Pacman broken (invalid or corrupted package)

Completely new to Manjaro (and Arch in general). Started just after Christmas, and this is about the third time I have tried to do an update.

An update about a week ago had a minor problem (dependency cycle I think) and I didn’t think anything of it. Yesterday I tried to update again and it said there was a lock active. I couldn’t find any running processes so I rebooted and tried again, only to hit a bunch of dependency cycles that I couldn’t resolve. After googling around and trying various commands for Arch pacman issues, I learned that interrupting an update is bad. By now I don’t remember all the things I tried, but I am stuck.

Currently, pacman -Syu says
error: GPGME error: Invalid crypto engine
hundreds of times, then for each package says
File xxx is corrupted (invalid or corrupted (PGP signature)). Do you want to delete it?
I’ve tried deleting all the packages (one at a time!) but it just happens again when I re-run it.

I found my way to https://wiki.manjaro.org/index.php?title=Pacman_troubleshooting#Errors_about_Keys and was following the instructions there.
Step 1 was no problem
Step 2, after complaining about invalid crypto engine and keyring not found, it says:

error: gnupg: missing required signature
:: File /var/cache/pacman/pkg/gnupg-2.2.13-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]

The troubleshooting guide says nothing about this, and I am afraid to experiment and mess things up even more. Deleting the files [Y] just exits. Should I press [n] or does this indicate I need to do something different?

Thanks, I am completely stumped and don’t know what else to do except reinstall. Various people say if you have this or that pacman utility installed, you can fix things. But of course those are not installed and now it is impossible to install anything. So all I have is pacman (and trizen).

Thanks!

Reboot, then try in terminal/konsole

$ pamac upgrade -a

Thanks. At the commit transaction? prompt I pressed [y], and it said a series of

Checking keyring...                                                                                                                                                                                                                                                      [0/353]
Warning: Public keyring not found; have you run 'pacman-key --init'?
Error: GPGME error: Invalid crypto engine

Followed by a series of
Error: <package>: missing requried signature
and finally
Error: Failed to commit transaction: invalid or corrupted package (PGP signature):

$ sudo pacman-mirrors -ic Germany #Your country

$ sudo pacman-mirrors -f 5

$ sudo pacman -Syyu

Mirror-check
http://repo.manjaro.org/

Okay, those commands were successful. All the downloads worked, so that is progress.
After downloading, the update then listed the same keyring invalid crypto engine errors as before, and then said all the packages were downloaded invalid or corrupted and wants to delete them.

that is not good like

???

OK thanks for helping. One of the things I might have done following someone’s purported fix, was pacman -R gnupg (and then could not reinstall). I can’t find it in my bash_history so it may be imagination or maybe it was another terminal session that didn’t get saved. Anyway I’ll read through the link you posted and see what I can find out about the chroot stuff.

Edit: pacman -Qi gnupg gpgme libgcrypt did not say gnupg is not found so that is good.

sudo pacman -Sy archlinux-keyring manjaro-keyring --noconfirm

Try the above.

1 Like
$ sudo pacman -Sy archlinux-keyring manjaro-keyring --noconfirm
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
warning: archlinux-keyring-20190123-2 is up to date -- reinstalling
warning: manjaro-keyring-20180607-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (2) archlinux-keyring-20190123-2  manjaro-keyring-20180607-1

Total Download Size:   0.77 MiB
Total Installed Size:  1.08 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
 archlinux-keyring-20190123-2-any                                                                        685.1 KiB  4.65M/s 00:00 [##############################################################################] 100%
 manjaro-keyring-20180607-1-any                                                                           99.8 KiB  9.75M/s 00:00 [##############################################################################] 100%
(2/2) checking keys in keyring                                                                                                    [##############################################################################] 100%
warning: Public keyring not found; have you run 'pacman-key --init'?
error: GPGME error: Invalid crypto engine
warning: Public keyring not found; have you run 'pacman-key --init'?
error: GPGME error: Invalid crypto engine
(2/2) checking package integrity                                                                                                  [##############################################################################] 100%
warning: Public keyring not found; have you run 'pacman-key --init'?
error: GPGME error: Invalid crypto engine
warning: Public keyring not found; have you run 'pacman-key --init'?
error: GPGME error: Invalid crypto engine
error: archlinux-keyring: missing required signature
:: File /var/cache/pacman/pkg/archlinux-keyring-20190123-2-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: manjaro-keyring: missing required signature
:: File /var/cache/pacman/pkg/manjaro-keyring-20180607-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

