X-Post in Arch Forum: LINKS-NOT-ALLOWED https_bbs.archlinux_org/viewtopic.php?pid=2188851
Sorry, for also asking. I can find a lot of messages about this in the internet but none of the solutions (I tried and understood) worked for me. Beside of that I am not a regular Arch user but coming from Debian. I am just an upstream maintainer needing Arch doing tests.
Are run Arch on a VM only every couple of months. So the state of the system is often out of date. The error message I do get is
$ sudo pacman -Sy archlinux-keyring manjaro-keyring && sudo pacman -Su
...
(602/602) checking package integrity [#################] 100%
error: bash: signature from "Mark Wagie <mark@manjaro.org>" is unknown trust
:: File /var/cache/pacman/pkg/bash-5.2.026-3-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
...
error: xiccd: signature from "Mark Wagie <mark@manjaro.org>" is unknown trust
:: File /var/cache/pacman/pkg/xiccd-0.3.0-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.
There are several âunknown trustâ and âcorruptedâ messages like this.
Seems to doesnât matter if I answer Y or n.
I also know this commands, not sure what they are doing but also tried them.
I didnât search for âmanjaro-keyringâ because I did not realize this is a Manjaro problem. From my non-user-upstream-maintainer-perspective Manjaro is just an Arch easier to install. AnywayâŚ
Even after reading the sources you where so nice to provide I do not understand why the problem occur every time I boot an Arch-based distro.
I try to understand and not only solve. Let me ask the other way around: Why isnât this treated as a bug when it has such impact on users?
How to offend two distro communities with just one phrase (just kidding)
The mantra is: Manjaro is not Arch. Manjaro has its own repositories, and even if most packages come from Arch, there are enough differences that make them two different distros.
That said, to solve the problem now, you can follow the instructions in the link provided by @Arrababiski and download and execute the script.
If you want to avoid these problems in the future, you should update your VM more often. If you really do it every couple of months it shouldnât be any problems.
That is a workaround not a solution. I am not an Arch(-based) user. I am an upstream maintainer. I boot that VMs only for diagnosing bugs or doing full tests before a new release.
Again: Why does this problem happens? From my current point of view it looks like a design problem of the whole package infrastructure and management.
On Debian GNU/Linux this does not happen. What is the difference in the concept of these two package systems?
I am asking not to blame Arch & Co but just to learn.
I donât have the explanation but Rolling Release distributions NEED to be updated regularly, you also need to follow changes to configuration that will/may not be updated automagically, or changes to critical system parts.
For the keys issue, I would guess you missed multiple consecutive updates of these packages and at some point you have no possibility of properly continue the updates of anything normally, as everything regarding that is out of date, and a manual intervention is required to get the normal update process work as intended. Maybe someone who knows will chime in at some point.
Yes, this is not the same at all, these are Point Release distribution, and another package manager, everything works completely in other ways. Respective WIKI and manuals will have all the answers regarding how things work here or there.
I ran Gentoo for over 15 years, another rolling release distro. It was kind of the nature of the beast. It was one a downside to running the latest of everything, and all the cool things Gentoo could do compared to other distros in itâs day. They even have dispatch for config files, instead of pacnew files, and they can even be versioned controlled there.
As technologies arise and grow, big changes happens to rolling release distros. Just to name a couple, Wayland got enabled by default if possible, and now Pipewire instead of Pulseaudio. Things become obsolete, and new things take their place.
Should an update on an instance work after you havenât touched it for 2 years? That would be great! But if itâs regularly going to be mostly powered off for very long periods, any rolling release distro is probably not the right choice for this circumstance. As omano said, you probably want a distro that is point/fixed release, and has Long Term Support (LTS) on top of that.
I honestly donât know how far back testing takes place for updates, the longest Iâve gone is 2 weeks.
In his case he doesnât need to run Point Release distro, as he said he uses various systems to do bug testing for a project he maintains. So he needs to use this or this distro in order to bug hunting or do various tests.
Updating the machines every month or so would be the way to go if he wants to use them occasionally for his tests. Or a full new install would be the other way to go. But starting a machine 6 months after last update and expecting everything to work on a full system update without any manual intervention is very optimistic. As you said it is the nature of the beast, it keeps rolling.