Three intel packages are blocking my update, because they are marginal trust

During update of my system using pacman -Syu I get the following errors:

error: intel-gmmlib: signature from "Daniel Bermond <dbermond@archlinux.org>" is marginal trust
:: File /var/cache/pacman/pkg/intel-gmmlib-22.9.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: intel-graphics-compiler: signature from "Daniel Bermond <dbermond@archlinux.org>" is marginal trust
:: File /var/cache/pacman/pkg/intel-graphics-compiler-1:2.27.10-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: intel-compute-runtime: signature from "Daniel Bermond <dbermond@archlinux.org>" is marginal trust
:: File /var/cache/pacman/pkg/intel-compute-runtime-26.01.36711.4-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.

I tried quite a few things, but unfortunately nothing solved the issue. Here is a list of things I tried in no particular order:

rm -rf /etc/pacman.d/gnupg
pacman-key --init
pacman-key --populate archlinux
pacman-key --refresh-keys
pacman -S archlinux-keyring
pacman -S manjaro-keyring
pacman -Suu archlinux-keyring
pacman -Syy
pacman -Su
pacman -S intel-gmmlib intel-graphics-compiler intel-compute-runtime

Allowing weak key signatures in /etc/pacman.d/gnupg/gpg.conf

Checking timedatectl. It is showing correct date, with ntp active.

Updating the kernel to current recommended LTS and restarting. Currently I’am running:

> uname -r
6.12.68-1-MANJARO

I’am on KDE Plasma on x11.

The issue might be something very silly I overlooked, but I have no idea.

Thanks in advance for any help

What do you get from

pacman-key -l dbermond@archlinux.org

I’m curious because in my not-yet-downgraded keyring (20260206-1), dbermond is listed as [ full ], while the other recently problematic keys (anatolik, morganamilo, shibumi) all show [marginal].

In this case, I think order matters. I would recommend

1. Temporarily remove the 3 packages
   • sudo pacman -R intel-gmmlib intel-graphics-compiler intel-compute-runtime
   • If you get dependency problems, you might need to use sudo pacman -Rdd ...
2. Sync and allow downgrade to the archlinux-keyring package
   • sudo pacman -Syuu
3. Remove the old keyring
   • sudo rm -rf /etc/pacman.d/gnupg
4. Initialize the keyring
   • sudo pacman-key --init
5. Populate the keyring
   • sudo pacman-key --populate archlinux manjaro
6. Reinstall the 3 packages
   • sudo pacman -S intel-gmmlib intel-graphics-compiler intel-compute-runtime

His signatures look fine on my install.

I only have intel-gmmlibinstalled, but it just upgraded without issue, about 40 minutes ago.

Same issues here:

sudo pacman -S highway libjxl libvpl vmaf
resolving dependencies...
looking for conflicting packages...

Packages (5) gperftools-2.17.2-1  highway-1.3.0-1  libjxl-0.11.1-5  libvpl-2.16.0-1  vmaf-3.0.0-1

Total Installed Size:  28.97 MiB

:: Proceed with installation? [Y/n] y
(5/5) checking keys in keyring                                                                                                                         [############################################################################################] 100%
(5/5) checking package integrity                                                                                                                       [############################################################################################] 100%
error: highway: signature from "Daniel Bermond <dbermond@archlinux.org>" is marginal trust
:: File /var/cache/pacman/pkg/highway-1.3.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: libjxl: signature from "Daniel Bermond <dbermond@archlinux.org>" is marginal trust
:: File /var/cache/pacman/pkg/libjxl-0.11.1-5-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: libvpl: signature from "Daniel Bermond <dbermond@archlinux.org>" is marginal trust
:: File /var/cache/pacman/pkg/libvpl-2.16.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: vmaf: signature from "Daniel Bermond <dbermond@archlinux.org>" is marginal trust
:: File /var/cache/pacman/pkg/vmaf-3.0.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

pacman-key -l dbermond@archlinux.or
gpg: Note: trustdb not writable
pub   rsa2048 2016-06-27 [SC]
      3FFA6AB7B69AAE6CCA263DDE019A7474297D8577
uid           [ unknown] Daniel Bermond <danielbermond@gmail.com>
uid           [ unknown] Daniel Bermond <dbermond@archlinux.org>
sub   rsa2048 2016-06-27 [E]

pub   ed25519 2021-10-30 [SC] [expires: 2026-10-29]
      80247D99EABD3A4D1E3A1836E85B8683EB48BC95
uid           [marginal] Daniel Bermond <dbermond@archlinux.org>
sub   cv25519 2021-10-30 [E] [expires: 2026-10-29]

Trying to force remove those and their dep’s actually bricked my system.. This IMPOV show’s a bit the type of things users are going through when the pacman subsystem goes downhill.

