PGP error on the package intel-oneapi-basekit

Support System Updates
1

I tried to run the update today 14/07/24 and I kept getting a pgp error on the package intel-oneapi-basekit (which I need for Bitwig Studio). So I held it back so that the rest of the system could update. But this package still need to update. I tried to uninstall and reinstall it but it wont let me as its a dependancy. How can I fix this?

2

Why not sharing the error message with us?

3

Have you tried Pacman troubleshooting - Manjaro?

4

I have decided to roll back before all the updates today.

I just ran through all the steps on that page.

When I got to this step

sudo pacman -U manjaro-keyring*.pkg.tar.xz archlinux-keyring*.pkg.tar.zst`

I got these error messages

error: could not open file manjaro-keyring-YYYYMMDD-R-any.pkg.tar.xz: Unrecognized archive format
error: 'manjaro-keyring-YYYYMMDD-R-any.pkg.tar.xz': cannot open package file
error: could not open file archlinux-keyring-YYYYMMDD-R-any.pkg.tar.zst: Unrecognized archive format
error: 'archlinux-keyring-YYYYMMDD-R-any.pkg.tar.zst': cannot open package file

I decided to run the whole update and this is the error message I got in the Terminal.

error: intel-oneapi-basekit: signature from "Torsten Keßler <tpkessler@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/intel-oneapi-basekit-2024.1.0.596-3-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
5

Yeah well… First of all, you’re supposed to replace the “YYYYMMDD-R” by the correct date — there are multiple signature packages on that site — and secondly, it’ll be a .zst file now instead of an .xz file, since both Arch, Manjaro and other Arch derivatives have switched to zstd compression instead of xz compression a long time ago already.

6

OK I replaced with the section with todays date and still get the same errors.

 sudo pacman -U manjaro-keyring*.pkg.tar.zst archlinux-keyring*.pkg.tar.zst                                 1 ✘ 
loading packages...
error: could not open file manjaro-keyring-20240714-R-any.pkg.tar.zst: Unrecognized archive format
error: 'manjaro-keyring-20240714-R-any.pkg.tar.zst': cannot open package file
error: could not open file archlinux-keyring-20240714-R-any.pkg.tar.zst: Unrecognized archive format
error: 'archlinux-keyring-20240714-R-any.pkg.tar.zst': cannot open package file
7

Can you share /etc/makepkg.conf? Maybe you have ignored a pacnew file.

8

I’ve edited your topic title as it was quite vague. This is a support forum, not Reddit.

Please see:

9

Here is the contents of makepkg.conf

#!/hint/bash
# shellcheck disable=2034

#
# /etc/makepkg.conf
#

#########################################################################
# SOURCE ACQUISITION
#########################################################################
#
#-- The download utilities that makepkg should use to acquire sources
#  Format: 'protocol::agent'
DLAGENTS=('file::/usr/bin/curl -qgC - -o %o %u'
          'ftp::/usr/bin/curl -qgfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
          'http::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
          'https::/usr/bin/curl -qgb "" -fLC - --retry 3 --retry-delay 3 -o %o %u'
          'rsync::/usr/bin/rsync --no-motd -z %u %o'
          'scp::/usr/bin/scp -C %u %o')

# Other common tools:
# /usr/bin/snarf
# /usr/bin/lftpget -c
# /usr/bin/wget

#-- The package required by makepkg to download VCS sources
#  Format: 'protocol::package'
VCSCLIENTS=('bzr::breezy'
            'fossil::fossil'
            'git::git'
            'hg::mercurial'
            'svn::subversion')

#########################################################################
# ARCHITECTURE, COMPILE FLAGS
#########################################################################
#
CARCH="x86_64"
CHOST="x86_64-pc-linux-gnu"

#-- Compiler and Linker Flags
#CPPFLAGS=""
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
        -Wp,-D_FORTIFY_SOURCE=3 -Wformat -Werror=format-security \
        -fstack-clash-protection -fcf-protection \
        -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"
CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
LDFLAGS="-Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro -Wl,-z,now \
         -Wl,-z,pack-relative-relocs"
LTOFLAGS="-flto=auto"
RUSTFLAGS="-Cforce-frame-pointers=yes"
#-- Make Flags: change this for DistCC/SMP systems
MAKEFLAGS="-j2"
#-- Debugging flags
DEBUG_CFLAGS="-g"
DEBUG_CXXFLAGS="$DEBUG_CFLAGS"
DEBUG_RUSTFLAGS="-C debuginfo=2"

#########################################################################
# BUILD ENVIRONMENT
#########################################################################
#
# Makepkg defaults: BUILDENV=(!distcc !color !ccache check !sign)
#  A negated environment option will do the opposite of the comments below.
#
#-- distcc:   Use the Distributed C/C++/ObjC compiler
#-- color:    Colorize output messages
#-- ccache:   Use ccache to cache compilation
#-- check:    Run the check() function if present in the PKGBUILD
#-- sign:     Generate PGP signature file
#
BUILDENV=(!distcc color !ccache check !sign)
#
#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
#-- specify a space-delimited list of hosts running in the DistCC cluster.
#DISTCC_HOSTS=""
#
#-- Specify a directory for package building.
#BUILDDIR=/tmp/makepkg

