After a few weeks, my wife's machine won't update

O.K. with holidays and everything this PC didn’t get the attention it deserved. So 228 files needed updated. It passed the Keyring stage so I take it it shouldn’t be unrecoverable, but what to do with this?

         thunar-volman-4.18.0-1  ttf-bitstream-vera-1.10-15  tumbler-4.18.0-1
           unrar-1:6.2.3-1  webkit2gtk-2.38.3-1  webkit2gtk-4.1-2.38.3-1
           webkit2gtk-5.0-2.38.3-1  welcome-3.45-1  whois-5.5.15-1  wireplumber-0.4.13-1
           xcb-util-0.4.1-1  xdg-desktop-portal-1.16.0-1  xfce4-appfinder-4.18.0-1
           xfce4-notifyd-0.6.5-1  xfce4-panel-4.18.0-1  xfce4-power-manager-4.18.0-1
           xfce4-screenshooter-1.10.1-2  xfce4-session-4.18.0-1  xfce4-settings-4.18.1-1
           xfce4-taskmanager-1.5.5-1  xfconf-4.18.0-1  xfdesktop-4.18.0-1  xfsprogs-6.0.0-2
           xfwm4-4.18.0-1  xorg-server-21.1.6-1  xorg-server-common-21.1.6-1
           xorg-xhost-1.0.9-1  xz-5.4.0-1  yad-12.3-1.1  yad-eos-12.1-1.1 [removal]

Total Installed Size: 4815.36 MiB
Net Upgrade Size: -59.74 MiB

:: Proceed with installation? [Y/n] y
(227/227) checking keys in keyring [--------------------------------] 100%
(227/227) checking package integrity [--------------------------------] 100%
error: openssl: signature from “Pierre Schmitz” is marginal trust
:: File /var/cache/pacman/pkg/openssl-3.0.7-4-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: openssl-1.1: signature from “Pierre Schmitz” is marginal trust
:: File /var/cache/pacman/pkg/openssl-1.1-1.1.1.s-4-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]

It fails after this point.

Install archlinux-keyring first, then update the system.

1 Like

is that a paru or yay command?

Any of pacman, yay, or paru will do. Pacman needs sudo.

1 Like

Found it:
pacman -S archlinux-keyring

I assume you already used flag y in your previous attempt.

1 Like

No, I have no idea about that.


sudo pacman -Sy archlinux-keyring
1 Like

[mark3@mark3-optiplex9020 ~]$ sudo pacman -Sy archlinux-keyring
[sudo] password for mark3:
:: Synchronizing package databases…
error: failed to synchronize all databases (unable to lock database)
[mark3@mark3-optiplex9020 ~]$

Maybe I caused that. I initially tried to timeshift it back before the problem. Maybe caused more problems.

Although if timeshift would do that, when could you ever use it?

You’ll need to delete the pacman db lock file.
Sorry but I can’t remember its location, and am not at my linux box now.
It is db.lck …

1 Like

I’ll check the web, thanks for the insight.

1 Like

All fixed, ran pacman -Syu, and that updated synchronized the databases, then keyring, then paru. All good.

1 Like

I just had the same problem to update, and installing archlinux-keyring fixed it.

Just out of curiosity, why do I have to install archlinux-keyring to update my system, shouldn’t this be installed out of the box, or is this just updating my keyrings in the system?

It is about the order of installing packages.
If Arch keyrings change, then we should install new keys before installing other packages (that already depend on the new keys).
I don’t actually know all the details, but this is basically my understanding about it.

1 Like

Since some versions ago, Arch started shipping archlinux-keyring with a


which is triggered by its corresponding timer.

Wasn’t that aimed to remedy this issue of outdated signatures?

Yes. But it remains to be seen how it helps… :wink:

Edit: Maybe systems that haven’t been updated for a long time don’t have that yet.

If my memory serves me right, it was introduced a some months ago and perhaps the user invention for enabling the timer was needed. I don’t recall now :blush:

So the systems that don’t have it must be quite antiquated, says someone who check for updates like 10 times a day :sweat_smile:


Well, that happens… for systems that are not used for a long time. Could be e.g. a virtual machine, or an old laptop stored in a drawer, or whatever.
Happened very recently, within a couple of days, actually.

Yeah, I update many times a day too. :wink:

1 Like

Question is, what if you went out of the country for a few months or a year and left your laptop behind? Would the keyring reload always work? Is there a time limit?

Is it like a clock or a timer of set duration or something squishier than that?

Never mind, reading further up explained it. Order of upgrading packages.

True I have not updated my system for about 3 weeks, could be considered ages for arch system :laughing:

1 Like