If I do sudo pacman -Syyu it ask me individually to confirm adding every key (which fail). If I do sudo pacman-key --refresh-keys I get a lot of invalid packet and invalid keyring errors.
Is this a problem with the keyserver? I updated a very similar install on a laptop earlier without problem, but this on this PC it wouldn’t work yesterday afternoon or today. Some edited sample output below (it’s very repetitive).
gpg: keydb_search failed: Invalid packet
gpg: [don't know]: invalid packet (ctb=27)
gpg: keydb_search failed: Invalid packet
gpg: packet(2) with unknown version 230
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keyring_get_keyblock failed: Invalid keyring
gpg: failed to rebuild keyring cache: Invalid keyring
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: packet(2) with unknown version 230
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keydb_get_keyblock failed: Invalid keyring
gpg: validate_key_list failed
gpg: [don't know]: invalid packet (ctb=27)
gpg: keydb_search failed: Invalid packet
gpg: checking the trustdb
gpg: [don't know]: invalid packet (ctb=27)
gpg: keydb_search failed: Invalid packet
…
gpg: [don't know]: invalid packet (ctb=27)
gpg: keydb_search failed: Invalid packet
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
[appears many times]
gpg: [don't know]: invalid packet (ctb=27)
gpg: keydb_search failed: Invalid packet
…
gpg: public key DB323392796CA067 is 3037 days newer than the signature
…
gpg: keydb_search failed: Invalid packet
gpg: [don't know]: invalid packet (ctb=27)
[repeated many times]
gpg: keydb_search failed: Invalid packet
gpg: packet(2) with unknown version 230
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keyring_get_keyblock failed: Invalid keyring
gpg: failed to rebuild keyring cache: Invalid keyring
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: packet(2) with unknown version 230
gpg: keyring_get_keyblock: read error: Invalid packet
gpg: keydb_get_keyblock failed: Invalid keyring
gpg: validate_key_list failed
gpg: key BA1DFB64FFF979E7: "Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
pub rsa4096 2011-11-29 [SC] [revoked: 2022-05-10]
AB19265E5D7D20687D303246BA1DFB64FFF979E7
uid [ revoked] Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
gpg: [don't know]: invalid packet (ctb=27)
gpg: keyserver refresh failed: Invalid packet
==> ERROR: Could not update key: BA1DFB64FFF979E7
…
I then tried renaming /etc/pacman.d/gnupg and reinitialising the keys (pacman-key --init § pacman-key --populate archlinux manjaro § pacman -Sy gnupg archlinux-keyring manjaro-keyring § pacman-key --refresh-keys). This seemed to work and the upgrade started, but when I came back to look at it, it had failed because rclone-1.63.0-1-x86_64.pkg.tar.zst failed to download. Starting the upgrade again resulted in this:
(1097/1097) checking keys in keyring [########################################] 100%
warning: Public keyring not found; have you run 'pacman-key --init'?
downloading required keys...
error: keyring is not writable
[over multiple lines]
error: required key missing from keyring
When I run sudo pacman-key --init again I get this. Maybe that key is the problem, but how do I find out what it is?
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/5DBBD5796767254943197DECBF59330B3E485D4B.rev'
gpg: Done
==> Updating trust database...
gpg: public key of ultimately trusted key 00C23989C6739EA1 not found
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
==> ERROR: Trust database could not be updated.
This is one of the steps I’ve already followed: sudo pacman-key --populate archlinux manjaro
Running it again produces more errors:
==> Appending keys from archlinux.gpg...
gpg: public key of ultimately trusted key 00C23989C6739EA1 not found
==> Appending keys from manjaro.gpg...
gpg: public key of ultimately trusted key 00C23989C6739EA1 not found
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
==> Locally signing trusted keys in keyring...
==> ERROR: 75BD80E4D834509F6E740257B1B73B02CC52A02A could not be locally signed.
==> ERROR: 688E8F82879D0E25CE541426150C200743ED46D8 could not be locally signed.
==> ERROR: 04BB537F5BC2D399BFA72F8F17C752B61B2F2E90 could not be locally signed.
==> ERROR: 5A97ED6B72418199F0C22B23137C934B5DCB998E could not be locally signed.
==> ERROR: 2AC0A42EFB0B5CBC7A0402ED4DC95B6D7BE9892E could not be locally signed.
==> ERROR: 2FCB09A0E026F49B1060840BC0D1CCE50CC38123 could not be locally signed.
==> ERROR: 2D14560CDCE6A75BB186DB758238651DDF5E0594 could not be locally signed.
==> ERROR: A44C644D792767CED7941AFEABB2075D5F310CF8 could not be locally signed.
==> ERROR: 7A443CEE69B6B3777740E258084A7FC0035B1D49 could not be locally signed.
==> ERROR: 47D9DA1E810C1BCAEBB6C4861BF79786E554EF5D could not be locally signed.
==> ERROR: 2C688B52E3FC0144B7484BABE3B3F44AC45EE0AA could not be locally signed.
==> ERROR: 0037505D6C3F595C37F5626AFD847358FF20E35C could not be locally signed.
==> ERROR: 39F0EC1AE50B37E5F3196F09DAD3B211663CA268 could not be locally signed.
==> ERROR: F66AD0FF0E57C561615A0901CEE477135C5872B0 could not be locally signed.
==> ERROR: 22C903DE964E6FE321656E318DB9F8C18DF53602 could not be locally signed.
==> ERROR: 75C1B95A4D9514A57EB2DAE71817DC63CD3B5DF5 could not be locally signed.
==> ERROR: E4CDFE50A2DA85D58C8A8C70CAA6A59611C7F07E could not be locally signed.
==> ERROR: 3B794DE6D4320FCE594F4171279E7CF5D8D56EC8 could not be locally signed.
==> ERROR: 91FFE0700E80619CEB73235CA88E23E377514E00 could not be locally signed.
The steps I followed before didn’t include manually downloading the keyrings, so I’ve tried doing that. I wonder if it’s significant that pacman-key tells me gpg: Note: trustdb not writable though it looks writable by root.
Another package failed to download this time. Maybe there is something wrong with the Australian mirror.
Yes, I successfully did a sudo mv /etc/pacman.d/gnupg /etc/pacman.d/gnupg.bad when trying to fix it and sudo pacman-key --init etc. creates the files.
After refreshing mirrors again, clearing cache and running the update a couple of times it ends with this:
1097/1097) checking keys in keyring [########################################] 100%
(1097/1097) checking package integrity [########################################] 100%
error: cudnn: signature from "Sven-Hendrik Haase <sh@lutzhaase.com>" is invalid
:: File /var/cache/pacman/pkg/cudnn-8.9.2.26-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] Y
error: python-scikit-learn: signature from "Caleb Maclennan <alerque@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/python-scikit-learn-1.3.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.