Skip to content

Pacman keyring issues

Sometimes it happens that you get errors like this:

error: signature from "xyz <[email protected]>" is unknown trust :: File /var/cache/pacman/pkg/packagename.tar.xz is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n]
(4/4) checking package integrity                                       [#######################################] 100%
error: packagename: signature from "X Y <[email protected]>" is unknown trust
:: File /var/cache/pacman/pkg/packagename.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y

Here are the usual fixes

The first thing to try is to reinstall archlinux-keyring package as it will help in 99% of cases already to get working keys back:

sudo pacman -S archlinux-keyring

If this is not solving the issue with updating/installing you should try to manually reinstall the archlinux-keyring package. Download the package file https://archlinux.org/packages/core/any/archlinux-keyring/download

and install it manually from that local file sudo pacman -U archlinux-keyring* this will update trust database and should make keyring checking work again:

 » sudo pacman -U archlinux-keyring*
loading packages...
warning: archlinux-keyring-20220111-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Package (1)        Old Version  New Version  Net Change

archlinux-keyring  20220111-1   20220111-1     0,00 MiB

Total Installed Size:  1,41 MiB
Net Upgrade Size:      0,00 MiB

:: Proceed with installation? [Y/n] Y
(1/1) checking keys in keyring                                                                   [--------------------------------------------------------] 100%
(1/1) checking package integrity                                                                 [--------------------------------------------------------] 100%
(1/1) loading package files                                                                      [--------------------------------------------------------] 100%
(1/1) checking for file conflicts                                                                [--------------------------------------------------------] 100%
:: Processing package changes...
(1/1) reinstalling archlinux-keyring                                                             [--------------------------------------------------------] 100%
==> Appending keys from archlinux.gpg...
==> Updating trust database...
gpg: next trustdb check due at 2022-05-06
==> Updating trust database...
gpg: next trustdb check due at 2022-05-06
:: Running post-transaction hooks...
(1/3) Arming ConditionNeedsUpdate...

If this does not help and the issue persists try a bit harder:

sudo pacman-key --init
sudo pacman-key --populate archlinux endeavouros
sudo pacman -Syyu

Archlinux changed default server upstream on Archlinux to ubuntu.com so problematic sks server pool is not used anymore. Before it was a known issue to fail because of the sks keyservers:

Caused by https://bugs.archlinux.org/task/71078 sks keyserver pool issues and gone obsolete default keyserver is now set to hkps://keyserver.ubuntu.com so currently (August 2021) there is no such issue other than WKD is still new and using pacman-key will spam a lot of errors because it does not get WKD data for keys (developer simply do not provide it mostly) Some info: https://wiki.gnupg.org/WKD.

Only one keyserver line is allowed adding more will simply be ignored.

save the file [Ctrl+X] and try again (to update system or renew pacman keys) it is also known that using hkp:// protocol is a workaround if you are behind a proxy.

Only EndeavourOS packages failed with key error:

There are also some harder ways if nothing helps:

sudo pacman-key --add /usr/share/pacman/keyrings/endeavouros.gpg 
sudo pacman-key --lsign-key 497AF50C92AD2384C56E1ACA003DB8B0CB23504F
sudo pacman-key --populate
sudo pacman-key --refresh-keys
sudo pacman -Syy

This will recopy EndeavourOS key back into pacmans keyring.

GPGME error with all mirrors

If you got an error for synchronizing all databases like this:

error: GPGME error: No data
error: failed to synchronize all databases (invalid or corrupted database (PGP signature))

sudo cp -f "/etc/pacman.conf" "/etc/pacman.conf.orig"
sudo sed -i 's/SigLevel.*/SigLevel = Never/' /etc/pacman.conf
sudo pacman -Syy gnupg archlinux-keyring endeavouros-keyring
sudo mv -f "/etc/pacman.conf.orig" "/etc/pacman.conf"
sudo pacman -Syu
Connect with us:

Pacman keyring issues

  • by
%d bloggers like this: