Upgrading after a while: Invalid or corrupted package (PGP signature)

Hello,

Today I tried to upgrade the system and ran into this:

error: zlib: signature from "Arch Linux ARM Build System <builder@archlinuxarm.org>" is unknown trust
:: File /var/cache/pacman/pkg/zlib-1:1.2.13-2-aarch64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 

I thought that it was just a change of signatures and that the packages will be replaced with the new one, I hit yes on a lot of them… After I while I realized that maybe something was wrong, so I stopped everything and started looking for answers,

I have tried couple of them but nothing seems to work, how can I update the signatures and restore all the packages that I removed?

Checking on the forums there seems to be several different solutions to this. Which one should I follow?

One of the post that I’m following suggested this:

sudo pacman-mirrors -c Global
sudo pacman -Syy
sudo pacman -S manjaro-keyring archlinux-keyring

And for me I got:

warning: manjaro-keyring-20221028-4 is up to date -- reinstalling
warning: archlinux-keyring-20221123-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (2) archlinux-keyring-20221123-1  manjaro-keyring-20221028-4

Total Installed Size:  2.28 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] y
(2/2) checking keys in keyring                                  [###################################] 100%
(2/2) checking package integrity                                [###################################] 100%
error: archlinux-keyring: signature from "Arch Linux ARM Build System <builder@archlinuxarm.org>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20221123-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n

Try to run sudo pacman -Fy if it helps.

Try sudo pacman -S archlinuxarm-keyring instead.

It’s saying that the Arch Linux ARM specific keys are not found.

Didn’t help

sudo pacman -S archlinuxarm-keyring 
warning: archlinuxarm-keyring-20140119-2 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (1) archlinuxarm-keyring-20140119-2

Total Installed Size:  0.01 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] 
(1/1) checking keys in keyring                                  [###################################] 100%
(1/1) checking package integrity                                [###################################] 100%
error: archlinuxarm-keyring: signature from "Arch Linux ARM Build System <builder@archlinuxarm.org>" is unknown trust
:: File /var/cache/pacman/pkg/archlinuxarm-keyring-20140119-2-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 

I had also tried removing /etc/pacman.d/gnupg, initiating and populating it again, same issue…

I also tried to follow this: Pacman troubleshooting - Manjaro

But it seems to be outdated or something:

 sudo rm -r /etc/pacman.d/gnupg
sudo pacman -Sy gnupg archlinux-keyring manjaro-keyring 
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
warning: gnupg-2.2.40-1 is up to date -- reinstalling
warning: archlinux-keyring-20221123-1 is up to date -- reinstalling
warning: manjaro-keyring-20221028-4 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (3) archlinux-keyring-20221123-1  gnupg-2.2.40-1  manjaro-keyring-20221028-4

Total Installed Size:  12.95 MiB
Net Upgrade Size:       0.00 MiB

:: Proceed with installation? [Y/n] 
(3/3) checking keys in keyring                                  [###################################] 100%
warning: Public keyring not found; have you run 'pacman-key --init'?
downloading required keys...
error: keyring is not writable
error: keyring is not writable
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.

It’s quite frustrating… (I also did step 3 of the wiki before step 2, still no luck)

try clearing your cache:
sudo pacman -Sc (yes to all);
and rerun the update again

I have done it, multiple times, still the same :frowning:

and if you remove all of the cache?:
sudo pacman -Scc
did you tried this command too?

That one, no, I think not, however I think I got it working now, but had to modify /etc/pacman.conf, commented the SigLevel line and replaced with SigLevel = Never with that I was able to reinstall the keyrings, changed it back and it seems to work now…

1 Like

Glad you got that figured out. Here’s a brief explanation of why that is sometimes required. It’s not a new issue, and unfortunately you can expect to see that again if you wait long enough before updating your system.

So I’m coming off a fresh install of Manjaro ARM on my Raspberry Pi 4. I am running into the “(invalid or corrupted package (PGP signature))” issue. I’ve ran through every “fix” I could find. I’ve ran through this post and it’s comments numerous times to no avail. I can’t get it to install the new keyring even after switching the “Siglevel to Never”. It’s like failed security inception… You can’t install anything because the security keys don’t match, you can’t upgrade your security keys because your security keys don’t match… No matter what avenue I try I’m met with the exact same PGP error. I’m not the brightest of people, but this just doesn’t make sense… Why such a crippling issue straight out of the box?!

