[SOLVED] invalid or corrupted package (PGP signature)

ordinary.schreiber · 2022-04-26 18:05:36

After the last upgrade with "pacman -Syu" I got this output:

# pacman -Syu
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (40) archlinux-keyring-20220424-1  audit-3.0.8-1  cronie-1.6.1-1  curl-7.82.0-3  exiv2-0.27.5-3  fluidsynth-2.2.7-1
              gavl-1.4.0-6  gtk-update-icon-cache-1:4.6.3-1  gtk3-1:3.24.33-3  harfbuzz-4.2.1-1  harfbuzz-icu-4.2.1-1
              imagemagick-7.1.0.31-1  imlib2-1.9.0-3  jasper-2.0.33-2  kdeconnect-22.04.0-2  kosmindoormap-22.04.0-2
              libbsd-0.11.6-2  libinih-55-2  libopenmpt-0.6.3-1  libpgm-5.3.128-2  libphonenumber-1:8.12.47-1  librsvg-2:2.54.1-1
              libseccomp-2.5.4-1  marble-22.04.0-2  marble-common-22.04.0-2  mesa-22.0.2-1  meson-0.62.1-1  minizip-1:1.2.12-2
              openal-1.22.0-1  perl-file-listing-6.15-1  protobuf-3.20.1-1  python-babel-2.10.1-1  python-dnspython-1:2.2.1-1
              python-pygments-2.12.0-1  shaderc-2022.1-3  sip-6.6.1-3  upx-3.96-3  vlc-3.0.17.4-2  vtk-9.1.0-14  zlib-1:1.2.12-2

Total Download Size:     0.02 MiB
Total Installed Size:  721.03 MiB
Net Upgrade Size:        2.26 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 libinih-55-2-x86_64                                15.4 KiB   385 KiB/s 00:00 [############################################] 100%
(40/40) checking keys in keyring                                               [############################################] 100%
(40/40) checking package integrity                                             [############################################] 100%
error: libinih: signature from "Maxime Gauduin <alucryd@gmail.com>" is marginal trust
:: File /var/cache/pacman/pkg/libinih-55-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.

I feel like it shouldn't be that much of a deal but I still can't fix it.

Thank you in advance.

Last edited by ordinary.schreiber (2022-04-27 17:25:48)

Scimmia · 2022-04-26 18:06:54

Update archlinux-keyring first

ordinary.schreiber · 2022-04-26 19:18:14

Thanks, "pacman -Sy archlinux-keyring" fixed it.

CyrIng · 2022-04-26 22:14:32

Scimmia wrote:

Update archlinux-keyring first

Thanks

BIL4X4 · 2022-04-27 04:27:24

Scimmia wrote:

Update archlinux-keyring first

Thanks!

jongeduard · 2022-04-27 09:48:25

Thanks! Still learning things everyday!

I checked why this package was on my system by a series of pacman -Qi commands. It's because I'm using udisks2, which depends in this way on libinih: udisks2 --> libblockdev --> xfsprogs --> libinih.

But it turns out to be just my Arch keyring and that's fine. Maybe we should always update that first anyway, as a best practice (I have written my own script that I run for my updates). Never mind. Issue solved.

walkingstickfan · 2022-04-27 13:39:36

First, thank you ordinary.schreiber for asking the question. I encountered the same issue, although different error messages.

Second...so would it be good practice to update the archlinux-keyring first whenever users see it in the list of packages to be upgraded? If so, I'm wondering why pacman can't take care of that instead of users having to know to manually perform the update first.

@jongeduard: "Still learning things everyday." +1

Last edited by walkingstickfan (2022-04-27 13:43:20)

ordinary.schreiber · 2022-04-27 17:40:48

walkingstickfan wrote:

...so would it be good practice to update the archlinux-keyring first whenever users see it in the list of packages to be upgraded?

I'm not sure about that. Personally I encountered this issue only in 1 of 3 systems I use everyday. In the other two systems the upgrade went straight without a problem.

The only difference I noticed is that the system where I encountered the issue was running KDE Plasma, while the other two were both running xfce4. Although I don't think it's related to the desktop environment.

Scimmia · 2022-04-27 17:45:25

It's all going to depend on when you last updated the system and what packages you have installed. If you already have the latest keyring package, it's a non-issue. If you don't have anything installed that uses that specific key, it's a non-issue.

loh.tar · 2022-04-28 04:47:52

> If you already have the latest keyring package, it's a non-issue. If you don't have anything installed that uses that specific key, it's a non-issue.

Is that the reasoning for not fixing it as suggested? Pretty strange.

