You are not logged in.
When I tried to install the Cue configuration-management language, I got the error
(1/1) checking package integrity [##################################] 100%
error: cue: signature from "Christian Rebischke (Archlinux Security Team-Member) <chris.rebischke@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/cue-0.4.1-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
What's the proper way to resolve this issue?
Offline
Before anything else: update the mirror to one that is up to date. If this one still has 0.4.1-1, it means it’s at least 4 days behind: you may check Arch mirror status here. cue package is at 0.4.2-1 now for days.
(see Scimmia’s comment below) After fixing the mirror issue: if the problem still persists, it’s possible archlinux-keyring package is outdated. Try:
sudo pacman -Sy archlinux-keyring; sudo pacman -Su
That will first update the most recent archlinux-keyring, followed by the actual upgrade. You must invoke both of them or you may end up with a partial upgrade, which is not supported.
Remember to update regularly. If that’s an archlinux-keyring issue, it means the system is outdated by over a month.
Last edited by mpan (2022-04-10 05:50:56)
Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
Invalid signature isn't going to be a keyring problem. Try downloading it again. If that doesn't work, try a different mirror, which as mpan points out, you probably want to do anyway.
Offline
Thank you @mpan! I indeed just needed to update before trying to install the new package.
Last edited by tpollard61 (2022-04-10 17:17:49)
Offline