SIGNATURE & KEYRING

  2. Home
  4. Docs
  6. SIGNATURE & KEYRING
  8. pacman keyring issues

pacman keyring issues

Sometimes it happens and you get error like this:

error: signature from "xyz <[email protected]>" is unknown trust :: File /var/cache/pacman/pkg/packagename.tar.xz is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n]

Here are the usual fixes 

sudo pacman-key --init
sudo pacman-key --populate archlinux endeavouros
sudo pacman-key --refresh-keys
sudo pacman -Syyu

Currently there are issues on the usage of open gpg-key-servers and yes archlinux is using them to sync the keys of developers, you may get an error message like this:

(4/4) checking package integrity                                       [#######################################] 100%
error: packagename: signature from "X Y <[email protected]>" is unknown trust
:: File /var/cache/pacman/pkg/packagename.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y

or you get this error on using sudo pacman-key --refresh-keys

sudo pacman-key --refresh-keys
gpg: refreshing 121 keys from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: General error
==> ERROR: A specified local key could not be updated from a keyserver.

It could be this keyserver problem with the default used keyserver from gnupg, but there is a simple fix, use another protocol or change the default used server to one working for you, mostly hkps:// server pool is failing currently and the hkp:// protocol is working but the default used server pacman try to use is this:

hkps://pool.sks-keyservers.net

using the hkp:// only protocol is known to work currently:

edit pacmans gpg.conf like this:

sudo nano /etc/pacman.d/gnupg/gpg.conf

that it looks like this:

no-greeting
no-permission-warning
lock-never
keyserver-options timeout=10
keyserver-options import-clean
keyserver-options no-self-sigs-only
keyserver hkp://pool.sks-keyservers.net

save the file [Ctrl+X] and try again (to update system or renew pacman keys) it is also known that using hkp:// protocol is a workaround if you are behind a proxy.

Only EndeavourOS packages failed with key error:

There are also some harder ways id nothing helps:

sudo pacman-key --add /usr/share/pacman/keyrings/endeavouros.gpg 
sudo pacman-key --lsign-key 497AF50C92AD2384C56E1ACA003DB8B0CB23504F
sudo pacman-key --populate
sudo pacman-key --refresh-keys
sudo pacman -Syy

This will recopy EndeavourOS key back into pacmans keyring.

Follow us
Was this article helpful to you? Yes 1 No

How can we help?