This whole package check only makes sense if the necessary keys are up to date. Therefore it seems to me mandatory that these are always updated first.

seth · 2022-04-28 07:03:17

loh.tar wrote:

Is that the reasoning for not fixing it as suggested? Pretty strange.

Maybe re-read the sequence of posts:

walkingstickfan wrote:

...so would it be good practice to update the archlinux-keyring first whenever users see it in the list of packages to be upgraded?

ordinary.schreiber wrote:

I'm not sure about that. Personally I encountered this issue only in 1 of 3 systems I use everyday. In the other two systems the upgrade went straight without a problem.
The only difference I noticed ….

Scimmia wrote:

It's all going to depend on …

I'll break that down for you:
walkingstickfan asked whether one should always pre-up archlinux-keyring, ordinary.schreiber cautioned that this seems a conditional requirement and Scimmia explained what that condition is.
Nobody reasoned anything about anything.

https://bugs.archlinux.org/task/47892
https://bugs.archlinux.org/task/61609

Cvlc · 2022-04-28 11:52:12

Hi, chiming in because I had the same problem.

https://wiki.archlinux.org/title/Pacman … _regularly

# pacman -Sy archlinux-keyring && pacman -Su

Where can we suggest that this tip be added to pacman when the relevant errors are detected ?

If end-users end up on the forum asking for help just to perform a simple update, it means something can be improved.... This is not a corner case or a user mistake....

tlbj6142 · 2022-04-28 19:35:11

FWIW, I get the same error on a virgin install using the archinstall script. I have no idea how to work around it given my only interface is archinstall script. Thoughts?

seth · 2022-04-28 19:55:37

It looks like what has happened in this case is that a key was used to sign a package 3 days after it hit the archlinux-keyring package - what's obviously very prone to trigger this condition.
Usually™ one would only run into this when not updating for a while.

Where can we suggest that this tip be added to pacman when the relevant errors are detected ?

https://bugs.archlinux.org/task/61609#comment176828

Thoughts?

The figleaf (afaiu) justification for the archinstall script was, that it's actually not meant for this purpose…

jamestsang · 2022-05-01 09:08:50

Scimmia wrote:

Update archlinux-keyring first

Thanks a lot! This problem disturbs me so much. You are my hero!

Texbrew · 2022-05-02 03:13:49

Scimmia wrote:

Update archlinux-keyring first

You got Mad Skillz, Scimmia.
Thank you for providing the solution!

V1del · 2022-05-02 08:15:13

We have now sufficient information that you need to do this if you haven't update in a while and this is also documented under https://wiki.archlinux.org/title/Pacman … )%22_error

To prevent a load of needless bumps whenever someone runs into these I'm going to close this thread.

Closing.

Arch Linux

#1 2022-04-26 18:05:36

[SOLVED] invalid or corrupted package (PGP signature)

#2 2022-04-26 18:06:54

Re: [SOLVED] invalid or corrupted package (PGP signature)

#3 2022-04-26 19:18:14

Re: [SOLVED] invalid or corrupted package (PGP signature)

#4 2022-04-26 22:14:32

Re: [SOLVED] invalid or corrupted package (PGP signature)

#5 2022-04-27 04:27:24

Re: [SOLVED] invalid or corrupted package (PGP signature)

#6 2022-04-27 09:48:25

Re: [SOLVED] invalid or corrupted package (PGP signature)

#7 2022-04-27 13:39:36

Re: [SOLVED] invalid or corrupted package (PGP signature)

#8 2022-04-27 17:40:48

Re: [SOLVED] invalid or corrupted package (PGP signature)

#9 2022-04-27 17:45:25

Re: [SOLVED] invalid or corrupted package (PGP signature)

#10 2022-04-28 04:47:52

Re: [SOLVED] invalid or corrupted package (PGP signature)

#11 2022-04-28 07:03:17

Re: [SOLVED] invalid or corrupted package (PGP signature)

#12 2022-04-28 11:52:12

Re: [SOLVED] invalid or corrupted package (PGP signature)

#13 2022-04-28 19:35:11

Re: [SOLVED] invalid or corrupted package (PGP signature)

#14 2022-04-28 19:55:37

Re: [SOLVED] invalid or corrupted package (PGP signature)

#15 2022-05-01 09:08:50

Re: [SOLVED] invalid or corrupted package (PGP signature)

#16 2022-05-02 03:13:49

Re: [SOLVED] invalid or corrupted package (PGP signature)

#17 2022-05-02 08:15:13

Re: [SOLVED] invalid or corrupted package (PGP signature)

Board footer