You are not logged in.
- Topics: Active | Unanswered
#1 2024-07-19 03:40:07
- thoth
- Member
- Registered: 2010-01-10
- Posts: 112
invalid signatures every update [SOLVED]
I seem to be plagued with invalid signatures.
sudo pacman -S ncdu
warning: ncdu-2.4-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...
Packages (1) ncdu-2.4-1
Total Installed Size: 0.46 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n]
(1/1) checking keys in keyring [##############################################################################] 100%
(1/1) checking package integrity [##############################################################################] 100%
error: ncdu: signature from "Daurnimator <daurnimator@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/ncdu-2.4-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).This happens every update lately. Albeit it seems to be random whose key is to blame.
Last edited by thoth (2025-06-10 14:49:24)
Offline
#2 2024-07-19 05:26:28
- mpan
- Member
- Registered: 2012-08-01
- Posts: 1,589
- Website
Re: invalid signatures every update [SOLVED]
Try resetting pacman’s keyring.
After reading Scimmia’s suggestion and giving it a second thought, I think the mirror may indeed be the cause.
Last edited by mpan (2024-07-19 13:50:13)
Paperclips in avatars? | Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
#3 2024-07-19 13:07:09
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 13,694
Re: invalid signatures every update [SOLVED]
That isn't a keyring issue. Try a different mirror.
Offline
#4 2025-05-31 00:00:09
- thoth
- Member
- Registered: 2010-01-10
- Posts: 112
Re: invalid signatures every update [SOLVED]
ok getting this issue again nearly a year later in the same package, on the same machine (but not on others):
pacman -S ncdu
resolving dependencies...
looking for conflicting packages...
Packages (1) ncdu-2.7-1
Total Installed Size: 0.51 MiB
:: Proceed with installation? [Y/n]
(1/1) checking keys in keyring [#####################################################################] 100%
(1/1) checking package integrity [#####################################################################] 100%
error: ncdu: signature from "Daurnimator <daurnimator@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/ncdu-2.7-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.that file has the following checksums:
1 root@saruman ~ # sha512sum /var/cache/pacman/pkg/ncdu-2.7-1-x86_64.pkg.tar.zst
57ad2b6a15f8d54c313a9c373ead95ef44a26d147b11d819cf69bb04a3509c12373ebbd30cb67d94683684bbb1f8d238e8438e8e3f1fc09b90984c2e60d5e70d /var/cache/pacman/pkg/ncdu-2.7-1-x86_64.pkg.tar.zst
root@saruman ~ # sha256sum /var/cache/pacman/pkg/ncdu-2.7-1-x86_64.pkg.tar.zst
7df05a1f9eb32a3feda410ed4d1901b991ac81a5910b0f2886e846fd5d5fe7c7 /var/cache/pacman/pkg/ncdu-2.7-1-x86_64.pkg.tar.zst
root@saruman ~ # md5sum /var/cache/pacman/pkg/ncdu-2.7-1-x86_64.pkg.tar.zst
5172a8dc0dd4c868c584c29b1a33779f /var/cache/pacman/pkg/ncdu-2.7-1-x86_64.pkg.tar.zsthow can I verify a package manually? I just ran those same sums on a machine that successfully installed ncdu and got the same sums back.
I have tried the usual suspects in fixing it:
90 sudo pacman -S archlinux-keyring
94 sudo pacman-key --init && sudo pacman-key --populate
96 pacman -Sy archlinux-keyring && pacman -Su
98 gpg --search-keys daurnimator
102 pacman-key --refresh-keyDuarnimator is in the keys:
gpg --homedir /etc/pacman.d/gnupg --list-keys|grep -i daurn
gpg: WARNING: unsafe permissions on homedir '/etc/pacman.d/gnupg'
uid [ full ] Daurnimator <daurnimator@archlinux.org>
uid [marginal] Daurnimator <quae@daurnimator.com>Last edited by thoth (2025-05-31 00:22:06)
Offline
#5 2025-05-31 00:24:08
- thoth
- Member
- Registered: 2010-01-10
- Posts: 112
Re: invalid signatures every update [SOLVED]
Is it possible the machine that ncdu fails on is missing some hardware feature? or something is fried on the mobo?