#########################################################################
# GLOBAL PACKAGE OPTIONS
#   These are default values for the options=() settings
#########################################################################
#
# Makepkg defaults: OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug !lto !autodeps)
#  A negated option will do the opposite of the comments below.
#
#-- strip:      Strip symbols from binaries/libraries
#-- docs:       Save doc directories specified by DOC_DIRS
#-- libtool:    Leave libtool (.la) files in packages
#-- staticlibs: Leave static library (.a) files in packages
#-- emptydirs:  Leave empty directories in packages
#-- zipman:     Compress manual (man and info) pages in MAN_DIRS with gzip
#-- purge:      Remove files specified by PURGE_TARGETS
#-- debug:      Add debugging flags as specified in DEBUG_* variables
#-- lto:        Add compile flags for building with link time optimization
#-- autodeps:   Automatically add depends/provides
#
OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug lto)

#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2
INTEGRITY_CHECK=(sha256)
#-- Options to be used when stripping binaries. See `man strip' for details.
STRIP_BINARIES="--strip-all"
#-- Options to be used when stripping shared libraries. See `man strip' for details.
STRIP_SHARED="--strip-unneeded"
#-- Options to be used when stripping static libraries. See `man strip' for details.
STRIP_STATIC="--strip-debug"
#-- Manual (man and info) directories to compress (if zipman is specified)
MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
#-- Doc directories to remove (if !docs is specified)
DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
#-- Files to be removed from all packages (if purge is specified)
PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)
#-- Directory to store source code in for debug packages
DBGSRCDIR="/usr/src/debug"
#-- Prefix and directories for library autodeps
LIB_DIRS=('lib:usr/lib' 'lib32:usr/lib32')

#########################################################################
# PACKAGE OUTPUT
#########################################################################
#
# Default: put built package and cached source in build directory
#
#-- Destination: specify a fixed directory where all packages will be placed
#PKGDEST=/home/packages
#-- Source cache: specify a fixed directory where source files will be cached
#SRCDEST=/home/sources
#-- Source packages: specify a fixed directory where all src packages will be placed
#SRCPKGDEST=/home/srcpackages
#-- Log files: specify a fixed directory where all log files will be placed
#LOGDEST=/home/makepkglogs
#-- Packager: name/email of the person or organization building packages
#PACKAGER="John Doe <john@doe.com>"
#-- Specify a key to use for package signing
#GPGKEY=""

#########################################################################
# COMPRESSION DEFAULTS
#########################################################################
#
COMPRESSGZ=(gzip -c -f -n)
COMPRESSBZ2=(bzip2 -c -f)
COMPRESSXZ=(xz -c -z -)
COMPRESSZST=(zstd -c -T0 --ultra -20 -)
COMPRESSLRZ=(lrzip -q)
COMPRESSLZO=(lzop -q)
COMPRESSZ=(compress -c -f)
COMPRESSLZ4=(lz4 -q)
COMPRESSLZ=(lzip -c -f)

#########################################################################
# EXTENSION DEFAULTS
#########################################################################
#
PKGEXT='.pkg.tar.zst'
SRCEXT='.src.tar.gz'

#########################################################################
# OTHER
#########################################################################
#
#-- Command used to run pacman as root, instead of trying sudo and su
#PACMAN_AUTH=()
# vim: set ft=sh ts=2 sw=2 et:
10

You’re still doing it wrong. In order to find out what the correct packages are, you must go to the sites that contain them. Those sites are located here and here.

And since you’ve already got your browser open then, you can skip the curl commands and just download the two pertinent packages by way of your browser. :point_down:

manjaro-keyring-20230719-3-any.pkg.tar.zst
archlinux-contrib-20240714-1-any.pkg.tar.zst

If you do want to use the curl commands instead of directing your browser to those repositories and looking for the packages, then the commands will be… :point_down:

curl -O manjaro-keyring-20230719-3-any.pkg.tar.zst
curl -O archlinux-contrib-20240714-1-any.pkg.tar.zst

Lastly, please take out the time to read this short but informative essay… :point_down:

1 Like
11

Manjaro is NOT suitable for absolute beginners No, it’s not.

Thank you for that Link. I have read it a number of times over the 4 years Ive been using Manjaro.

Unfortunately some of us are not programmers or scripters and over no amount of time are we fully au-fait with commands. That said I have mabnaged to solve almost all problems Ive had with Manajro in that time even when gettign little help from the forums.

But there is a first time for everything and this is the first time I have had to do this.

You’re still doing it wrong. In order to find out what the correct packages are, you must go to the sites that contain them. Those sites are located here and here.

