Upgrading after a while: Invalid or corrupted package (PGP signature)

Try sudo pacman -S archlinuxarm-keyring instead.

It’s saying that the Arch Linux ARM specific keys are not found.

Didn’t help

sudo pacman -S archlinuxarm-keyring 
warning: archlinuxarm-keyring-20140119-2 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (1) archlinuxarm-keyring-20140119-2

Total Installed Size:  0.01 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] 
(1/1) checking keys in keyring                                  [###################################] 100%
(1/1) checking package integrity                                [###################################] 100%
error: archlinuxarm-keyring: signature from "Arch Linux ARM Build System <builder@archlinuxarm.org>" is unknown trust
:: File /var/cache/pacman/pkg/archlinuxarm-keyring-20140119-2-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 

I had also tried removing /etc/pacman.d/gnupg, initiating and populating it again, same issue…

I also tried to follow this: Pacman troubleshooting - Manjaro

But it seems to be outdated or something:

 sudo rm -r /etc/pacman.d/gnupg
sudo pacman -Sy gnupg archlinux-keyring manjaro-keyring 
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
warning: gnupg-2.2.40-1 is up to date -- reinstalling
warning: archlinux-keyring-20221123-1 is up to date -- reinstalling
warning: manjaro-keyring-20221028-4 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (3) archlinux-keyring-20221123-1  gnupg-2.2.40-1  manjaro-keyring-20221028-4

Total Installed Size:  12.95 MiB
Net Upgrade Size:       0.00 MiB

:: Proceed with installation? [Y/n] 
(3/3) checking keys in keyring                                  [###################################] 100%
warning: Public keyring not found; have you run 'pacman-key --init'?
downloading required keys...
error: keyring is not writable
error: keyring is not writable
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.

It’s quite frustrating… (I also did step 3 of the wiki before step 2, still no luck)

try clearing your cache:
sudo pacman -Sc (yes to all);
and rerun the update again

I have done it, multiple times, still the same :frowning:

1 Like

and if you remove all of the cache?:
sudo pacman -Scc
did you tried this command too?

That one, no, I think not, however I think I got it working now, but had to modify /etc/pacman.conf, commented the SigLevel line and replaced with SigLevel = Never with that I was able to reinstall the keyrings, changed it back and it seems to work now…

1 Like

Glad you got that figured out. Here’s a brief explanation of why that is sometimes required. It’s not a new issue, and unfortunately you can expect to see that again if you wait long enough before updating your system.

1 Like

So I’m coming off a fresh install of Manjaro ARM on my Raspberry Pi 4. I am running into the “(invalid or corrupted package (PGP signature))” issue. I’ve ran through every “fix” I could find. I’ve ran through this post and it’s comments numerous times to no avail. I can’t get it to install the new keyring even after switching the “Siglevel to Never”. It’s like failed security inception… You can’t install anything because the security keys don’t match, you can’t upgrade your security keys because your security keys don’t match… No matter what avenue I try I’m met with the exact same PGP error. I’m not the brightest of people, but this just doesn’t make sense… Why such a crippling issue straight out of the box?!

This is the feedback I get when trying to rundown the old recommended workaround seen in the “explanation” link above provided by @lectrode :

sudo cp -f “/etc/pacman.conf” “/etc/pacman.conf.orig”
sudo sed -i ‘s/SigLevel.*/SigLevel = Never/’ /etc/pacman.conf
sudo pacman -Syy gnupg archlinux-keyring manjaro-keyring --ignore manjaro-system
sudo mv -f “/etc/pacman.conf.orig” “/etc/pacman.conf”
sudo pacman -Syu
[sudo] password for trashlord:
:: Synchronizing package databases…
core 280.4 KiB 207 KiB/s 00:01 [###################################] 100%
extra 2.5 MiB 1091 KiB/s 00:02 [###################################] 100%
community 7.1 MiB 2.13 MiB/s 00:03 [###################################] 100%
warning: gnupg-2.2.40-1 is up to date – reinstalling
warning: archlinux-keyring-20221123-1 is up to date – reinstalling
warning: manjaro-keyring-20221028-4 is up to date – reinstalling
resolving dependencies…
looking for conflicting packages…

Packages (3) archlinux-keyring-20221123-1 gnupg-2.2.40-1 manjaro-keyring-20221028-4