Offline
#6 2025-05-31 03:05:24
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 13,694
Re: invalid signatures every update [SOLVED]
Is your clock wrong? I think that produces a different error, but I'm not certain.
Offline
#7 2025-05-31 08:07:36
- seth
- Member
- From: Don't DM me only for attention
- Registered: 2012-09-03
- Posts: 74,254
Re: invalid signatures every update [SOLVED]
Also
pacman-key -l daurnOffline
#8 2025-05-31 14:34:36
- thoth
- Member
- Registered: 2010-01-10
- Posts: 112
Re: invalid signatures every update [SOLVED]
@Scimmia clock is sync'd with ntp:
timedatectl
Local time: Sat 2025-05-31 09:30:51 CDT
Universal time: Sat 2025-05-31 14:30:51 UTC
RTC time: Sat 2025-05-31 14:30:51
Time zone: America/Rainy_River (CDT, -0500)
System clock synchronized: yes
NTP service: active
RTC in local TZ: nopacman-key -l daurn
pub rsa4096 2015-01-25 [SC] [expires: 2025-07-01]
954A3772D62EF90E4B31FBC6C91A9911192C187A
uid [ full ] Daurnimator <daurnimator@archlinux.org>
uid [marginal] Daurnimator <quae@daurnimator.com>
sub rsa4096 2016-04-06 [S] [expires: 2025-07-01]
sub rsa4096 2016-04-06 [A] [expires: 2025-07-01]
sub rsa4096 2015-01-25 [E] [expires: 2025-07-01]How does pacman verify the file? is there a list of signature so I can compare the checksum of the file with the official one?
Offline
#9 2025-05-31 14:49:22
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 13,694
Re: invalid signatures every update [SOLVED]
The sigs are stored on the server and downloaded along with the package. You'll find them in the cache.
Offline
#10 2025-06-02 20:04:08
- thoth
- Member
- Registered: 2010-01-10
- Posts: 112
Re: invalid signatures every update [SOLVED]
ya silly me its right next to the file in /var/cache/pcaman, but how do I manually verify?
It seems like this page would have the answer, but I'm not seeing it:
https://wiki.archlinux.org/title/Pacman/Package_signing
`pacman -Uv /path/package` at least adds some verbosity:
1 root@saruman ~ # pacman -Uv /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst
Root : /
Conf File : /etc/pacman.conf
DB Path : /var/lib/pacman/
Cache Dirs: /var/cache/pacman/pkg/
Hook Dirs : /usr/share/libalpm/hooks/ /etc/pacman.d/hooks/
Lock File : /var/lib/pacman/db.lck
Log File : /var/log/pacman.log
GPG Dir : /etc/pacman.d/gnupg/
Targets : /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst
loading packages...
error: '/var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst': invalid or corrupted package (PGP signature)however on my laptop it works just fine:
sudo pacman -Uv /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst
Root : /
Conf File : /etc/pacman.conf
DB Path : /var/lib/pacman/
Cache Dirs: /var/cache/pacman/pkg/
Hook Dirs : /usr/share/libalpm/hooks/ /etc/pacman.d/hooks/
Lock File : /var/lib/pacman/db.lck
Log File : /var/log/pacman.log
GPG Dir : /etc/pacman.d/gnupg/
Targets : /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst
loading packages...
warning: ncdu-2.8.2-2 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...
Packages (1) ncdu-2.8.2-2
Total Installed Size: 0.60 MiB
Net Upgrade Size: 0.00 MiB
:: Proceed with installation? [Y/n]
(1/1) checking keys in keyring [#####################################################################] 100%
(1/1) checking package integrity [#####################################################################] 100%
(1/1) loading package files [#####################################################################] 100%
(1/1) checking for file conflicts [#####################################################################] 100%
(1/1) checking available disk space [#####################################################################] 100%
:: Processing package changes...
(1/1) reinstalling ncdu [#####################################################################] 100%
:: Running post-transaction hooks...
(1/1) Arming ConditionNeedsUpdate...Last edited by thoth (2025-06-02 20:25:18)
Offline
#11 2025-06-02 20:24:32
- thoth
- Member
- Registered: 2010-01-10
- Posts: 112
Re: invalid signatures every update [SOLVED]
generically with gpg?
