PGP errors when trying to update. Can't update fresh install

Slyfer1 · 11 March 2025 15:37

Hey there guys,

I’m unable to update my system after I’ve installed a fresh copy of Manjaro.

If I do sudo pacman -Syu I’d get PGP errors saying that files in /var/cache/pacman/pkg are corrupted.

I’ve tried the troubleshooting from here: Pacman troubleshooting - Manjaro

and here:

Basically everything I try results in errors and the issues, sadly, just persist.

Any help would be greatly appreciated

GaVenga · 11 March 2025 15:41

Try:
https://bbs.archlinux.org/viewtopic.php?id=282170

Slyfer1 · 11 March 2025 15:49

Thanks for chiming in @GaVenga,

Sadly, I’m even getting the same errors when I do pacman -S archlinux-keyring. It’s again asking if I want to to delete the damaged (invalid or damaged Package (PGP-Signature)), so that doesn’t resolve it sadly.

I’m getting nuts about this

If I then confirm with Y it says errors occured (invalid or damaged package (PGP-signature)). No packages have been upgraded

lp354 · 11 March 2025 15:53

Why not do another fresh install with latest iso. And check that iso for errors.

Slyfer1 · 11 March 2025 15:53

Maybe yeah, might just be an issue with the iso, true

linux-aarhus · 11 March 2025 15:56

You can - temporarily work around the gpg issue by loosing the package check in pacman.conf

# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel    = Required DatabaseOptional

This should not be necessary but as a last resort.

Change SigLevel to read SigLevel = TrustAll - do remember to set it back when

You can use manjaro-get-iso (CLI) or manjaro-iso-downloader (GUI) package to download and verify the iso.

→ Pacman troubleshooting - Manjaro
→ [root tip] [How To] Mitigate and prevent GPGME error when syncing your system

The get-iso script is a single python script source at

→ Applications / Manjaro Get Iso · GitLab

Phemisters · 11 March 2025 15:58

It is helpful if you post the actual command you are running and all of the output instead of just some snippets.

This post has some suggestions which might be relevant: [HowTo] Work around gpg verification issue on left behind systems

It starts with a list of things to try, but if you scroll down you’ll see there is a handy script to run, like this:

export FILE=$(curl -s "https://forum.manjaro.org/raw/125822" | sed -n -r '/^###START###$/,/^###END###$/p')
bash <(<<<"$FILE") --help

You can try working through the various options starting with

export FILE=$(curl -s "https://forum.manjaro.org/raw/125822" | sed -n -r '/^###START###$/,/^###END###$/p')
bash <(<<<"$FILE") --basic