You are not logged in.
It has been a month since I started this pc (work) (long vacation) and now I want to update it.
Pacman starts downloading 1099 packages, checks them, and then fails on:
(1099/1099) checking package integrity [########################################################################################] 100%
error: liburing: signature from "Filipe Laíns (FFY00) <lains@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/liburing-0.7-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.
I didn't find any info about this on the arch news page and a directed search didn't help either.
So sorry if I overlooked something, but I really don't know where to go next...
Last edited by scippie (2020-08-17 08:37:37)
Offline
Update archlinux-keyring first.
This is one of the rare exceptions where a partial update is acceptable, iff directly followed by a full system upgrade:
# pacman -Sy archlinux-keyring
# pacman -Syu
Inofficial first vice president of the Rust Evangelism Strike Force
Offline
Hi schard,
Yes, that fixed it, thanks.
Can you explain me what is happening? Why I need to do this? And how I can detect it in the future so that I don't need to ask again?
Offline
Pacman's keyring, which contains the public keys of the devs and TUs for package signature checking was out of date on your system.
Hence, packages signed with newer keys by the devs and TUs could not be verified by pacman.
Please also remember to mark this topic as SOLVED.
Last edited by schard (2020-08-17 08:32:58)
Inofficial first vice president of the Rust Evangelism Strike Force
Offline
Pacman's keyring, which contains the public keys of the devs and TUs for package signature checking was out of date on your system.
But how do I 'see' that?
I've had keyring updates before, they went fine, so how could I know that this time, I should do it manually?
Please also remember to mark this topic as SOLVED.
I was going to, thanks for reminding me.
Offline
But how do I 'see' that?
It produces exactly the kind error you quoted in your initial post.
Since a package might indeed be corrupted, the problem, however, must not always be an out-of-date pacman keyring (package).
If you encounter such an error, you can check whether there's a new keyring package available, using
pacman -Q archlinux-keyring; pacman -Ss archlinux-keyring
or
checkupdates
from pacman-contrib.
Last edited by schard (2020-08-17 09:04:06)
Inofficial first vice president of the Rust Evangelism Strike Force
Offline
Ok, thanks!
Offline