2 root@saruman ~ # gpg --search-keys daurnimator
gpg: data source: https://[2620:2d:4000:1007::d43]:443
(1) Daurnimator <quae@daurnimator.com>
1024 bit DSA key F2678F1F14AE2EA2, created: 2009-07-28
(2) Daurnimator <quae@daurnimator.com>
Daurnimator <daurnimator@archlinux.org>
4096 bit RSA key C91A9911192C187A, created: 2015-01-25
Keys 1-2 of 2 for "daurnimator". Enter number(s), N)ext, or Q)uit > 2
gpg: key C91A9911192C187A: 6 duplicate signatures removed
gpg: key C91A9911192C187A: "Daurnimator <daurnimator@archlinux.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
root@saruman ~ # gpg --verify /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst.sig /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst
gpg: Signature made Sun 01 Jun 2025 05:57:17 AM CDT
gpg: using RSA key 1E2633CBF730F2CE6EC7AB7045B429A8F9D9D22A
gpg: Good signature from "Daurnimator <daurnimator@archlinux.org>" [unknown]
gpg: aka "Daurnimator <quae@daurnimator.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 954A 3772 D62E F90E 4B31 FBC6 C91A 9911 192C 187A
Subkey fingerprint: 1E26 33CB F730 F2CE 6EC7 AB70 45B4 29A8 F9D9 D22Aand on the machine where ncdu installs without issue:
2 root@perseus ~ # gpg --search-keys daurnimator
gpg: data source: https://185.125.188.26:443
(1) Daurnimator <quae@daurnimator.com>
1024 bit DSA key F2678F1F14AE2EA2, created: 2009-07-28
(2) Daurnimator <quae@daurnimator.com>
Daurnimator <daurnimator@archlinux.org>
4096 bit RSA key C91A9911192C187A, created: 2015-01-25
Keys 1-2 of 2 for "daurnimator". Enter number(s), N)ext, or Q)uit > 2
gpg: key C91A9911192C187A: 6 duplicate signatures removed
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key C91A9911192C187A: public key "Daurnimator <daurnimator@archlinux.org>" imported
gpg: Total number processed: 1
gpg: imported: 1
root@perseus ~ # gpg --verify /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst.sig /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst
gpg: Signature made Sun 01 Jun 2025 05:57:17 AM CDT
gpg: using RSA key 1E2633CBF730F2CE6EC7AB7045B429A8F9D9D22A
gpg: Good signature from "Daurnimator <daurnimator@archlinux.org>" [unknown]
gpg: aka "Daurnimator <quae@daurnimator.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 954A 3772 D62E F90E 4B31 FBC6 C91A 9911 192C 187A
Subkey fingerprint: 1E26 33CB F730 F2CE 6EC7 AB70 45B4 29A8 F9D9 D22ABut I don't see the difference other than I did need to import the key on the second machine.
Offline
#12 2025-06-02 21:09:56
- seth
- Member
- From: Don't DM me only for attention
- Registered: 2012-09-03
- Posts: 74,254
Re: invalid signatures every update [SOLVED]
pacman-key -v /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst.sig
md5sum /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst*Offline
#13 2025-06-02 22:19:44
- thoth
- Member
- Registered: 2010-01-10
- Posts: 112
Re: invalid signatures every update [SOLVED]
root@saruman ~ # pacman-key -v /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst.sig
==> Checking /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst.sig... (detached)
gpg: Signature made Sun 01 Jun 2025 05:57:17 AM CDT
gpg: using RSA key 1E2633CBF730F2CE6EC7AB7045B429A8F9D9D22A
gpg: WARNING: signing subkey 45B429A8F9D9D22A has an invalid cross-certification
gpg: Can't check signature: General error
==> ERROR: The signature verification for /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst.sig failed.
