You are not logged in.

#1 2022-04-26 18:05:36

ordinary.schreiber
Member
Registered: 2021-10-15
Posts: 141

[SOLVED] invalid or corrupted package (PGP signature)

After the last upgrade with "pacman -Syu" I got this output:

# pacman -Syu
:: Synchronizing package databases...
 core is up to date
 extra is up to date
 community is up to date
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (40) archlinux-keyring-20220424-1  audit-3.0.8-1  cronie-1.6.1-1  curl-7.82.0-3  exiv2-0.27.5-3  fluidsynth-2.2.7-1
              gavl-1.4.0-6  gtk-update-icon-cache-1:4.6.3-1  gtk3-1:3.24.33-3  harfbuzz-4.2.1-1  harfbuzz-icu-4.2.1-1
              imagemagick-7.1.0.31-1  imlib2-1.9.0-3  jasper-2.0.33-2  kdeconnect-22.04.0-2  kosmindoormap-22.04.0-2
              libbsd-0.11.6-2  libinih-55-2  libopenmpt-0.6.3-1  libpgm-5.3.128-2  libphonenumber-1:8.12.47-1  librsvg-2:2.54.1-1
              libseccomp-2.5.4-1  marble-22.04.0-2  marble-common-22.04.0-2  mesa-22.0.2-1  meson-0.62.1-1  minizip-1:1.2.12-2
              openal-1.22.0-1  perl-file-listing-6.15-1  protobuf-3.20.1-1  python-babel-2.10.1-1  python-dnspython-1:2.2.1-1
              python-pygments-2.12.0-1  shaderc-2022.1-3  sip-6.6.1-3  upx-3.96-3  vlc-3.0.17.4-2  vtk-9.1.0-14  zlib-1:1.2.12-2

Total Download Size:     0.02 MiB
Total Installed Size:  721.03 MiB
Net Upgrade Size:        2.26 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 libinih-55-2-x86_64                                15.4 KiB   385 KiB/s 00:00 [############################################] 100%
(40/40) checking keys in keyring                                               [############################################] 100%
(40/40) checking package integrity                                             [############################################] 100%
error: libinih: signature from "Maxime Gauduin <alucryd@gmail.com>" is marginal trust
:: File /var/cache/pacman/pkg/libinih-55-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.

I feel like it shouldn't be that much of a deal but I still can't fix it.

Thank you in advance.

Last edited by ordinary.schreiber (2022-04-27 17:25:48)

Offline

#2 2022-04-26 18:06:54

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,461

Re: [SOLVED] invalid or corrupted package (PGP signature)

Update archlinux-keyring first

Offline

#3 2022-04-26 19:18:14

ordinary.schreiber
Member
Registered: 2021-10-15
Posts: 141

Re: [SOLVED] invalid or corrupted package (PGP signature)

Thanks, "pacman -Sy archlinux-keyring" fixed it.

Offline

#4 2022-04-26 22:14:32

CyrIng
Member
From: France
Registered: 2010-07-17
Posts: 106
Website

Re: [SOLVED] invalid or corrupted package (PGP signature)

Scimmia wrote:

Update archlinux-keyring first

Thanks

Offline

#5 2022-04-27 04:27:24

BIL4X4
Member
Registered: 2022-04-27
Posts: 6

Re: [SOLVED] invalid or corrupted package (PGP signature)

Scimmia wrote:

Update archlinux-keyring first

Thanks!

Offline

#6 2022-04-27 09:48:25

jongeduard
Member
Registered: 2022-01-06
Posts: 6

Re: [SOLVED] invalid or corrupted package (PGP signature)

Thanks! Still learning things everyday!

I checked why this package was on my system by a series of pacman -Qi commands. It's because I'm using udisks2, which depends in this way on libinih: udisks2 --> libblockdev --> xfsprogs --> libinih.

But it turns out to be just my Arch keyring and that's fine. Maybe we should always update that first anyway, as a best practice (I have written my own script that I run for my updates). Never mind. Issue solved.

Offline

#7 2022-04-27 13:39:36

walkingstickfan
Member
From: USA
Registered: 2021-05-10
Posts: 102

Re: [SOLVED] invalid or corrupted package (PGP signature)

First, thank you ordinary.schreiber for asking the question. I encountered the same issue, although different error messages.

Second...so would it be good practice to update the archlinux-keyring first whenever users see it in the list of packages to be upgraded? If so, I'm wondering why pacman can't take care of that instead of users having to know to manually perform the update first.

@jongeduard: "Still learning things everyday." +1

Last edited by walkingstickfan (2022-04-27 13:43:20)


Arch Linux with Openbox & Tint2

Offline

#8 2022-04-27 17:40:48

ordinary.schreiber
Member
Registered: 2021-10-15
Posts: 141

Re: [SOLVED] invalid or corrupted package (PGP signature)

walkingstickfan wrote:

...so would it be good practice to update the archlinux-keyring first whenever users see it in the list of packages to be upgraded?

