To remove dbus-python 1.3.2-3, to install python-dbus 1.3.2-4

I noticed when I tried to update my system again using the graphical interface, I saw this in the log:

[... there were a lot of packages so I am showing the last 3]
Download of harfbuzz-icu (8.5.0-1) started
Download of bluez-hid2hci (5.76-1) finished
Download of harfbuzz-icu (8.5.0-1) finished
Checking keyring...
Checking integrity...
Error: glibc: signature from "Frederik Schwan <frederik.schwan@linux.com>" is unknown trust
Error: gcc-libs: signature from "Frederik Schwan <frederik.schwan@linux.com>" is unknown trust
Error: ncurses: signature from "David Runge <dvzrv@archlinux.org>" is unknown trust
Error: gtest: signature from "Antonio Rojas <arojas@archlinux.org>" is unknown trust
Error: abseil-cpp: signature from "Christian Heusel (gromit packager key) <gromit@archlinux.org>" is unknown trust
Error: adwaita-cursors: signature from "Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>" is unknown trust
Error: hicolor-icon-theme: signature from "Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>" is unknown trust
Error: adwaita-icon-theme-legacy: signature from "Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>" is unknown trust
Error: adwaita-icon-theme: signature from "Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>" is unknown trust
Error: xfsprogs: signature from "Tobias Powalowski <tobias.powalowski@googlemail.com>" is unknown trust
Error: xterm: signature from "T.J. Townsend <blakkheim@archlinux.org>" is unknown trust
Error: yt-dlp: signature from "Antonio Rojas <arojas@archlinux.org>" is unknown trust
Failed to commit transaction:
invalid or corrupted package (PGP signature):
... [again, there were a lot of packages, so I'm just showing a few]

So, I tried the command from @soundofthunder
sudo pacman-mirrors --continent && sudo pacman -Syu archlinux-keyring

And I got this:

error: binutils: signature from "Frederik Schwan <frederik.schwan@linux.com>" is unknown trust
:: File /var/cache/pacman/pkg/binutils-2.42+r91+g6224493e457-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: bluez: signature from "Robin Candau <antiz@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/bluez-5.76-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: nss: signature from "Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/nss-3.100-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y

I kept doing it for all the packages, while I am thinking, not sure how my system is going to work after deleting 323 packages

It seems to be there is something wrong with my keyring packages and this openpgp-revocs file and it needs to get fixed somehow before anything can update again.

Anyways, at this point, I think I’ll just re-install Manjaro later tonight. It’s faster unless someone can see the issue.

Appreciate the help!

Until now, all you deleted is the downloaded packages that where going to be installed.
They where all marked as “bad” because the integrity test via pgp fails/keeps failing.

You need to address the pgp key issue first!

Until you do this, every single package will fail the test and nothing will be installed.
look at my previous post

Thanks, I’ll look at that.

That did it, thanks @Nachlese

This was the solution, so you don’t have to go to that post:

sudo rm -fr /etc/pacman.d/gnupg
sudo pacman-key --init
sudo pacman-key --populate archlinux manjaro
sudo pacman-key --refresh-keys

good on you!