PGP signature error with 2024-07-01 update

Support System Updates
1

All pkgs signed by archlinux users are failing to install with a PGP signature error:

error pkgname: signature from someone@archlinux.org is unknown
error failed to commit transaction (invalid or corrupt package PGP signature)
Errors occurred, no packages were upgaded

I ran the script suggested in this post:

https://forum.manjaro.org/t/howto-work-around-gpg-verification-issue-on-left-behind-systems/125822

The script did not fix the issue.

It looks like taiwbi had a similiar issue:

https://forum.manjaro.org/t/package-is-corrupted-invalid-or-corrupted-package-pgp-signature/164907

I hope there is a better solution than re-installing manjaro.

Thanks for your attention and help.

Also, I think this may be a continuation of an issue I had reported but did not get resolved.

https://forum.manjaro.org/t/archlinux-keyring-fails-to-update/164313
1 Like
2

Manjaro is not Arch, so I’m not 100% sure if the Arch wiki entry is fully suitable for a Manjaro install but I would suggest to study it, maybe you find a helpful not yet tried detail.

https://wiki.archlinux.org/title/Pacman/Package_signing

1 Like
3

You have 2 courses of action - fix the signatures, or disable signing, update, and hope it is thus fixed, reenable and test again to install something.

For fixing it there is the guide here

In the topic you are quoting the user did not delete the old keys, and he used the refresh wich is advised against, and he decided to reinstall probably because other issues or convenience instead of trying once again.

If you decide to temporarily disable the checks you should set

SigLevel    = Required DatabaseOptional

to

SigLevel    = Never

in /etc/pacman.conf

1 Like
4

Thanks Teo,

I followed the steps in the section Errors about Keys in the Pacman troubleshooting guide. It didn’t help. I have the same errors as described before.

I’m going to try disabling the checks by setting SigLevel to Never in the pacman.conf file.

1 Like
5

disabling the checks by setting SigLevel to Never in the pacman.conf file did allow the update. My system is up to date.

After the update I set the

SigLevel    = Required DatabaseOptional

iin the pacman.conf file. I tried to install Thunderbird and it failed to install. Same issue as before, Archlinux keys are failing.

6

First be sure you are using updated mirrors. See yours with:

pacman-mirrors

And check status here:

https://repo.manjaro.org/

Set “SigLevel = Optional TrustAll” in pacman.conf, then force update of both keyrings with sudo pacman -Sy archlinux-keyring manjaro-keyring and then set “SigLevel = Required DatabaseOptional” before trying to update more packages.

7

My mirrors are up to date. I set “SigLevel = Optional TrustAll” in pacman.conf, and get the following error:

sudo pacman -Sy archlinux-keyring manjaro-keyring                                                                                 ✔ 
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 multilib is up to date
warning: archlinux-keyring-20240609-1 is up to date -- reinstalling
warning: manjaro-keyring-20230719-3 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (2) archlinux-keyring-20240609-1  manjaro-keyring-20230719-3

Total Installed Size:  1.75 MiB
Net Upgrade Size:      1.66 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 manjaro-keyring-20230719-3-any is up to date
(2/2) checking keys in keyring                                                                [------------------------------------------------------] 100%
downloading required keys...
:: Import PGP key 6D42BDD116E0068F, "Christian Hesse <eworm@archlinux.org>"? [Y/n] y
(2/2) checking package integrity                                                              [------------------------------------------------------] 100%
(2/2) loading package files                                                                   [------------------------------------------------------] 100%
(2/2) checking for file conflicts                                                             [------------------------------------------------------] 100%
error: failed to commit transaction (conflicting files)
archlinux-keyring: /usr/bin/archlinux-keyring-wkd-sync exists in filesystem
archlinux-keyring: /usr/lib/systemd/system/archlinux-keyring-wkd-sync.service exists in filesystem
archlinux-keyring: /usr/lib/systemd/system/archlinux-keyring-wkd-sync.timer exists in filesystem
archlinux-keyring: /usr/lib/systemd/system/timers.target.wants/archlinux-keyring-wkd-sync.timer exists in filesystem
archlinux-keyring: /usr/share/pacman/keyrings/archlinux-revoked exists in filesystem
archlinux-keyring: /usr/share/pacman/keyrings/archlinux-trusted exists in filesystem
archlinux-keyring: /usr/share/pacman/keyrings/archlinux.gpg exists in filesystem
Errors occurred, no packages were upgraded.
1 Like
8

Can you try sudo pacman -Syu archlinux-keyring manjaro-keyring instead?

There’s also an --overwrite parameter, but I’ve never seen this error so I can’t be sure if it’s safe or not using it. If you have a backup and there’s no other way of solving this issue… :wink:

9

Strange because it would simply overwrite the files with aggressive Method:

Ah yeah I see… here it needs to overwrite it:

@mezzo Try again… fixed it.

2 Likes
10

FIXED

Using the script from this URL:

https://forum.manjaro.org/raw/125822

Solved the problem for me. No PGP signature errors or any other type of errors. AND the system updated the 2024-07-16 Stable Update successfully.

Thanks for your help.

Editing to be clear on what I did.

From the command line I ran 2 commands:

export FILE=$(curl -s "https://forum.manjaro.org/raw/125822" | sed -n -r '/^###START###$/,/^###END###$/p')

bash <(<<<"$FILE") --aggressive
11

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.