XFCE Update Won't proceed, invalid or corrupted package (PGP signature)

update
xfce

#1

Because I was focused on setting up a server for a friend, I hadn’t updated Manjaro/XFCE for a while, and ended up with 398 updates. When I attempted this, I
got a long list of errors that look like this one for what looked like every single package I had downloaded with pacman -Syyu:

:: File /var/cache/pacman/pkg/lm_sensors-3.4.0-4-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).

Does anyone have a suggestion on how to clean this up? Thanks in advance.


#2

try
pacman -S manjaro-keyring


#3

gjaltemba, thanks for your response. But what I got was:

sudo pacman -S manjaro-keyring
[sudo] password for mikeb:
warning: manjaro-keyring-20180607-1 is up to date – reinstalling
resolving dependencies…
looking for conflicting packages…

Packages (1) manjaro-keyring-20180607-1

Total Download Size: 0.10 MiB
Total Installed Size: 0.14 MiB
Net Upgrade Size: 0.00 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages…
manjaro-keyring-201… 99.8 KiB 384K/s 00:00 [######################] 100%
(1/1) checking keys in keyring [######################] 100%
(1/1) checking package integrity [######################] 100%
error: manjaro-keyring: signature from “Philip Müller (Called Little) philm@manjaro.org” is unknown trust
:: File /var/cache/pacman/pkg/manjaro-keyring-20180607-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] Y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

This looks to me that my primary Manjaro keyring is corrupt. How can I reinstall that one?


#4

Not sure if this Wiki article will be any help:

https://wiki.manjaro.org/index.php?title=Pacman_troubleshooting#Errors_about_Keys


#5

Loads of information in this sticky thread:


#6

Thank you Graham and Jonathan. I did read your suggested links; here’s my progress so far:

sudo rm -r /etc/pacman.d/gnupg
[sudo] password for mikeb: 
[mikeb@manjarox Documents]$ sudo pacman -Sy gnupg archlinux-keyring manjaro-keyring
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
warning: archlinux-keyring-20180627-1 is up to date -- reinstalling
warning: manjaro-keyring-20180607-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (3) archlinux-keyring-20180627-1  gnupg-2.2.9-1
             manjaro-keyring-20180607-1

Total Download Size:    0.68 MiB
Total Installed Size:  10.45 MiB
Net Upgrade Size:       0.03 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 archlinux-keyring-2...   597.3 KiB  1074K/s 00:01 [######################] 100%
 manjaro-keyring-201...    99.8 KiB  13.9M/s 00:00 [######################] 100%
(3/3) checking keys in keyring                     [######################] 100%
warning: Public keyring not found; have you run 'pacman-key --init'?
downloading required keys...
error: key "EEEEE2EEEE2EEEEE" could not be looked up remotely
error: key "A6234074498E9CEE" could not be looked up remotely
error: key "CAA6A59611C7F07E" could not be looked up remotely
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.
[mikeb@manjarox Documents]$ sudo pacman-key --init
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
gpg: Generating pacman keyring master key...
gpg: key E65B16EAB7FD7677 marked as ultimately trusted
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/12DD039B4AF61387184CE194E65B16EAB7FD7677.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
[mikeb@manjarox Documents]$ sudo pacman -Sy gnupg archlinux-keyring manjaro-keyring
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
warning: archlinux-keyring-20180627-1 is up to date -- reinstalling
warning: manjaro-keyring-20180607-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (3) archlinux-keyring-20180627-1  gnupg-2.2.9-1
             manjaro-keyring-20180607-1