Same issue here as well. When I checked the key of danielbermond@gmail.com it showed:

sudo pacman-key -l dbermond@archlinux.org
                                                                                                                     
pub   rsa2048 2016-06-27 [SC]
      3FFA6AB7B69AAE6CCA263DDE019A7474297D8577
uid        [vollständig] Daniel Bermond <danielbermond@gmail.com>
uid        [vollständig] Daniel Bermond <dbermond@archlinux.org>
sub   rsa2048 2016-06-27 [E]

pub   ed25519 2021-10-30 [SC] [verfällt: 2026-10-29]
      80247D99EABD3A4D1E3A1836E85B8683EB48BC95
uid        [  marginal ] Daniel Bermond <dbermond@archlinux.org>
sub   cv25519 2021-10-30 [E] [verfällt: 2026-10-29]

My solution was to trust the second key (the one with marginal trust) locally:
sudo pacman-key --lsign-key 80247D99EABD3A4D1E3A1836E85B8683EB48BC95

After that it is shown as trusted:

sudo pacman-key -l dbermond@archlinux.org 
                                                                                                                    
pub   rsa2048 2016-06-27 [SC]
      3FFA6AB7B69AAE6CCA263DDE019A7474297D8577
uid        [vollständig] Daniel Bermond <danielbermond@gmail.com>
uid        [vollständig] Daniel Bermond <dbermond@archlinux.org>
sub   rsa2048 2016-06-27 [E]

pub   ed25519 2021-10-30 [SC] [verfällt: 2026-10-29]
      80247D99EABD3A4D1E3A1836E85B8683EB48BC95
uid        [vollständig] Daniel Bermond <dbermond@archlinux.org>
sub   cv25519 2021-10-30 [E] [verfällt: 2026-10-29]

Now the update executed as expected.

Nice one, could bypass the issue as well, thanks

I’m having the same problem. I did email Mr Bermond and got the reply
Hello,

Sorry, but Manjaro is not supported by Arch Linux. Please seek help in your distribution support channels.

–
Best regards,
Daniel Bermond

I tried the sudo pacman-key and that has seemed to fix the error…well, at least it has now updated - so thanks to jewink for the info

This I would expect to be true of all distros’ official support forums.

Anyway, Welcome to the Manjaro Community!

Sorry for the late reply, I was busy for a few days and couldn’t get to try.

I did not try the first suggestion by takakage, because it seemed more invasive. So I first tried:

And this solved the issue for me

Thanks!

thanks, sudo pacman-key --lsign-key 80247D99EABD3A4D1E3A1836E85B8683EB48BC95
worked.

didnt dare to try this solution: Marginal Trust invalid or corrupt package Error while updating manjaro

I’m mostly replying, as I want to know more. The above got marked as the solution.

Isn’t this actually just a hack? (With a chance of backfiring if you don’t --delete it next update. As maintainers always change.)

And isn’t there an additional security risk, for a chunk of the actual official repository? And you hope you’re okay until `archlinux-keyriung’ gets a higher version?

And you still have that local exception lingering, if you didn’t delete that key.

(These are all questions which were just my assumptions.)

Aren’t all the steps around this one, the correct way?

(But you said this did not work?)

It probably did not work because of some undeleted cache.

This is indeed a workaround.
Bermond has 3 keys. So far the packages were only signed with one of them. In the old version of keyring this one was trusted, the other 2 not. In the February version of the keyring it was the other way around which broke the older packages.

Now for me, there are still questions open, and the most important is how will his packages be signed from now on? Was it an oversight or an intentional change. If it was intentional we will end in the same situation next month.
In any case, even if it happens once more the other way around in February, until March everything has to be synced. But for February release just adding locally all the 3 keys might be the workaround.

I guess we will see if anyone will get problems on next stable update and who - those who reverted or those who added one more key (they should actually be safe).

For now just note both solutions - revering the whole keyring and locally adding a key.

With thanks to @Yochanan…

https://www.reddit.com/r/archlinux/comments/1rafluf/pacman_and_keyring_issues/

That’s the type of explanation I was looking for.

I was just blindly running commands without knowing why. Which hurts my soul every time I do this!

Pardon my naivety, where is Yochanan in this scenario?

He posted that link in the Member Hub earlier today.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.