[root tip] [How To] Mitigate and prevent GPGME error when syncing your system

You are getting a message when syncing your system

error: GPGME error: No data
error: failed to synchronize all databases (invalid or corrupted database (PGP signature))

Before you continue

Also see this pacman bugreport from 2015 - which was closed as not a bug but a matter of configuration.

TL:DR

Open the file /etc/pacman.conf in a terminl editor (nano, micro, vi) and locate the following section

# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel    = Required DatabaseOptional
LocalFileSigLevel = Optional
#RemoteFileSigLevel = Required

Change the SigLevel to

....
SigLevel    = Required DatabaseNever
....

Remove the files in /var/lib/pacman/sync - they will be fetched as necessary

sudo rm -f /var/lib/pacman/sync/*

Change mirror

sudo pacman-mirrors --continent

The explanation

It is a matter of configuration.

The setting in pacman.conf instructs pacman to look for optional database signature files. Neither Archlinux nor Manjaro signs the database - only the packages. Signing the database is rare but do exist and an example of an entity signing the database is SublimeHq (sublime text and sublime merge).

Pacman defaults to an internal downloader to retrieve files from the mirror.

When pacman wants a db.sig file it requests the signature file.

The mirror can answer with 200 which will make libalpm save the content received OR the mirror can respond with 404 which will do nothing and no error messages is thrown as there is no file to be read.

Some mirrors responds to 404 with 200 and some html.

Such responses will be written as the signature file and libalpm will validate the database with the received data and the validation - of course - fails.

If you look into the folder /var/lib/pacman/sync you will most likely find several db.sig files with identical timestamps and size.

If you take a closer look they are text files having html content

$ file /var/lib/pacman/sync/*.db.sig
core.db.sig: HTML document, ASCII text
...

When using the default

SigLevel    = Required DatabaseOptional

there is only way to mitigate the above and it is to set the following in pacman.conf.

SigLevel    = Required DatabaseNever

There is no security problem with this as the packages are signed and the SigLevel for the repos are usually set to PackageRequired as seen from below example

[core]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

You can safely remove the files in /var/lib/pacman/sync as they will be fetched as necessary.

sudo rm -f /var/lib/pacman/sync/*

If - despite the above configuration - the messages continues - you will need to remove the files one more time and change mirror. This is easily done using the pacman-mirrors command

sudo pacman-mirrors --continent

Rerun your sync command

sudo pacman -Syyu
31 Likes

A post was merged into an existing topic: Discord Update / Error

Works perfect! Thanks for this solution.

Should we change SigLevel config back to original, after completing the update?

Best,
Orkut

1 Like

Not necessary.

1 Like

I just had trouble updating dropbox where reversing the changes made to /etc/pacman.conf fixed it. So for some cases it might be helpful to “switch back”.

This topic is pacman related not custom packages.

Custom package build from AUR and their package signature and keys are handled manually.

Thank you so much for the in depth explanation and solution. I’ve encountered this issue more than once and the way I fixed it was not even the same across instances.

This seems to be the true solution.

How do you handle a problem with signature and keys with custom package builds from AUR?

See one of the pinned topics in the AUR section:

1 Like

That didnt really help, maybe thats not the problem after all. Thank you.