Today I tried to upgrade the system and ran into this:
error: zlib: signature from "Arch Linux ARM Build System <builder@archlinuxarm.org>" is unknown trust
:: File /var/cache/pacman/pkg/zlib-1:1.2.13-2-aarch64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
I thought that it was just a change of signatures and that the packages will be replaced with the new one, I hit yes on a lot of them… After I while I realized that maybe something was wrong, so I stopped everything and started looking for answers,
I have tried couple of them but nothing seems to work, how can I update the signatures and restore all the packages that I removed?
Checking on the forums there seems to be several different solutions to this. Which one should I follow?
warning: manjaro-keyring-20221028-4 is up to date -- reinstalling
warning: archlinux-keyring-20221123-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...
Packages (2) archlinux-keyring-20221123-1 manjaro-keyring-20221028-4
Total Installed Size: 2.28 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n] y
(2/2) checking keys in keyring [###################################] 100%
(2/2) checking package integrity [###################################] 100%
error: archlinux-keyring: signature from "Arch Linux ARM Build System <builder@archlinuxarm.org>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20221123-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
sudo pacman -S archlinuxarm-keyring
warning: archlinuxarm-keyring-20140119-2 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...
Packages (1) archlinuxarm-keyring-20140119-2
Total Installed Size: 0.01 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n]
(1/1) checking keys in keyring [###################################] 100%
(1/1) checking package integrity [###################################] 100%
error: archlinuxarm-keyring: signature from "Arch Linux ARM Build System <builder@archlinuxarm.org>" is unknown trust
:: File /var/cache/pacman/pkg/archlinuxarm-keyring-20140119-2-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
sudo rm -r /etc/pacman.d/gnupg
sudo pacman -Sy gnupg archlinux-keyring manjaro-keyring
:: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
warning: gnupg-2.2.40-1 is up to date -- reinstalling
warning: archlinux-keyring-20221123-1 is up to date -- reinstalling
warning: manjaro-keyring-20221028-4 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...
Packages (3) archlinux-keyring-20221123-1 gnupg-2.2.40-1 manjaro-keyring-20221028-4
Total Installed Size: 12.95 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n]
(3/3) checking keys in keyring [###################################] 100%
warning: Public keyring not found; have you run 'pacman-key --init'?
downloading required keys...
error: keyring is not writable
error: keyring is not writable
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
It’s quite frustrating… (I also did step 3 of the wiki before step 2, still no luck)
That one, no, I think not, however I think I got it working now, but had to modify /etc/pacman.conf, commented the SigLevel line and replaced with SigLevel = Never with that I was able to reinstall the keyrings, changed it back and it seems to work now…
Glad you got that figured out. Here’s a brief explanation of why that is sometimes required. It’s not a new issue, and unfortunately you can expect to see that again if you wait long enough before updating your system.
So I’m coming off a fresh install of Manjaro ARM on my Raspberry Pi 4. I am running into the “(invalid or corrupted package (PGP signature))” issue. I’ve ran through every “fix” I could find. I’ve ran through this post and it’s comments numerous times to no avail. I can’t get it to install the new keyring even after switching the “Siglevel to Never”. It’s like failed security inception… You can’t install anything because the security keys don’t match, you can’t upgrade your security keys because your security keys don’t match… No matter what avenue I try I’m met with the exact same PGP error. I’m not the brightest of people, but this just doesn’t make sense… Why such a crippling issue straight out of the box?!
Total Installed Size: 12.95 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n] y
(3/3) checking keys in keyring [###################################] 100%
(3/3) checking package integrity [###################################] 100%
(3/3) loading package files [###################################] 100%
(3/3) checking for file conflicts [###################################] 100%
(3/3) checking available disk space [###################################] 100%
:: Processing package changes…
(1/3) reinstalling gnupg [###################################] 100%
(2/3) reinstalling manjaro-keyring [###################################] 100%
==> Appending keys from manjaro.gpg…
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
==> Locally signing trusted keys in keyring…
→ Locally signed 2 keys.
==> Importing owner trust values…
==> Disabling revoked keys in keyring…
→ Disabled 8 keys.
==> Updating trust database…
gpg: next trustdb check due at 2023-01-01
(3/3) reinstalling archlinux-keyring [###################################] 100%
==> Appending keys from archlinux.gpg…
==> Updating trust database…
gpg: next trustdb check due at 2023-01-01
==> Updating trust database…
gpg: next trustdb check due at 2023-01-01
:: Running post-transaction hooks…
(1/3) Reloading system manager configuration…
(2/3) Arming ConditionNeedsUpdate…
(3/3) Updating the info directory file…
:: Synchronizing package databases…
core is up to date
extra is up to date
community is up to date
:: Starting full system upgrade…
:: Replace nerd-fonts-terminus with community/ttf-terminus-nerd? [Y/n]
resolving dependencies…
looking for conflicting packages…
Total Download Size: 0.86 MiB
Total Installed Size: 7.33 MiB
Net Upgrade Size: 0.63 MiB
:: Proceed with installation? [Y/n] y
:: Retrieving packages…
ttf-terminus-nerd-2.2.2-2-any 883.2 KiB 856 KiB/s 00:01 [###################################] 100%
(1/1) checking keys in keyring [###################################] 100%
(1/1) checking package integrity [###################################] 100%
error: ttf-terminus-nerd: signature from “Arch Linux ARM Build System builder@archlinuxarm.org” is unknown trust
:: File /var/cache/pacman/pkg/ttf-terminus-nerd-2.2.2-2-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
