You are getting a message when syncing your system
error: GPGME error: No data
error: failed to synchronize all databases (invalid or corrupted database (PGP signature))
Before you continue
- [SOLVED] Error updating system (error: GPGME error: No data) / Newbie Corner / Arch Linux Forums
- Pacman troubleshooting - Manjaro
This reference is the troubleshooting process I went through when I discovered the issue which was affecting my public mirror service (not official).
Also see this pacman bugreport from 2015 - which was closed as not a bug but a matter of configuration.
TL:DR
Open the file /etc/pacman.conf in a terminl editor (nano, micro, vi) and locate the following section
# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseOptional
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required
Change the SigLevel to
....
SigLevel = Required DatabaseNever
....
Remove the files in /var/lib/pacman/sync - they will be fetched as necessary
sudo rm -f /var/lib/pacman/sync/*
Change mirror
sudo pacman-mirrors --continent
A shortcut
The following is a reference to an utility script by @megavolt capable of doing the heavy lifting for you
[HowTo] Work around gpg verification issue on left behind systems
The explanation
It is a matter of configuration.
The setting in pacman.conf instructs pacman to look for optional database signature files. Neither Archlinux nor Manjaro signs the database - only the packages. Signing the database is rare but do exist and an example of an entity signing the database is SublimeHq (sublime text and sublime merge).
Pacman defaults to an internal downloader to retrieve files from the mirror.
When pacman wants a db.sig file it requests the signature file.
The mirror can answer with 200 which will make libalpm save the content received OR the mirror can respond with 404 which will do nothing and no error messages is thrown as there is no file to be read.
Some mirrors responds to 404 with 200 and some html.
Such responses will be written as the signature file and libalpm will validate the database with the received data and the validation - of course - fails.
If you look into the folder /var/lib/pacman/sync you will most likely find several db.sig files with identical timestamps and size.
If you take a closer look they are text files having html content
$ file /var/lib/pacman/sync/*.db.sig
core.db.sig: HTML document, ASCII text
...
When using the default
SigLevel = Required DatabaseOptional
there is only way to mitigate the above and it is to set the following in pacman.conf.
SigLevel = Required DatabaseNever
There is no security problem with this as the packages are signed and the SigLevel for the repos are usually set to PackageRequired as seen from below example
[core]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
You can safely remove the files in /var/lib/pacman/sync as they will be fetched as necessary.
sudo rm -f /var/lib/pacman/sync/*
If - despite the above configuration - the messages continues - you will need to remove the files one more time and change mirror. This is easily done using the pacman-mirrors command
sudo pacman-mirrors --continent
Rerun your sync command (force metadata reload)
sudo pacman -Syyu