And since you’ve already got your browser open then, you can skip the curl commands and just download the two pertinent packages by way of your browser.

After downloading and installing those packages I now get this error

sudo pacman -U manjaro-keyring*.pkg.tar archlinux-contrib*.pkg.tar                       1 ✘  38s  
loading packages...
warning: manjaro-keyring-20230719-3 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (3) pyalpm-0.10.9-2  archlinux-contrib-20240617-1  manjaro-keyring-20230719-3

Total Download Size:   0.06 MiB
Total Installed Size:  0.42 MiB
Net Upgrade Size:      0.33 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 pyalpm-0.10.9-2-x86_64                         63.5 KiB   340 KiB/s 00:00 [##########################################] 100%
(3/3) checking keys in keyring                                             [##########################################] 100%
(2/3) checking package integrity                                           [##########################################] 100%
error: pyalpm: signature from "Jelle van der Waa <jelle@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/pyalpm-0.10.9-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
12

Forgive me, but I find that hard to believe, given that I’ve only posted that on the 9th of October 2023. So that essay isn’t even one year old. :face_with_raised_eyebrow:

You did not execute the other steps in the Wiki. :point_down:

sudo rm -r /etc/pacman.d/gnupg
sudo pacman-key --init
sudo pacman -U manjaro-keyring*.pkg.tar.zst archlinux-keyring*.pkg.tar.zst
sudo pacman-key --populate manjaro archlinux
sudo pacman -Syu
1 Like
13

I didn’t say I read that post 4 years ago. I said I’ve used Manajro for 4 years and Ive read that post a few times. I switched to Manajro at the start of Covid.

Here is a history of all the commands and their output.

    ~  sudo rm -r /etc/pacman.d/gnupg                                                                               ✔ 
[sudo] password for thedatabug: 
    ~  sudo pacman-key --init                                                                                ✔  3s  
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/D980C8172DE819ADD73CE98E9683E5793490D237.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
    ~  sudo pacman -U /home/thedatabug/Downloads/archlinux-contrib-20240617-1-any.pkg.tar /home/thedatabug/Downloads/manjaro-keyring-20230719-3-any.pkg.tar
loading packages...
warning: manjaro-keyring-20230719-3 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (3) pyalpm-0.10.9-2  archlinux-contrib-20240617-1  manjaro-keyring-20230719-3

Total Download Size:   0.06 MiB
Total Installed Size:  0.42 MiB
Net Upgrade Size:      0.33 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 pyalpm-0.10.9-2-x86_64                         63.5 KiB   359 KiB/s 00:00 [##########################################] 100%
(3/3) checking keys in keyring                                             [##########################################] 100%
downloading required keys...
:: Import PGP key C06086337C50773E, "Jelle van der Waa <jelle@archlinux.org>"? [Y/n] y
(1/3) checking package integrity                                           [##########################################] 100%
error: pyalpm: signature from "Jelle van der Waa <jelle@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/pyalpm-0.10.9-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
14

archlinux-keyring-20240709-1-any.pkg.tar.zst ?

1 Like
15

I followed this. OK Ill get the archlinux-keyring

16

Get this one: archlinux-keyring-20240709-1-any.pkg.tar.zst — thank you, @Takakage. The other one I gave you was the wrong version.

17

Thank you. Finally it updated fully. I will add all this to my personal wiki.

1 Like
18

I know that this issue has been solved but for further possible help to others, I encountered exactly the same issue today and it turned out to be because the package file was truncated when downloaded from the official repository. The only way I could get around it was by going to Arch Linux - intel-oneapi-basekit 2024.1.0.596-3 (x86_64) and then selecting the ‘download from mirror’ option to get a local copy which I then installed using the pamac using the ‘install local package’ option. The file that downloaded via pamac was about 550mb but the actual file was something like 2.3gb.

Hope that helps someone.

5 Likes
19

Same here, did the steps above (including dropping pacman cache as described in the docs), plus tried what was described here: https://unix.stackexchange.com/questions/765068/arch-update-failed-because-of-signature-unknown-trust

sudo pacman -S archlinux-keyring
sudo pacman-key --refresh-keys

and finally even did the “trust the key manually”

sudo pacman-key --lsign-key tpkessler@archlinux.org

But still says

:: Retrieving packages...
 intel-oneapi-basekit-2024.1.0.596-3-x86_64                                                                                 509,0 MiB  16,0 MiB/s 00:32 [#############################################################################################] 100%
(543/543) checking keys in keyring                                                                                                                      [#############################################################################################] 100%
(543/543) checking package integrity                                                                                                                    [#############################################################################################] 100%
error: intel-oneapi-basekit: signature from "Torsten Keßler <tpkessler@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/intel-oneapi-basekit-2024.1.0.596-3-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.

Can also confirm that downloaded file is 2.x gigs, installing it manually at least made my system updateable again for now.

20

sudo pacman -Syyu