I'm not sure about that. Personally I encountered this issue only in 1 of 3 systems I use everyday. In the other two systems the upgrade went straight without a problem.

The only difference I noticed is that the system where I encountered the issue was running KDE Plasma, while the other two were both running xfce4. Although I don't think it's related to the desktop environment.

Offline

#9 2022-04-27 17:45:25

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,461

Re: [SOLVED] invalid or corrupted package (PGP signature)

It's all going to depend on when you last updated the system and what packages you have installed. If you already have the latest keyring package, it's a non-issue. If you don't have anything installed that uses that specific key, it's a non-issue.

Offline

#10 2022-04-28 04:47:52

loh.tar
Member
Registered: 2010-10-17
Posts: 49

Re: [SOLVED] invalid or corrupted package (PGP signature)

> If you already have the latest keyring package, it's a non-issue. If you don't have anything installed that uses that specific key, it's a non-issue.

Is that the reasoning for not fixing it as suggested? Pretty strange.

This whole package check only makes sense if the necessary keys are up to date. Therefore it seems to me mandatory that these are always updated first.

Offline

#11 2022-04-28 07:03:17

seth
Member
Registered: 2012-09-03
Posts: 49,951

Re: [SOLVED] invalid or corrupted package (PGP signature)

loh.tar wrote:

Is that the reasoning for not fixing it as suggested? Pretty strange.

Maybe re-read the sequence of posts:

walkingstickfan wrote:

...so would it be good practice to update the archlinux-keyring first whenever users see it in the list of packages to be upgraded?

ordinary.schreiber wrote:

I'm not sure about that. Personally I encountered this issue only in 1 of 3 systems I use everyday. In the other two systems the upgrade went straight without a problem.
The only difference I noticed ….

Scimmia wrote:

It's all going to depend on …

I'll break that down for you:
walkingstickfan asked whether one should always pre-up archlinux-keyring, ordinary.schreiber cautioned that this seems a conditional requirement and Scimmia explained what that condition is.
Nobody reasoned anything about anything.

https://bugs.archlinux.org/task/47892
https://bugs.archlinux.org/task/61609

Offline

#12 2022-04-28 11:52:12

Cvlc
Member
Registered: 2020-03-26
Posts: 273

Re: [SOLVED] invalid or corrupted package (PGP signature)

Hi, chiming in because I had the same problem.

https://wiki.archlinux.org/title/Pacman … _regularly

# pacman -Sy archlinux-keyring && pacman -Su

Where can we suggest that this tip be added to pacman when the relevant errors are detected ?

If end-users end up on the forum asking for help just to perform a simple update, it means something can be improved.... This is not a corner case or a user mistake....

Offline

#13 2022-04-28 19:35:11

tlbj6142
Member
Registered: 2022-04-28
Posts: 1

Re: [SOLVED] invalid or corrupted package (PGP signature)

FWIW, I get the same error on a virgin install using the archinstall script.  I have no idea how to work around it given my only interface is archinstall script.  Thoughts?

Offline

#14 2022-04-28 19:55:37

seth
Member
Registered: 2012-09-03
Posts: 49,951

Re: [SOLVED] invalid or corrupted package (PGP signature)

It looks like what has happened in this case is that a key was used to sign a package 3 days after it hit the archlinux-keyring package - what's obviously very prone to trigger this condition.
Usually™ one would only run into this when not updating for a while.

Where can we suggest that this tip be added to pacman when the relevant errors are detected ?

https://bugs.archlinux.org/task/61609#comment176828

Thoughts?

The figleaf (afaiu) justification for the archinstall script was, that it's actually not meant for this purpose…

Offline

#15 2022-05-01 09:08:50

jamestsang
Member
Registered: 2022-01-28
Posts: 1

Re: [SOLVED] invalid or corrupted package (PGP signature)

Scimmia wrote:

Update archlinux-keyring first

Thanks a lot! This problem disturbs me so much. You are my hero!

Offline

#16 2022-05-02 03:13:49

Texbrew
Member
From: The Lone Star State
Registered: 2016-02-09
Posts: 580

Re: [SOLVED] invalid or corrupted package (PGP signature)

Scimmia wrote:

Update archlinux-keyring first

You got Mad Skillz, Scimmia.
Thank you for providing the solution!

Offline

#17 2022-05-02 08:15:13

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 21,410

Re: [SOLVED] invalid or corrupted package (PGP signature)

We have now sufficient information that you need to do this if you haven't update in a while and this is also documented under https://wiki.archlinux.org/title/Pacman … )%22_error

To prevent a load of needless bumps whenever someone runs into these I'm going to close this thread.

Closing.

Offline

Board footer

Powered by FluxBB