Update Error Involving Keyrings

Sometimes when one goes to update Antergos, they are presented with an error such as this:

 antergos is up to date
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
:: Starting full system upgrade...
resolving dependencies...
looking for conflicting packages...

Packages (4) llvm-libs-4.0.0-3  openssl-1.0-1.0.2.l-1  opus-1.1.5-1  pango-1.40.6+9+g92cc73c8-1

Total Download Size:   14.47 MiB
Total Installed Size:  60.74 MiB
Net Upgrade Size:       0.57 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 llvm-libs-4.0.0-3-x86_64                      12.1 MiB   109K/s 01:53 [#######################################] 100%
 openssl-1.0-1.0.2.l-1-x86_64                1572.1 KiB   110K/s 00:14 [#######################################] 100%
 opus-1.1.5-1-x86_64                          343.3 KiB  75.3K/s 00:05 [#######################################] 100%
 pango-1.40.6+9+g92cc73c8-1-x86_64            501.4 KiB  86.6K/s 00:06 [#######################################] 100%



(4/4) checking keys in keyring [#######################################] 100%



(4/4) checking package integrity [#######################################] 100% error: llvm-libs: signature from "Evangelos Foutras <[email protected]>" is unknown trust :: File /var/cache/pacman/pkg/llvm-libs-4.0.0-3-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] y error: openssl-1.0: signature from "Pierre Schmitz <[email protected]>" is unknown trust :: File /var/cache/pacman/pkg/openssl-1.0-1.0.2.l-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] y error: opus: signature from "Jan Alexander Steffens (heftig) <[email protected]>" is unknown trust :: File /var/cache/pacman/pkg/opus-1.1.5-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] y error: pango: signature from "Jan Alexander Steffens (heftig) <[email protected]>" is unknown trust :: File /var/cache/pacman/pkg/pango-1.40.6+9+g92cc73c8-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] y error: failed to commit transaction (invalid or corrupted package (PGP signature)) Errors occurred, no packages were upgraded.

What is the reason for it?

While this can be confusing, you will notice that it attempted to "check keys in keyring" (line 22) right before it reported that the packages were corrupted.

Every now and again, this process fails and users are left unable to update or use pacman (the package manager).

It is not any of security issue for real, it is simply caused by some  unfortunate circumstances while the keyring/s are updated (change of keys are may come with new dev e.t.c.) The warning about trust and corrupted packages is shown because the keyring is not updated, and thus your system cannot verify the packages.

read here on ArchWiki: 

unknown trust installation failed

invalid or corrupted package

The solution

Luckily, this issue is often solved very easily with two simple commands:

sudo pacman -Scc

 and then

sudo pacman-key --refresh-keys

after that, try to update again using

sudo pacman -Syu

 

Behind a corporate proxy:

This appears however to fail if you are behind a corporate proxy, in which case the issue gets slightly more complicated. The corporate proxy keeps the system from reaching a keyserver and so it is not possible to refresh, or update, the keys without access to a server which holds them.There is however a relatively easy work around.

  1. Open up your file manager and click "Other Locations"
  2. From there, select "etc" and then "pacman.d" and "gnupg"
  3. Inside "gnupg" click on the file "gpg.conf" 
  4. The fourth line should say something like"keyserver hkp://pool.sks-keyservers.net"
  5. The "hkp" must be changed to "http"
  6. Save the file and close it and attempt refresh the keys again by running sudo pacman-key --refresh-keys

     If You Have a "Marginal Trust Error"

     Sometimes, instead of  the error being "Unknown Trust, it says "Marginal Trust". Here is an example:

    error: antergos-keyring: signature from "Antergos Build Server (Automated Package Build System) <[email protected]>" is marginal trust :: File /var/cache/pacman/pkg/antergos-keyring-20170524-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).

    1. If this is the case, simply navigate to "etc" and then "pacman.conf". To edit the file, first open up Nautilus (or whatever file manager you use) by entering this command into the terminal: sudo -S dbus-launch nautilus

    (replace "nautilus" with whatever file manager you use).

    2. Next, scroll down to the line that states:

     

     

    [antergos]
    SigLevel = PackageRequired
    Include = /etc/pacman.d/antergos-mirrorlist

     

    Change the middle line to "SigLevel = Never".

    3. Open up the Package Manager and search for "antergos-keyring". Uninstall it and then re-install it.

    4. Lastly, go back to the file you previously had open (pacman.conf) and where you put "SigLevel = Never, now replace it with "SigLevel = PackageRequired".

    5. Attempt to update once again.

    If this solution did not work for you, luckily there are two more ways of solving a "Marginal Error".

Alternative 1

  1. Rename the /etc/pacman.d/gnupg folder:

    sudo mv /etc/pacman.d/gnupg /etc/pacman.d/gnupg.old

  2. Init your keyring:
    sudo pacman-key --init

  3. Repopulate it:

    sudo pacman-key --populate archlinux antergos

    Alternative 2

    This method might also work in the event that all else has failed.
  4. sudo pacman -Scc  <-- reply with explicit y to the first question
    sudo pacman -Syy
    sudo pacman -S haveged
    sudo haveged -w 1024
    sudo pacman-key --init
    sudo pacman-key --populate archlinux antergos
    sudo pkill haveged
    sudo pacman -S archlinux-keyring antergos-keyring
    sudo pacman -Syu

     

    Hopefully your problem is now solved! This issue tends to pop up every now and again, so it would be a good idea to keep these commands handy somewhere.

 

 

Back to Installation Guide

(Visited 5,265 times, 28 visits today)

Pin It on Pinterest

Share This