Menu
I'm trying to do a full system upgrade using pacman -Syu. It says:
:: File /var/cache/pacman/pkg/turbulence-0.3.5-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
Is there a way to fix this?
684
To solve "invalid or corrupted package (PGP signature)" error in Arch Linux, we need to update the archlinux-keyring package. The above command will update the new keys and disable the revoked keys in your Arch Linux system. This time the upgrade process went well without any issues.
This could take a while depending on how up-to-date the system is. The following command synchronizes the repository databases and updates the system's packages, excluding “local” packages that are not in the configured repositories: pacman -Syu. S stands for sync. y is for refresh (local cache) u is for system update.
The solution here is to import the expected PGP signature into your systems public key ring. Arch uses the GnuPG implementation of the OpenPGP standard, as defined by RFC 4880 (also known as PGP). Now, you should be able to build your package!
Description. pacman-key is a wrapper script for GnuPG used to manage pacman's keyring, which is the collection of PGP keys used to check signed packages and databases. It provides the ability to import and export keys, fetch keys from keyservers and update the key trust database.
You may also be interested in running pacman-key --populate if the keys are massively out of date or if the other given answer of pacman-key --refresh-keys does not work in practice.
63
There are tons of topics out there that say you should edit the pacman.config file and remove the PGP key checks entirely but it's not a good idea.
simply run this command and wait for refreshing your keys by downloading them from the servers:
$ sudo pacman-key --refresh-keys
and then proceed with you full system upgrade sudo pacman -Syu
25
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
