[Dev] Issues with GPG signatures when updating packages

Stefano nospam at curso.re
Mon Jan 29 21:42:57 GMT 2018


nospam at curso.re (Stefano M.) writes:

> Joshua Haase <hahj87 at gmail.com> writes:
>
>> Luke Shumaker <lukeshu at lukeshu.com> writes:
>>
>>> does
>>>
>>>     sudo pacman -S {archlinux{,32,arm},parabola}-keyring
>>>
>>> take care of it?
>>
>>
>> I did:
>>
>>     sudo pacman -S archlinux-keyring parabola-keyring
>>     sudo pacman-key --refresh
>>
>> That did work.
>
> Unfortunately that did not work:
>
> $ sudo pacman -S jansson
> resolving dependencies...
> looking for conflicting packages...
>
> Packages (1) jansson-2.10-3
>
> Total Download Size:   0.04 MiB
> Total Installed Size:  0.16 MiB
> Net Upgrade Size:      0.00 MiB
>
> :: Proceed with installation? [Y/n]
> :: Retrieving packages...
>  jansson-2.10-3-x86_64 37.1 KiB   700K/s 00:00 [################] 100%
> (1/1) checking keys in keyring                 [################] 100%
> (1/1) checking package integrity               [################] 100%
> error: jansson: signature from "Eli Schwartz <eschwartz at archlinux.org>" is marginal trust
> :: File /var/cache/pacman/pkg/jansson-2.10-3-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
> Do you want to delete it? [Y/n]
> error: failed to commit transaction (invalid or corrupted package (PGP signature))
> Errors occurred, no packages were upgraded.
>
> _______________________________________________
> Dev mailing list
> Dev at lists.parabola.nu
> https://lists.parabola.nu/mailman/listinfo/dev


After some more digging, I found the solution on the Archlinux forums[1]

> pacman-key --delete 91FFE0700E80619CEB73235CA88E23E377514E00
> pacman-key --populate archlinux

[1] https://bbs.archlinux.org/viewtopic.php?pid=1760826#p1760826



More information about the Dev mailing list