invalid or corrupted package (PGP signature)

Problem:
On arch-update via pacman the following error occurs:

Error: rubberband: signature from "David Runge " is marginal trust
:: File /var/cache/pacman/pkg/rubberband-3.0.0-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.
-> error installing repo packages

Steps taken:
1) As seen in the output already, deleting the signature and package in question from /var/cache/pacman/pkg/ did not work. Anyway the package resided there for quite some time already…

2) messing with the pacman keystore – did not work totally yet
First try, re-import the keys – didn’t work. Same for refresh


pacman-key --delete
pacman-key --populate archlinux
pacman-key --refresh

3) sync the package database and upgrades the keyring package first – worked
This did the trick: As described in Arch Wiki – Package Signing “Upgrading packages prevents most signing errors. If delay is unavoidable and system upgrade gets delayed for an extended period, manually sync the package database and upgrade the archlinux-keyring package before system upgrade” and further: “This command is not considered a partial upgrade since it syncs the package database and upgrades the keyring package first. Both must be processed just before starting system upgrade to ensure signatures of all upgraded packages can be properly verified.”

sudo pacman -S archlinux-keyring

Afterwards the update succeeded.
see:
https://stackoverflow.com/questions/70442943/runc-pgp-signature-issue
https://ostechnix.com/fix-invalid-corrupted-package-pgp-signature-error-arch-linux/

You may also like...

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.