[Stable Update] 2023-12-01 - Kernels, NVIDIA, Thunderbird, Deepin, PipeWire 1.0, QEMU

The PGP signatures for the kernel packages, and even all packages, seem to be broken.

From Manjaro Settings, when trying to install the 6.6 kernel:

linux66-6.6.3-1-x86_64 downloading...
 linux66-nvidia-545.29.06-8-x86_64 downloading...
checking keyring...
checking package integrity...
:: File /var/cache/pacman/pkg/linux66-6.6.3-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
:: File /var/cache/pacman/pkg/linux66-nvidia-545.29.06-8-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: linux66: signature from "Manjaro Build Server <build@manjaro.org>" is unknown trust
Errors occurred, no packages were upgraded.
error: linux66-nvidia: signature from "Manjaro Build Server <build@manjaro.org>" is unknown trust
error: failed to commit transaction (invalid or corrupted package (PGP signature))

Trying to (re)install any package also causes errors regarding unknown trust. Trying to refresh or repopulate keys also doesn’t work:

❯ sudo pacman-key --refresh-keys
gpg: error reading key: No public key
gpg: key F296BDE50368C6CE: "T.J. Townsend <blakkheim@archlinux.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
pub   ed25519 2022-08-08 [SC]
      54C1FD273361EA514A237793F296BDE50368C6CE
uid           [ unknown] T.J. Townsend <blakkheim@archlinux.org>
sub   ed25519 2022-09-04 [SA]
sub   cv25519 2022-08-08 [E]

gpg: key A6234074498E9CEE: "Christian Hesse <eworm@archlinux.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
pub   rsa2048 2011-08-12 [SC]
      02FD1C7A934E614545849F19A6234074498E9CEE
uid           [ unknown] Christian Hesse <eworm@archlinux.org>
sub   rsa2048 2011-08-12 [E]
sub   ed25519 2019-08-29 [S]
sub   cv25519 2019-08-29 [E]

gpg: error retrieving 'build@manjaro.org' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key 279E7CF5D8D56EC8: "Manjaro Build Server <build@manjaro.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

❯ sudo pacman-key --populate archlinux manjaro
==> ERROR: There is no secret key available to sign with.
==> Use 'pacman-key --init' to generate a default secret key.

❯ sudo pacman-key --init
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/FB16E095594E1F57FA036AD9357F6022944466E6.rev'
gpg: Done
==> Updating trust database...
gpg: public key of ultimately trusted key 9C6B0359C4037DD4 not found
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
==> ERROR: Trust database could not be updated.

EDIT:
I found a solution in completely refreshing the keys, as is described here

1 Like