1 root@saruman ~ # md5sum /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst*
055b2930c5312bdde56b7e063519f5fc /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst
e9810ab2704d980548cc0f178982f076 /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst.sig
root@saruman ~ # sha512sum /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst*
b421ba26056b159ae155059323a9e1e4b22ee8385d3eafc8c4b648ea177a52a960bf3d43b9e2f19e506462c074c94b8bfdb5f1972a096893fe996302df0a092b /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst
49d9eee08a54c04029fbadc00865908c8b2bb1c74b8a78e762400de46e011dbbc55df4ec8b567a365345343e15ff22e1b1088dfd1790a769c3a63ade71e1e2f8 /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst.sigand on the working machine:
1 root@perseus ~ # pacman-key -v /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst.sig
==> Checking /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst.sig... (detached)
gpg: Signature made Sun 01 Jun 2025 05:57:17 AM CDT
gpg: using RSA key 1E2633CBF730F2CE6EC7AB7045B429A8F9D9D22A
gpg: Good signature from "Daurnimator <daurnimator@archlinux.org>" [full]
gpg: aka "Daurnimator <quae@daurnimator.com>" [marginal]
root@perseus ~ # md5sum /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst*
055b2930c5312bdde56b7e063519f5fc /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst
e9810ab2704d980548cc0f178982f076 /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst.sig
sha512sum /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst*
b421ba26056b159ae155059323a9e1e4b22ee8385d3eafc8c4b648ea177a52a960bf3d43b9e2f19e506462c074c94b8bfdb5f1972a096893fe996302df0a092b /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst
49d9eee08a54c04029fbadc00865908c8b2bb1c74b8a78e762400de46e011dbbc55df4ec8b567a365345343e15ff22e1b1088dfd1790a769c3a63ade71e1e2f8 /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst.sigso what is going on? the md5sums match
Offline
#14 2025-06-02 23:19:11
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 13,694
Re: invalid signatures every update [SOLVED]
Well that's interesting, it looks like it *is* a keyring issue, just one I've never seen before. Somehow the primary key isn't correctly backsigned by the signing key. How this could happen, I have no idea. mpan's suggestion way back in post #2 turns out to be the simplest method to fix this. If you have any 3rd party repos that are signed, you'd have to redo that portion as well.
Usually when we see keyring issues, they're trust issues, missing keys, etc. This is a weird one.
Offline
#15 2025-06-02 23:57:30
- thoth
- Member
- Registered: 2010-01-10
- Posts: 112
Re: invalid signatures every update [SOLVED]
I added in --refresh-key for funsies too, same results though. But I'll run any sequence you guys want. It's almost as if it is a hardware issue of some sort on this machine, like the drive has funny geometry or something, but the md5sum would be off? I dunno, definitely weird:
sudo pacman-key --init && sudo pacman-key --populate && pacman-key --refresh-key && pacman -Sy archlinux-keyring && pacman -Su ncdu
:: Proceed with installation? [Y/n]
:: Retrieving packages...
python-markupsafe-3.0.2-1-x86_64 20.1 KiB 223 KiB/s 00:00 [#####################################################################] 100%
python-py7zr-1.0.0-1-any 150.9 KiB 1217 KiB/s 00:00 [#####################################################################] 100%
Total (2/2) 171.0 KiB 1221 KiB/s 00:00 [#####################################################################] 100%
(3/3) checking keys in keyring [#####################################################################] 100%
(3/3) checking package integrity [#####################################################################] 100%
error: ncdu: signature from "Daurnimator <daurnimator@archlinux.org>" is invalid
:: File /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.And then I checked the file again:
1 root@saruman ~ # pacman-key -v /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst.sig
==> Checking /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst.sig... (detached)
gpg: Signature made Sun 01 Jun 2025 05:57:17 AM CDT
gpg: using RSA key 1E2633CBF730F2CE6EC7AB7045B429A8F9D9D22A
gpg: WARNING: signing subkey 45B429A8F9D9D22A has an invalid cross-certification
gpg: Can't check signature: General error
==> ERROR: The signature verification for /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst.sig failed.
1 root@saruman ~ # md5sum /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst*
055b2930c5312bdde56b7e063519f5fc /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst
e9810ab2704d980548cc0f178982f076 /var/cache/pacman/pkg/ncdu-2.8.2-2-x86_64.pkg.tar.zst.sigI could capture the full logs if anyone wants that too.
Last edited by thoth (2025-06-03 00:00:05)
Offline
#16 2025-06-03 00:03:17
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 13,694
Re: invalid signatures every update [SOLVED]
You deleted the dir before doing all of that?
