no, just use. you are aware to use the other commands in this given order first ?
sudo pacman -Syvv manjaro-keyring
I simply donāt get why people try to fix something which is not broken. The thing is:
- A maintainer decided to leave the team and also decided to revoke his key on the keyservers
- That same key is still part of our keyring without any ending of validation as we still have some packages from that person
- So not updating the keys from keyservers makes your system still work
What we did so far from our end:
All the signatures from that Maintainer got replaced by a generic one from our build-server. This means the GPG key of that maintainer normally is not needed anymore to install those packages. It is only needed if you have his already downloaded signatures in your pacman-cache. We also updated all the package databases to reflect to the new signatures.
As you can see that we are still able to create daily ISOs the only issue is having those ābrokenā keys still in our keyring. As soon as all packages got rebuild by a different maintainer or buildserver we can safely also remove the not needed gpg key from our keyring.
18 Likes
Thanks Olli; I just applied it on 3 machines and it worked flawless. 
When people see error messages they tend to assume something is broken, especially when there isnāt anything to indicate otherwise. Your reply is the first to give some actual explanation of the situation.
7 Likes
This. Clarification of issues from the team and project transparency is (from my perspective) an important quality to many people in this sphere. Myself included.
Especially when itās something as critical as keys and trust etc.
1 Like
Hello! Iām low-tech-knowledge user, and got this error (ui update) and read topic through. So did i understand correctly, thereās nothing i need to do after this error? Nothing is broken in system? Updates keeps coming and security is fine?
AFAIK Yes
1 Like
Thanks for the post @philm , like others have posted they see an error and think something is broken. Not everyone was aware of the change of keys and just wanted reassuring nothing was broken.
Might be an idea to add it to the second post of the announcement threads until the error is gone? Help stop people breaking their system trying to fix something not broken
2 Likes
Great to read that the issue is being solved as we speak. Appreciate the work, but I am still left with a question about the following quote:
(āItā referencing to the PGP key of the maintainer that left with the key)
How do I know if I have specific signatures in my pacman cache from the maintainer, who suddenly left?
I would really welcome any more specific advice which a newbie like me can understandā¦thanks
1 Like
i deleted the pacman cache
paccache -rvk0
Hi. I am a true newbie, just trying to learn how to properly run and enjoy my Manjaro install in the best way, so your tips are real gifts for me! My question might be really stupid for expert people, if thatās the case I am sorry for thatā¦
Anyway Iād like to know how can I check which keys are ābrokenā (for example beacause the maintainer revoked them), and how can I remove not needed keys from a keyring in a safe way: should I uninstall something, or just remove the files, or anything elseā¦?
Thanks for your attention, hope my question is not off-topic and you can help me!
nothing to do, maintainers work for us, all (the right) keys are in archlinux-keyring and manjaro-keyring packages ; so we have to update when they are available. this update adds, removes or modifies keys if needed
2 Likes
Thank you so much. Happy to read this, thank you!
Olliās snippet worked great on my machine 
, had this for a couple days now.
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
The stuff i went through that didnāt work:
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.