack
sudo pacman -Sc
sudo pacman -Syu --force
Attempted manual key import

Request for Assistance:

How can I resolve these signature verification issues?
Is there a way to manually import or trust the packager’s key?
Are there known issues with recent package signatures?

Any guidance would be greatly appreciated.

Nachlese · 8 November 2025 11:42

Your procedure seems incomplete.

Here is links to the wiki about this:

Pacman troubleshooting - Manjaro

[HowTo] Solve Keyring Related Issues in Manjaro

m-bostaurus · 8 November 2025 16:28

It seems that there are errors in “Pacman troubleshooting - Manjaro”
I get the information: “rm manjaro-keyring* archlinux-keyring*
rm: das Entfernen von ‘manjaro-keyring*’ ist nicht möglich: Datei oder Verzeichnis nicht gefunden
rm: das Entfernen von ‘archlinux-keyring*’ ist nicht möglich: Datei oder Verzeichnis nicht gefunden“ or “Fehler: Konnte Datei manjaro-keyring-YYYYMMDD-R-any.pkg.tar.zst nicht öffnen: Unrecognized archive format
Fehler: ‘manjaro-keyring-YYYYMMDD-R-any.pkg.tar.zst’: Kann Paketdatei nicht öffnen
Fehler: Konnte Datei archlinux-keyring-YYYYMMDD-R-any.pkg.tar.zst nicht öffnen: Unrecognized archive format
Fehler: ‘archlinux-keyring-YYYYMMDD-R-any.pkg.tar.zst’: Kann Paketdatei nicht öffnen“

m-bostaurus · 8 November 2025 17:07

Success! “The How to Solve keyring related issues in Manjaro” helped.

linux-aarhus · 9 November 2025 09:28

m-bostaurus:

The system consistently returns the following error:

Error: libvips: signature from "Justin Kromlinger <justin@kromlinger.eu>" is unknown trust
Error: python-anytree: signature from "Justin Kromlinger <justin@kromlinger.eu>" is unknown trust
Error: The operation could not be completed (Invalid or corrupted package (PGP sign

Are you using AUR to update the packages?

Because the packages in the repo is signed by a different key - an official archlinux key.

 $ mbn info python-anytree -q
Branch         : archlinux
Name           : python-anytree
Version        : 2.13.0-1
Repository     : extra
Build Date     : Wed 09 Apr 2025 12:19:42 
Packager       : Justin Kromlinger <hashworks@archlinux.org>
Branch         : unstable
Name           : python-anytree
Version        : 2.13.0-1
Repository     : extra
Build Date     : Wed 09 Apr 2025 12:19:42 
Packager       : Justin Kromlinger <hashworks@archlinux.org>
Branch         : testing
Name           : python-anytree
Version        : 2.13.0-1
Repository     : extra
Build Date     : Wed 09 Apr 2025 12:19:42 
Packager       : Justin Kromlinger <hashworks@archlinux.org>
Branch         : stable
Name           : python-anytree
Version        : 2.13.0-1
Repository     : extra
Build Date     : Wed 09 Apr 2025 12:19:42 
Packager       : Justin Kromlinger <hashworks@archlinux.org>

 $ mbn info libvips -q
Branch         : archlinux
Name           : libvips
Version        : 8.17.2-1
Repository     : extra
Build Date     : Wed 24 Sep 2025 11:27:11 
Packager       : Justin Kromlinger <hashworks@archlinux.org>
Branch         : unstable
Name           : libvips
Version        : 8.17.2-1
Repository     : extra
Build Date     : Wed 24 Sep 2025 11:27:11 
Packager       : Justin Kromlinger <hashworks@archlinux.org>
Branch         : testing
Name           : libvips
Version        : 8.17.2-1
Repository     : extra
Build Date     : Wed 24 Sep 2025 11:27:11 
Packager       : Justin Kromlinger <hashworks@archlinux.org>
Branch         : stable
Name           : libvips
Version        : 8.17.1-1
Repository     : extra
Build Date     : Mon 04 Aug 2025 19:32:42 
Packager       : Justin Kromlinger <hashworks@archlinux.org>

system · 12 November 2025 09:29

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.