Offline
#17 2025-06-03 07:05:19
- seth
- Member
- From: Don't DM me only for attention
- Registered: 2012-09-03
- Posts: 74,254
Re: invalid signatures every update [SOLVED]
Also maybe
pacman-key -l 45B429A8F9D9D22A
pacman-conf
cat /etc/pacman.d/gnupgOffline
#18 2025-06-03 14:53:29
- thoth
- Member
- Registered: 2010-01-10
- Posts: 112
Re: invalid signatures every update [SOLVED]
@scimmia which dir should I delete?
@seth /etc/pacman.d/gnupg is a directory was there a certain file you wanted to see?
1 root@saruman ~ # pacman-key -l 45B429A8F9D9D22A
pub rsa4096 2015-01-25 [SC] [expires: 2025-07-01]
954A3772D62EF90E4B31FBC6C91A9911192C187A
uid [ full ] Daurnimator <daurnimator@archlinux.org>
uid [marginal] Daurnimator <quae@daurnimator.com>
sub rsa4096 2016-04-06 [S] [expires: 2025-07-01]
sub rsa4096 2016-04-06 [A] [expires: 2025-07-01]
sub rsa4096 2015-01-25 [E] [expires: 2025-07-01]
root@saruman ~ # pacman-conf
[options]
RootDir = /
DBPath = /var/lib/pacman/
CacheDir = /var/cache/pacman/pkg/
HookDir = /etc/pacman.d/hooks/
GPGDir = /etc/pacman.d/gnupg/
LogFile = /var/log/pacman.log
HoldPkg = pacman
HoldPkg = glibc
Architecture = x86_64
Color
CheckSpace
ParallelDownloads = 5
CleanMethod = KeepInstalled
SigLevel = PackageRequired
SigLevel = PackageTrustedOnly
SigLevel = DatabaseOptional
SigLevel = DatabaseTrustedOnly
LocalFileSigLevel = PackageOptional
LocalFileSigLevel = PackageTrustedOnly
[core]
Usage = All
Server = https://nocix.mm.fcix.net/archlinux/core/os/x86_64
Server = https://forksystems.mm.fcix.net/archlinux/core/os/x86_64
Server = https://iad.mirrors.misaka.one/archlinux/core/os/x86_64
Server = https://repo.ialab.dsu.edu/archlinux/core/os/x86_64
Server = https://volico.mm.fcix.net/archlinux/core/os/x86_64
Server = https://mirror.wdc1.us.leaseweb.net/archlinux/core/os/x86_64
Server = https://mirror.arizona.edu/archlinux/core/os/x86_64
Server = https://ohioix.mm.fcix.net/archlinux/core/os/x86_64
Server = https://mirror.fcix.net/archlinux/core/os/x86_64
Server = https://mnvoip.mm.fcix.net/archlinux/core/os/x86_64
Server = https://mirror.adectra.com/archlinux/core/os/x86_64
Server = https://mirrors.xtom.com/archlinux/core/os/x86_64
Server = https://codingflyboy.mm.fcix.net/archlinux/core/os/x86_64
Server = https://mirrors.kernel.org/archlinux/core/os/x86_64
Server = https://irltoolkit.mm.fcix.net/archlinux/core/os/x86_64
Server = https://mirrors.ocf.berkeley.edu/archlinux/core/os/x86_64
Server = https://america.mirror.pkgbuild.com/core/os/x86_64
Server = https://coresite.mm.fcix.net/archlinux/core/os/x86_64
[extra]
Usage = All
Server = https://nocix.mm.fcix.net/archlinux/extra/os/x86_64
Server = https://forksystems.mm.fcix.net/archlinux/extra/os/x86_64
Server = https://iad.mirrors.misaka.one/archlinux/extra/os/x86_64
Server = https://repo.ialab.dsu.edu/archlinux/extra/os/x86_64
