PGP Could not be imported

tuxarcher · 14 October 2022 15:14

Sorry if this is a silly question.
I am on KDE, running from a live USB.
Trying to

sudo pacman -Syu

I get lots of errors that keys could not be imported… example:

          xmlsec-1.2.34-2  xz-5.2.7-1  yakuake-22.08.1-1  zbar-0.23.90-1  archlinux-keyring-20220927-1

Total Download Size:      1.11 MiB
Total Installed Size:  4167.84 MiB
Net Upgrade Size:        75.96 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
 archlinux-keyring-20220927-1-any     1136.1 KiB  1979 KiB/s 00:01 [####################################] 100%
(455/455) checking keys in keyring                                 [####################################] 100%
downloading required keys...
:: Import PGP key 94657AB20F2A092B, "Andreas Radke <andyrtr@archlinux.org>"? [Y/n] 
error: key "Andreas Radke <andyrtr@archlinux.org>" could not be imported
:: Import PGP key C06086337C50773E, "Jelle van der Waa <jelle@archlinux.org>"? [Y/n] 
error: key "Jelle van der Waa <jelle@vdwaa.nl>" could not be imported
:: Import PGP key 9C02FF419FECBE16, "Morten Linderud <foxboron@archlinux.org>"? [Y/n] 
error: key "Morten Linderud <morten@linderud.pw>" could not be imported

Why? How can this be fixed. I am looking to install but…
What am I doing wrong?
I searched and found this link here Error pacman PGP key - #2 by Wollie
and accordingly I did

sudo pacman -Scc
sudo pacman-mirrors -f && sudo pacman -Syyu

Where I got same key import errors.
Is it because I am running from USB?
What if it happened after I install?

Sorry, I am totally new to Linux and to Arch/Manjaro.
Any help?!

I hope this helps:

:: Proceed with installation? [Y/n] 
(1/1) checking keys in keyring                                     [####################################] 100%
(1/1) checking package integrity                                   [####################################] 100%
error: archlinux-keyring: signature from "Christian Hesse (Arch Linux Package Signing) <arch@eworm.de>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20220927-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).

Mirdarthos · 14 October 2022 15:23

I suspect that precise thing, yes.

After you install and update everything should be fine. As long as the ISO’s not too old.

tuxarcher · 14 October 2022 15:26

I just downloaded like last night, minimal, torrent.
But is it for sure because I am running from USB?

Mirdarthos · 14 October 2022 15:32

That’s fresh enough, in my opinion.

I have no way to be absolutely sure, but I’m saying it with 99% certainty.

In addition, while pacman is awesome and amazing, I recommend you start off at least with pamac, seeing as it takes care of more things than pacman. You can always progress to pacman when you’re more comfortable.

tuxarcher · 14 October 2022 15:36

I tried installing “chromium” browser through pamac but had almost same errors and could not install.

This is why I searched and tried to do it manually through pacman. (Old man here coming from the DOS days)

mithrial · 14 October 2022 15:44

What do you mean by “running on USB”? Are you running the command on the actual live USB medium or from chroot or did you install Manjaro on a USB drive?

tuxarcher · 14 October 2022 15:48

I mean live session.
Just booted from the USB.

megavolt · 14 October 2022 15:51

That scenario happens when the Manjaro packages are much older than on the mirror.

Unterstand that:

You have pgp keys preinstalled on the iso.
Manjaro is rolling and keys will change.
Normally the pkgs archlinux-keyring and manjaro-keyring are signed with the previous keys.
But in your situation: it just skips to the new pkgs, but it cannot be verified with your current key.

So generally:

Key is there.
It retrieves archlinux-keyring and manjaro-keyring, which contain the new keys, which are normally signed with the previous key.
After installing those, you can run a normal installation.

Now your situation:

Key is there.
It retrieves archlinux-keyring and manjaro-keyring, which contain the new keys, which are normally signed with the previous key, BUT you don’t have the previous key of that package.
Error…

Solution: Use the most current ISO or do a workaround like that:

Discord Update / Error

# update mirrors
sudo pacman-mirrors -c Germany # or any other Country
sudo pacman-mirrors -f 5
# remove gnupg and re-init it
sudo rm -rv /etc/pacman.d/gnupg
sudo pacman-key --init
# remove pacman cache
sudo rm -Rf /var/cache/pacman/pkg/*
# download the newest packages which contains the gpg keys
sudo mkdir -pv $HOME/.cache/pkg/ 
# !!! Don't import keys here... so type "n" if asking. !!!
sudo pacman -Syw archlinux-keyring manjaro-keyring --cachedir $HOME/.cache/pkg/
# remove the signatures
sudo rm -f $HOME/.cache/pkg/*.sig
# Install the packages
sudo pacman -U $HOME/.cache/pkg/*.tar.zst
# clear the cache
sudo pacman -Sc
# Remove the downloaded packages again
sudo rm -Rf $HOME/.cache/pkg/

tuxarcher · 14 October 2022 15:56

NOTED.
Thank you

system · 17 October 2022 05:57

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.