How about… NO.

Using -y:

User: Is the database updated?
Server: Yes.
User: Great!

Using -yy:

User: Is Is the database updated?
Server: Yes.
User: Screw you, I’ll abuse the server and download the same database I already have for no reason.

Also, if one has outdated mirrors, using -yy could force updating the local database with outdated package versions and put one in an unsupported partial upgrade state.

Pacman is a tool just like a hammer. One can either use it to be constructive or destructive. Use it wisely.

I’ve tried. It seems like, as a result, my system is not functional.

$ sudo rm -r /etc/pacman.d/gnupg
$ sudo pacman-key --init
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: WARNING: unsafe ownership on homedir '/home/ave/.gnupg'
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/EC0A3000A6E1421E197BAF040B576DCA4BD4F8F5.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
$ sudo pacman -U manjaro-keyring-20230719-3-any.pkg.tar.zst archlinux-contrib-20240714-1-any.pkg.tar.zst
loading packages...
warning: manjaro-keyring-20230719-3 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (3) pyalpm-0.10.9-2  archlinux-contrib-20240714-1  manjaro-keyring-20230719-3

Total Download Size:   0.06 MiB
Total Installed Size:  0.42 MiB
Net Upgrade Size:      0.33 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
 pyalpm-0.10.9-2-x86_64                                   63.5 KiB  1765 KiB/s 00:00 [------------------------------------------------] 100%
(3/3) checking keys in keyring                                                       [------------------------------------------------] 100%
downloading required keys...
:: Import PGP key C06086337C50773E, "Jelle van der Waa <jelle@archlinux.org>"? [Y/n] 
(2/3) checking package integrity                                                     [------------------------------------------------] 100%
error: pyalpm: signature from "Jelle van der Waa <jelle@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/pyalpm-0.10.9-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

I tried to install pyalpm manually, like the two other packages mentioned. It worked, but now the update of the system looks like this:

(658/658) checking keys in keyring                                                   [------------------------------------------------] 100%
(658/658) checking package integrity                                                 [------------------------------------------------] 100%
error: iana-etc: signature from "Jelle van der Waa <jelle@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/iana-etc-20240612-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: libdrm: signature from "Andreas Radke <andyrtr@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/libdrm-2.4.122-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: libxau: signature from "Andreas Radke <andyrtr@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/libxau-1.0.11-3-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: libxfixes: signature from "Andreas Radke <andyrtr@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/libxfixes-6.0.1-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: libxshmfence: signature from "Andreas Radke <andyrtr@archlinux.org>" is unknown trust

... hundreds more lines like this ...

:: File /var/cache/pacman/pkg/xcape-1.2-5-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: yarn: signature from "Daniel M. Capella <polyzen@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/yarn-1.22.22-2-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

 -> error installing repo packages
error installing repo packages

What am I supposed to do now?

It’s like deja vu.

archlinux-keyring-20240709-1-any.pkg.tar.zst

But note that, as described above, the issue with intel-oneapi-basekit specifically appears to be with the package and not the key.

Can you translate it to a not-initiated one? Besides what I should note, I am more interested in what I should do.

Update

The solution for me was

SigLevel = Never
#LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required

in /etc/pacman.conf.

I think that these large packages can sometimes get corrupted. There was a similar issue last December with tensorflow-opt-cuda.

The copy on the Manjaro servers differs from upstream Arch.

Manjaro

Name            : intel-oneapi-basekit
Version         : 2024.1.0.596-3
Download Size   : 508.98 MiB
Installed Size  : 14858.64 MiB
Packager        : Torsten Keßler <tpkessler@archlinux.org>
Build Date      : Mon 08 Jul 2024 17:20:01 UTC

Arch

Name            : intel-oneapi-basekit
Version         : 2024.1.0.596-3
Download Size   : 2.58 GiB
Installed Size  : 14.51 GiB
Packager        : Torsten Keßler <tpkessler@archlinux.org>
Build Date      : Mon 08 Jul 2024 17:20:01 UTC

This will presumably get fixed at some point. In the meantime, as jfaulknercourt explained, you can manually download the package direct from Arch and install that.

ETA:

This solves your problem in much the same way that the guillotine solves dandruff problems: I’m sure it works, but there may be some side effects.

In your earlier post, you deleted all of the Arch Linux keys, and then failed to appropriately replace them. Of course this will cause all Arch Linux packages to fail their signature checks.

For intel-oneapi-basekit, even with valid keys, it would also fail the signature check because the copy of the package on the Manjaro servers has a different hash sum than the original on Arch. So the signature check failure in this case is the package management system working exactly as it is supposed to.

I followed the procedure from Manjaro’s Wiki suggested here by a moderator. As far as I can tell, I have not diverted from what the Wiki describes.

Sure, so besides criticizing my stupidity of following the Wiki, can you tell me how to fix the problem in another way?

The Wiki entry explains that you need to download and manually install archlinux-keyring. You downloaded and installed archlinux-contrib.

Thanks!

Thank you and same. The package has been marked as out of date as of Jul 17.
After I refresh my keyrings, I was thankfully just able to remove the package, instead of manually updating it after checking dependencies using pactree from pacman-contrib.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.