Total Installed Size: 12.95 MiB
Net Upgrade Size: 0.00 MiB

:: Proceed with installation? [Y/n] y
(3/3) checking keys in keyring [###################################] 100%
(3/3) checking package integrity [###################################] 100%
(3/3) loading package files [###################################] 100%
(3/3) checking for file conflicts [###################################] 100%
(3/3) checking available disk space [###################################] 100%
:: Processing package changes…
(1/3) reinstalling gnupg [###################################] 100%
(2/3) reinstalling manjaro-keyring [###################################] 100%
==> Appending keys from manjaro.gpg…
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
gpg: error reading key: No public key
==> Locally signing trusted keys in keyring…
→ Locally signed 2 keys.
==> Importing owner trust values…
==> Disabling revoked keys in keyring…
→ Disabled 8 keys.
==> Updating trust database…
gpg: next trustdb check due at 2023-01-01
(3/3) reinstalling archlinux-keyring [###################################] 100%
==> Appending keys from archlinux.gpg…
==> Updating trust database…
gpg: next trustdb check due at 2023-01-01
==> Updating trust database…
gpg: next trustdb check due at 2023-01-01
:: Running post-transaction hooks…
(1/3) Reloading system manager configuration…
(2/3) Arming ConditionNeedsUpdate…
(3/3) Updating the info directory file…
:: Synchronizing package databases…
core is up to date
extra is up to date
community is up to date
:: Starting full system upgrade…
:: Replace nerd-fonts-terminus with community/ttf-terminus-nerd? [Y/n]
resolving dependencies…
looking for conflicting packages…

Packages (2) nerd-fonts-terminus-2.0.0-2 [removal] ttf-terminus-nerd-2.2.2-2

Total Download Size: 0.86 MiB
Total Installed Size: 7.33 MiB
Net Upgrade Size: 0.63 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages…
ttf-terminus-nerd-2.2.2-2-any 883.2 KiB 856 KiB/s 00:01 [###################################] 100%
(1/1) checking keys in keyring [###################################] 100%
(1/1) checking package integrity [###################################] 100%
error: ttf-terminus-nerd: signature from “Arch Linux ARM Build System builder@archlinuxarm.org” is unknown trust
:: File /var/cache/pacman/pkg/ttf-terminus-nerd-2.2.2-2-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

I’m a bit lost in this thread but has “sudo pacman-key --init” been tried?

2 Likes

You forgot the archlinuxarm-keyring when you reinstalled the keyrings you need.

The key it mentions is from that keyring.

1 Like

As @Strit mentioned, you need the arm-specific keyrings. Updated commands are as follows:

sudo cp -f "/etc/pacman.conf" "/etc/pacman.conf.orig"
sudo sed -i 's/SigLevel.*/SigLevel = Never/' /etc/pacman.conf
sudo pacman -Syy gnupg archlinuxarm-keyring archlinux-keyring manjaro-arm-keyring manjaro-keyring --ignore manjaro-system
sudo mv -f "/etc/pacman.conf.orig" "/etc/pacman.conf"
sudo pacman -Syu
2 Likes

I installed newest xfce version to usb hdd in rpi4b.
After it boots,I could’nt update .
It reports this thread title.

help please!

nothing of all the above solved the situation, still the same…

I am sure I precisely followed the instructions

BTW I have that ugly situation directly after flashing my internal pbpro mmc with the latest and greatest Gnome image version!

Update @lectrode:

command: pacman -S firefox

result:`resolving dependencies…
looking for conflicting packages…

Packages (2) mailcap-2.1.53-1 firefox-108.0.1-1

Total Installed Size: 204,69 MiB

:: Proceed with installation? [Y/n] Y
(2/2) checking keys in keyring [######################] 100%
(2/2) checking package integrity [######################] 100%
error: mailcap: signature from “Arch Linux ARM Build System builder@archlinuxarm.org” is unknown trust
:: File /var/cache/pacman/pkg/mailcap-2.1.53-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]

error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
`

Version of image is #…gnome-pbpro-22.12…"

Update of update!
You won’t believe but it’s true: only minutes after writing the above update I - just for fun - tested updating /installing via pamac, and guess what: suddenly everything worked fine as if no problem existed before. Complete update with 145 packages, restart and installing new/additional packages.
I really confirm I did not change or do anything else! I simply do not understand what is happening here.

please post the output of the commands, including any warnings or error messages. what is the version of the image you installed?
(fyi: you can edit existing posts to avoid double-posting)

@yutayu did you try the solution mentioned above? what was the version number on the install media?

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.