Then

$ sudo pacman-key --init
gpg: error while loading shared libraries: libreadline.so.7: cannot open shared object file: No such file or directory
chmod: cannot access '/etc/pacman.d/gnupg//trustdb.gpg': No such file or directory
gpg: error while loading shared libraries: libreadline.so.7: cannot open shared object file: No such file or directory
gpg: error while loading shared libraries: libreadline.so.7: cannot open shared object file: No such file or directory
==> Updating trust database...
gpg: error while loading shared libraries: libreadline.so.7: cannot open shared object file: No such file or directory
==> ERROR: Trust database could not be updated.

Try the first hit, second comment from this forum search

Thanks, adding libreadline.so.7 let sudo pacman-key --init run successfully.

$ sudo pacman-key --init
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
gpg: Generating pacman keyring master key...
gpg: key 71444948E2045CCA marked as ultimately trusted
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/B92098573F887599ECB5B9C271444948E2045CCA.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u

After that I retried the update:

$ sudo pacman -Sy archlinux-keyring manjaro-keyring --noconfirm
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
warning: archlinux-keyring-20190123-2 is up to date -- reinstalling
warning: manjaro-keyring-20180607-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (2) archlinux-keyring-20190123-2  manjaro-keyring-20180607-1

Total Download Size:   0.77 MiB
Total Installed Size:  1.08 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
 archlinux-keyring-20190123-2-any                                                                        685.1 KiB  4.65M/s 00:00 [##############################################################################] 100%
 manjaro-keyring-20180607-1-any                                                                           99.8 KiB  13.9M/s 00:00 [##############################################################################] 100%
(2/2) checking keys in keyring                                                                                                    [##############################################################################] 100%
downloading required keys...
:: Import PGP key 4096R/CFA6AF15E5C74149FC1D8C086D1655C14CE1C13E, "Florian Pritz <f-p@gmx.at>", created: 2008-08-01? [Y/n] 
:: Import PGP key 2048R/E4CDFE50A2DA85D58C8A8C70CAA6A59611C7F07E, "Philip Müller (Called Little) <philm@manjaro.org>", created: 2012-05-05? [Y/n] 
(2/2) checking package integrity                                                                                                  [##############################################################################] 100%
error: archlinux-keyring: signature from "Florian Pritz <bluewind@xinu.at>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20190123-2-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: manjaro-keyring: signature from "Philip Müller (Called Little) <philm@manjaro.org>" is unknown trust
:: File /var/cache/pacman/pkg/manjaro-keyring-20180607-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

Different results from first time but still stuck on invalid keyring package.

OK tried pamac upgrade -a again, this time a different result. It downloaded all the files and then for each file it said:

Checking keyring...                                                                                                                                                                                           [353/353]
Downloading required keys...
Checking integrity...                                                                                                                                                                                         [353/353]
Error: iana-etc: signature from "Gaetan Bisson <gaetan@fenua.org>" is unknown trust
Error: alsa-lib: signature from "Anatol Pomozov <anatol.pomozov@gmail.com>" is unknown trust
Error: alsa-plugins: signature from "Anatol Pomozov <anatol.pomozov@gmail.com>" is unknown trust
etc...

That is progress, nothing about invalid crypto, missing signatures or corrupted packages.

This might fix the keyring/signatures. The keyring can become corrupted or outdated by partial or incomplete updates.

1 Like

THANK YOU to everyone!

That last link worked. (The first command failed, but the second and third worked and then the first succeeded too.)
Afterward I was able to complete a full update.

1 Like

@Alcamtar
Hook it and it’s solved :slight_smile:

I just do it for you. :smiley:

Nice. that it still worked.
grafik
grafik
grafik

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.