Arch Linux

dootfs

Member

Registered: 2024-01-27

Posts: 18

[SOLVED] Invalid PGP, Transaction Fail

Hello,

Attempting to update the keyring to the most recent release to clear up a set of PGP trust errors that prevent normal upgrade due to invalid PGP keys.

However the same error occurs.

~]$ sudo pacman -Sy --needed archlinux-keyring && pacman -Su
:: Synchronizing package databases...
 core                                            128.6 KiB   246 KiB/s 00:01 [############################################] 100%
 extra is up to date
resolving dependencies...
looking for conflicting packages...

Packages (1) archlinux-keyring-20240313-1

Total Installed Size:  1.66 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring                                               [############################################] 100%
(1/1) checking package integrity                                             [############################################] 100%
error: archlinux-keyring: signature from "Christian Hesse <eworm@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20240313-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

It appears that the keys of at least one specific developer appear to my machine as invalid.

Now I look to the Arch Developers page and find that indeed eworm is a legit developer: https://archlinux.org/people/developers/#eworm

The link to his keyserver confirms this: https://keyserver.ubuntu.com/pks/lookup … 74498E9CEE

However if you see the most recent key, it is listed as 'revok'.

Is this the root problem? Is it advisable to simply modify the trust rating of eworm arbitrarily?

Last edited by dootfs (2024-03-25 17:33:36)

mpan

Member

Registered: 2012-08-01

Posts: 1,221

Website

Re: [SOLVED] Invalid PGP, Transaction Fail

Hello. No, the trust shouldn’t require manual adjustment. Please follow resetting all pacman keys section and see if that helps.

For comparison in archlinux-keyring 20240313 this key is implicitly trusted:

$ pacman -Q archlinux-keyring; pacman-key --list-sigs 02FD1C7A934E614545849F19A6234074498E9CEE
archlinux-keyring 20240313-1
gpg: Note: trustdb not writable
pub   rsa2048 2011-08-12 [SC]
      02FD1C7A934E614545849F19A6234074498E9CEE
sig    R     A6234074498E9CEE 2013-01-14  [self-signature]
sig    R     A6234074498E9CEE 2013-02-04  [self-signature]
uid           [  full  ] Christian Hesse <eworm@archlinux.org>
sig 3        A6234074498E9CEE 2020-02-04  [self-signature]
sig 3        A6234074498E9CEE 2022-12-01  [self-signature]
sig          3348882F6AC6A4C2 2022-01-22  Pierre Schmitz (Arch Linux Master Key) <pierre@master-key.archlinux.org>
sig          4DC95B6D7BE9892E 2021-10-28  David Runge (Arch Linux Master Key) <dvzrv@master-key.archlinux.org>
sig          6BA0F5A2037F4F41 2022-11-29  Johannes Löthberg (Arch Linux Master Key) <demize@master-key.archlinux.org>
sig          A88E23E377514E00 2022-02-06  Florian Pritz (Arch Linux Master Key) <florian@master-key.archlinux.org>
sig          B1B73B02CC52A02A 2022-07-10  Jonas Witschel (Arch Linux Master Key) <diabonas@master-key.archlinux.org>
sig          BA1DFB64FFF979E7 2020-08-18  Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
sig          D6D055F927843F1C 2022-01-12  Levente Polyak (Arch Linux Master Key) <anthraxx@master-key.archlinux.org>
sig          F8B821B42A6FDCD7 2023-10-25  Leonidas Spyropoulos (Arch Linux Master Key) <artafinde@master-key.archlinux.org>
sub   rsa2048 2011-08-12 [E]
sig          A6234074498E9CEE 2011-08-12  [self-signature]
sig      N   A6234074498E9CEE 2022-07-09  [self-signature]
sub   ed25519 2019-08-29 [S]
sig          A6234074498E9CEE 2019-08-29  [self-signature]
sub   cv25519 2019-08-29 [E]
sig          A6234074498E9CEE 2019-08-29  [self-signature]

---

Sometimes I seem a bit harsh — don’t get offended too easily!

dootfs

Member

Registered: 2024-01-27

Posts: 18

Re: [SOLVED] Invalid PGP, Transaction Fail

Hello and thanks,

Resetting all pacman keys solved the problem!

It was simple enough:

First delete the gpg files

~]$ sudo rm -rf /etc/pacman.d/gnupg

Then initialize and populate

~]$ sudo pacman-key --init && sudo pacman-key --populate

Then refresh just to be safe

~]$ sudo pacman-key --refresh-keys

And now the keyring can be downloaded, and upgrades can proceed as normal.

Thanks!