Server = https://volico.mm.fcix.net/archlinux/extra/os/x86_64
Server = https://mirror.wdc1.us.leaseweb.net/archlinux/extra/os/x86_64
Server = https://mirror.arizona.edu/archlinux/extra/os/x86_64
Server = https://ohioix.mm.fcix.net/archlinux/extra/os/x86_64
Server = https://mirror.fcix.net/archlinux/extra/os/x86_64
Server = https://mnvoip.mm.fcix.net/archlinux/extra/os/x86_64
Server = https://mirror.adectra.com/archlinux/extra/os/x86_64
Server = https://mirrors.xtom.com/archlinux/extra/os/x86_64
Server = https://codingflyboy.mm.fcix.net/archlinux/extra/os/x86_64
Server = https://mirrors.kernel.org/archlinux/extra/os/x86_64
Server = https://irltoolkit.mm.fcix.net/archlinux/extra/os/x86_64
Server = https://mirrors.ocf.berkeley.edu/archlinux/extra/os/x86_64
Server = https://america.mirror.pkgbuild.com/extra/os/x86_64
Server = https://coresite.mm.fcix.net/archlinux/extra/os/x86_64
[multilib]
Usage = All
Server = https://nocix.mm.fcix.net/archlinux/multilib/os/x86_64
Server = https://forksystems.mm.fcix.net/archlinux/multilib/os/x86_64
Server = https://iad.mirrors.misaka.one/archlinux/multilib/os/x86_64
Server = https://repo.ialab.dsu.edu/archlinux/multilib/os/x86_64
Server = https://volico.mm.fcix.net/archlinux/multilib/os/x86_64
Server = https://mirror.wdc1.us.leaseweb.net/archlinux/multilib/os/x86_64
Server = https://mirror.arizona.edu/archlinux/multilib/os/x86_64
Server = https://ohioix.mm.fcix.net/archlinux/multilib/os/x86_64
Server = https://mirror.fcix.net/archlinux/multilib/os/x86_64
Server = https://mnvoip.mm.fcix.net/archlinux/multilib/os/x86_64
Server = https://mirror.adectra.com/archlinux/multilib/os/x86_64
Server = https://mirrors.xtom.com/archlinux/multilib/os/x86_64
Server = https://codingflyboy.mm.fcix.net/archlinux/multilib/os/x86_64
Server = https://mirrors.kernel.org/archlinux/multilib/os/x86_64
Server = https://irltoolkit.mm.fcix.net/archlinux/multilib/os/x86_64
Server = https://mirrors.ocf.berkeley.edu/archlinux/multilib/os/x86_64
Server = https://america.mirror.pkgbuild.com/multilib/os/x86_64
Server = https://coresite.mm.fcix.net/archlinux/multilib/os/x86_64
[xyne-any]
Usage = All
SigLevel = PackageRequired
SigLevel = PackageTrustedOnly
SigLevel = DatabaseRequired
SigLevel = DatabaseTrustedOnly
Server = https://xyne.dev/repos/xyne
[xyne-x86_64]
Usage = All
SigLevel = PackageRequired
SigLevel = PackageTrustedOnly
SigLevel = DatabaseRequired
SigLevel = DatabaseTrustedOnly
Server = https://xyne.dev/repos/xyne
[archrepo]
Usage = All
SigLevel = PackageOptional
SigLevel = PackageTrustedOnly
SigLevel = DatabaseOptional
SigLevel = DatabaseTrustedOnly
Server = https://thalhalla.gitlab.io/archrepo/x86_64
cat: /etc/pacman.d/gnupg: Is a directory
root@saruman ~ # ls -alh /etc/pacman.d/gnupg
total 2.8M
drwxr-xr-x 1 root root 420 Jun 2 18:39 .
drwxr-xr-x 1 root root 130 May 22 14:53 ..