Total Installed Size:  10.45 MiB
Net Upgrade Size:       0.03 MiB

:: Proceed with installation? [Y/n] y
(3/3) checking keys in keyring                     [######################] 100%
downloading required keys...
:: Import PGP key 256E/1A60DC44245D06FEF90623D6EEEEE2EEEE2EEEEE, "Gaetan Bisson <bisson@gaati.org>", created: 1998-03-24? [Y/n] y
:: Import PGP key 2048R/02FD1C7A934E614545849F19A6234074498E9CEE, "Christian Hesse (Arch Linux Package Signing) <arch@eworm.de>", created: 2011-08-12? [Y/n] y
:: Import PGP key 2048R/E4CDFE50A2DA85D58C8A8C70CAA6A59611C7F07E, "Philip Müller (Called Little) <philm@manjaro.org>", created: 2012-05-05? [Y/n] y
(3/3) checking package integrity                   [######################] 100%
error: gnupg: signature from "Gaetan Bisson <gaetan@fenua.org>" is unknown trust
:: File /var/cache/pacman/pkg/gnupg-2.2.9-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: archlinux-keyring: signature from "Christian Hesse (Arch Linux Package Signing) <arch@eworm.de>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20180627-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: manjaro-keyring: signature from "Philip Müller (Called Little) <philm@manjaro.org>" is unknown trust
:: File /var/cache/pacman/pkg/manjaro-keyring-20180607-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
[mikeb@manjarox Documents]$ sudo pacman-key --refresh-keys
gpg: refreshing 4 keys from hkp://pool.sks-keyservers.net
gpg: key CAA6A59611C7F07E: 15 signatures not checked due to missing keys
gpg: key CAA6A59611C7F07E: "Philip Müller (Called Little) <philm@manjaro.org>" not changed
gpg: key A6234074498E9CEE: 71 signatures not checked due to missing keys
gpg: key A6234074498E9CEE: "Christian Hesse (Arch Linux Package Signing) <arch@eworm.de>" not changed
gpg: key EEEEE2EEEE2EEEEE: 10 duplicate signatures removed
gpg: key EEEEE2EEEE2EEEEE: 40 signatures not checked due to missing keys
gpg: key EEEEE2EEEE2EEEEE: 3 signatures reordered
gpg: key EEEEE2EEEE2EEEEE: "Gaetan Bisson <gaetan@fenua.org>" not changed
gpg: Total number processed: 3
gpg:              unchanged: 3
[mikeb@manjarox Documents]$ sudo pacman-key --refresh-keys --keyserver pgp.mit.edu
gpg: refreshing 4 keys from hkp://pgp.mit.edu
gpg: key CAA6A59611C7F07E: 15 signatures not checked due to missing keys
gpg: key CAA6A59611C7F07E: "Philip Müller (Called Little) <philm@manjaro.org>" not changed
gpg: key A6234074498E9CEE: 71 signatures not checked due to missing keys
gpg: key A6234074498E9CEE: "Christian Hesse (Arch Linux Package Signing) <arch@eworm.de>" not changed
gpg: key EEEEE2EEEE2EEEEE: 10 duplicate signatures removed
gpg: key EEEEE2EEEE2EEEEE: 40 signatures not checked due to missing keys
gpg: key EEEEE2EEEE2EEEEE: 3 signatures reordered
gpg: key EEEEE2EEEE2EEEEE: "Gaetan Bisson <gaetan@fenua.org>" not changed
gpg: Total number processed: 3
gpg:              unchanged: 3

However, when I tried to redo the update, I still get an error message:

Invalid or corrupted package

without any reference to what that package is. I’m not sure how to proceed at this
point???


#7

Please follow the “nuclear option” steps as listed here:

Do not skip any steps, and type enter all commands exactly as written. Please ensure you follow the steps to the letter. Do not skip any. Do not deviate. Do not interpolate or extrapolate. Follow the steps. :slight_smile:


No Longer Able To Install Updates
#8

jonathan: ok, the “nuclear option” worked…mostly. I was able to get what appeared to be a usable set of keys installed, and the update completed, with the following notes:

The first time I attempted the upgrade, I got the following message:

error: failed to commit transaction (conflicting files)
thunar-archive-plugin: /usr/lib/xfce4/thunar-archive-plugin/engrampa.tap exists in filesystem
Errors occurred, no packages were upgraded:

I therefore deselected the package thunar-archive-plugin, and tried again. This time, everything seemed to install, but I did get the following message at its completion.

could not get file information for usr/share/fonts/encodings/encodings.dir
could not get file information for usr/share/fonts/encodings/large/encodings.dir
directory permissions differ on /var/lib/mlocate/
filesystem: 750 package: 755
directory permissions differ on /var/lib/samba/private/
filesystem: 750 package:700

Nonetheless, when I rebooted, everything seems to work. I’ll try to upgrade the thunar package again later.

Thank you very much for your help!


#9

Not “mostly” - totally. It entirely fixed the keyring issue.

The other errors are other issues which are also to be found on the forum, including in the Known Issues post of each update announcement thread.


closed #11

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.