[root tip] [How To] Mitigate and prevent GPGME error when syncing your system

You are getting a message when syncing your system

error: GPGME error: No data
error: failed to synchronize all databases (invalid or corrupted database (PGP signature))

Before you continue

Also see this pacman bugreport from 2015 - which was closed as not a bug but a matter of configuration.


Open the file /etc/pacman.conf in a terminl editor (nano, micro, vi) and locate the following section

# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel    = Required DatabaseOptional
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required

Change the SigLevel to

SigLevel    = Required DatabaseNever

Remove the files in /var/lib/pacman/sync - they will be fetched as necessary

sudo rm -f /var/lib/pacman/sync/*

Change mirror

sudo pacman-mirrors --continent

The explanation

It is a matter of configuration.

The setting in pacman.conf instructs pacman to look for optional database signature files. Neither Archlinux nor Manjaro signs the database - only the packages. Signing the database is rare but do exist and an example of an entity signing the database is SublimeHq (sublime text and sublime merge).

Pacman defaults to an internal downloader to retrieve files from the mirror.

When pacman wants a db.sig file it requests the signature file.

The mirror can answer with 200 which will make libalpm save the content received OR the mirror can respond with 404 which will do nothing and no error messages is thrown as there is no file to be read.

Some mirrors responds to 404 with 200 and some html.

Such responses will be written as the signature file and libalpm will validate the database with the received data and the validation - of course - fails.

If you look into the folder /var/lib/pacman/sync you will most likely find several db.sig files with identical timestamps and size.

If you take a closer look they are text files having html content

$ file /var/lib/pacman/sync/*.db.sig
core.db.sig: HTML document, ASCII text

When using the default

SigLevel    = Required DatabaseOptional

there is only way to mitigate the above and it is to set the following in pacman.conf.

SigLevel    = Required DatabaseNever

There is no security problem with this as the packages are signed and the SigLevel for the repos are usually set to PackageRequired as seen from below example

SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

You can safely remove the files in /var/lib/pacman/sync as they will be fetched as necessary.

sudo rm -f /var/lib/pacman/sync/*

If - despite the above configuration - the messages continues - you will need to remove the files one more time and change mirror. This is easily done using the pacman-mirrors command

sudo pacman-mirrors --continent

Rerun your sync command

sudo pacman -Syyu

A post was merged into an existing topic: Discord Update / Error

Works perfect! Thanks for this solution.

Should we change SigLevel config back to original, after completing the update?


Not necessary.

I just had trouble updating dropbox where reversing the changes made to /etc/pacman.conf fixed it. So for some cases it might be helpful to “switch back”.

This topic is pacman related not custom packages.

Custom package build from AUR and their package signature and keys are handled manually.