drwx------ 1 root root 14 Jul 9 2024 crls.d
-rw-r--r-- 1 root root 17 Jul 9 2024 gpg-agent.conf
-rw-r--r-- 1 root root 130 Jul 9 2024 gpg.conf
-rw-r--r-- 1 root root 0 Jul 9 2024 .gpg-v21-migrated
drwx------ 1 root root 176 Jul 9 2024 openpgp-revocs.d
drwx------ 1 root root 176 Jul 9 2024 private-keys-v1.d
-rw-r--r-- 1 root root 1.4M Jun 2 18:39 pubring.gpg
-rw-r--r-- 1 root root 1.4M Jun 2 18:39 pubring.gpg~
srw------- 1 root root 0 May 31 09:30 S.dirmngr
-rw------- 1 root root 0 Jul 9 2024 secring.gpg
srw------- 1 root root 0 May 31 09:30 S.gpg-agent
srw------- 1 root root 0 May 31 09:30 S.gpg-agent.browser
srw------- 1 root root 0 May 31 09:30 S.gpg-agent.extra
srw------- 1 root root 0 May 31 09:30 S.gpg-agent.ssh
srw------- 1 root root 0 May 31 09:30 S.keyboxd
-rw-r--r-- 1 root root 48K Jun 2 15:27 tofu.db
-rw-r--r-- 1 root root 17K Jun 2 18:39 trustdb.gpgLast edited by thoth (2025-06-03 14:54:24)
Offline
#19 2025-06-03 14:56:50
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 13,694
Re: invalid signatures every update [SOLVED]
From the link in post #2: "removing the /etc/pacman.d/gnupg directory (as root)"
Offline
#20 2025-06-03 15:13:52
- seth
- Member
- From: Don't DM me only for attention
- Registered: 2012-09-03
- Posts: 74,254
Re: invalid signatures every update [SOLVED]
gpg.conf, sorry - so far nothing looks suspicious 
Offline
#21 2025-06-03 16:43:27
- thoth
- Member
- Registered: 2010-01-10
- Posts: 112
Re: invalid signatures every update [SOLVED]
@seth
root@saruman ~ # cat /etc/pacman.d/gnupg/gpg.conf
no-greeting
no-permission-warning
keyserver-options timeout=10
keyserver-options import-clean
keyserver-options no-self-sigs-only@Scimmia if I remove that directory and try the populate fails?
1 root@saruman ~ # mv /etc/pacman.d/gnupg /tmp/ && pacman-key --init
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: agent_genkey failed: No such file or directory
gpg: key generation failed: No such file or directory
gpg: Done
==> Updating trust database...
gpg: no need for a trustdb check
root@saruman ~ # pacman-key --populate
==> ERROR: There is no secret key available to sign with.
==> Use 'pacman-key --init' to generate a default secret key.however, moving the original back in place does 'fix' it:
root@saruman ~ # mv /tmp/gnupg /etc/pacman.d
root@saruman ~ # pacman-key --populate
==> Appending keys from archlinux.gpg...
==> Updating trust database...
gpg: next trustdb check due at 2025-07-01Offline
#22 2025-06-03 17:36:32
- Scimmia
- Fellow
- Registered: 2012-09-01
- Posts: 13,694
Re: invalid signatures every update [SOLVED]
The populate fails because the init failed. A quick google, it seems like you need to restart/kill gpg-agent.
Offline
#23 2025-06-03 19:03:27
- mpan
- Member
- Registered: 2012-08-01
- Posts: 1,589
- Website
Re: invalid signatures every update [SOLVED]
Could this have been the problem all the time?
Was gnupg updated just before the problem appeared? According to package info, it has been last updated on 17th, but perhaps you delayed the -Syu?
Paperclips in avatars? | Sometimes I seem a bit harsh — don’t get offended too easily!
Offline
#24 2025-06-03 20:40:55
- thoth
- Member
- Registered: 2010-01-10
- Posts: 112
Re: invalid signatures every update [SOLVED]
How is this sequence supposed to go?
+ mv /etc/pacman.d/gnupg /tmp/
+ systemctl restart gpg-agent@etc-pacman.d-gnupg.socket
+ pacman-key --init
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: agent_genkey failed: No such file or directory
gpg: key generation failed: No such file or directory
gpg: Done
==> Updating trust database...
gpg: no need for a trustdb checkOffline
#25 2025-06-03 20:48:00
- thoth
- Member
- Registered: 2010-01-10
- Posts: 112
Re: invalid signatures every update [SOLVED]
@mpan I can update the system so long as ncdu is not in there:
root@saruman ~ # pacman -Syu
:: Synchronizing package databases...
core is up to date
extra is up to date
multilib is up to date
xyne-any is up to date
xyne-x86_64 is up to date
archrepo is up to date
:: Starting full system upgrade...
there is nothing to doOffline