You are not logged in.
- Topics: Active | Unanswered
#1 2023-06-26 09:30:11
- hmalissa
- Member
- Registered: 2020-01-28
- Posts: 5
Invalid or corrupted package (PGP signature)
So, I wanted to update all packages on an Arch system that hasn't been in use for some time. The last time I've updated the system was about 2 years ago.
When I run:
# pacman -Syu
it will download new versions of lots of packages normally, but after pacman does its 'checking package integrity' step, I get:
error: PACKAGE NAME: signature from "NAME <EMAIL>" is unknown trust
:: File /var/cache/pacman/pkg/PACKAGE FILE is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
It does this for each and every package that has been downloaded. Independently of whether I hit Y or n, pacman terminates with:
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.
I've tried several times already. I assume that due to the fact that this particular system hasn't been in use for a long time, the package repositories and the database that contains PGP signatures etc. got way out of sync.
Is there a way to circumvent this, for example, by getting a current list of PGP signatures or such?
Thanks a lot,
Hans
Offline
#2 2023-06-26 13:24:42
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 13,646
Re: Invalid or corrupted package (PGP signature)
Update archlinux-keyring first.
Offline
#3 2023-06-27 10:04:32
- hmalissa
- Member
- Registered: 2020-01-28
- Posts: 5
Re: Invalid or corrupted package (PGP signature)
Update archlinux-keyring first.
That did the trick, thanks!
Offline