This is the feedback I get when trying to rundown the old recommended workaround seen in the “explanation” link above provided by @lectrode :

sudo cp -f “/etc/pacman.conf” “/etc/pacman.conf.orig”
sudo sed -i ‘s/SigLevel.*/SigLevel = Never/’ /etc/pacman.conf
sudo pacman -Syy gnupg archlinux-keyring manjaro-keyring --ignore manjaro-system
sudo mv -f “/etc/pacman.conf.orig” “/etc/pacman.conf”
sudo pacman -Syu
[sudo] password for trashlord:
:: Synchronizing package databases…
core 280.4 KiB 207 KiB/s 00:01 [###################################] 100%
extra 2.5 MiB 1091 KiB/s 00:02 [###################################] 100%
community 7.1 MiB 2.13 MiB/s 00:03 [###################################] 100%
warning: gnupg-2.2.40-1 is up to date – reinstalling
warning: archlinux-keyring-20221123-1 is up to date – reinstalling
warning: manjaro-keyring-20221028-4 is up to date – reinstalling
resolving dependencies…
looking for conflicting packages…

Packages (3) archlinux-keyring-20221123-1 gnupg-2.2.40-1 manjaro-keyring-20221028-4

Total Installed Size: 12.95 MiB
Net Upgrade Size: 0.00 MiB

:: Proceed with installation? [Y/n] y
(3/3) checking keys in keyring [###################################] 100%
(3/3) checking package integrity [###################################] 100%
(3/3) loading package files [###################################] 100%
(3/3) checking for file conflicts [###################################] 100%
(3/3) checking available disk space [###################################] 100%
:: Processing package changes…
(1/3) reinstalling gnupg [###################################] 100%
(2/3) reinstalling manjaro-keyring [###################################] 100%
==> Appending keys from manjaro.gpg…
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
==> Locally signing trusted keys in keyring…
→ Locally signed 2 keys.
==> Importing owner trust values…
==> Disabling revoked keys in keyring…
→ Disabled 8 keys.
==> Updating trust database…
gpg: next trustdb check due at 2023-01-01
(3/3) reinstalling archlinux-keyring [###################################] 100%
==> Appending keys from archlinux.gpg…
==> Updating trust database…
gpg: next trustdb check due at 2023-01-01
==> Updating trust database…
gpg: next trustdb check due at 2023-01-01
:: Running post-transaction hooks…
(1/3) Reloading system manager configuration…
(2/3) Arming ConditionNeedsUpdate…
(3/3) Updating the info directory file…
:: Synchronizing package databases…
core is up to date
extra is up to date
community is up to date
:: Starting full system upgrade…
:: Replace nerd-fonts-terminus with community/ttf-terminus-nerd? [Y/n]
resolving dependencies…
looking for conflicting packages…

Packages (2) nerd-fonts-terminus-2.0.0-2 [removal] ttf-terminus-nerd-2.2.2-2

Total Download Size: 0.86 MiB
Total Installed Size: 7.33 MiB
Net Upgrade Size: 0.63 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages…
ttf-terminus-nerd-2.2.2-2-any 883.2 KiB 856 KiB/s 00:01 [###################################] 100%
(1/1) checking keys in keyring [###################################] 100%
(1/1) checking package integrity [###################################] 100%
error: ttf-terminus-nerd: signature from “Arch Linux ARM Build System builder@archlinuxarm.org” is unknown trust
:: File /var/cache/pacman/pkg/ttf-terminus-nerd-2.2.2-2-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

I’m a bit lost in this thread but has “sudo pacman-key --init” been tried?

1 Like

You forgot the archlinuxarm-keyring when you reinstalled the keyrings you need.

The key it mentions is from that keyring.

As @Strit mentioned, you need the arm-specific keyrings. Updated commands are as follows:

sudo cp -f "/etc/pacman.conf" "/etc/pacman.conf.orig"
sudo sed -i 's/SigLevel.*/SigLevel = Never/' /etc/pacman.conf
sudo pacman -Syy gnupg archlinuxarm-keyring archlinux-keyring manjaro-arm-keyring manjaro-keyring --ignore manjaro-system
sudo mv -f "/etc/pacman.conf.orig" "/etc/pacman.conf"
sudo pacman -Syu
1 Like

I installed newest xfce version to usb hdd in rpi4b.
After it boots,I could’nt update .
It reports this thread title.

help please!

nothing of all the above solved the situation, still the same…

I am sure I precisely followed the instructions