[FAQ] Issues with “signature is marginal trust”, "signature is unknown trust", or “invalid or corrupted package”

If you’re getting an error similar to “Can’t update: signature from *** is marginal trust” or “invalid or corrupted package” you probably just need to update your package signing keys:

sudo pacman -Sy archlinux-keyring endeavouros-keyring
sudo pacman -Syu

Also make sure your system clock is correct!

Of course, it’s also possible that the package file actually is corrupt. Remove it from /var/cache/pacman/pkg/ so pacman will download it again.

If no package file is explicitly mentioned then you may have an incomplete download. Run sudo rm /var/cache/pacman/pkg/*.part to remove any partial downloads.

If you have any other errors, you can clear out the pacman keyring and start fresh:

sudo mv /etc/pacman.d/gnupg /root/pacman-key.bak
sudo pacman-key --init
sudo pacman-key --populate archlinux endeavouros
sudo pacman -Syy archlinux-keyring endeavouros-keyring
sudo pacman -Syyu

And if this still doesn’t work, and you trust that the packages are actually correct and not corrupt and haven’t been interfered with, then you can force (re)installation of the keyring packages:

sudo pacman -U /var/cache/pacman/pkg/{archlinux,endeavouros}-keyring*.pkg.tar.zst

then try again.

If you’re installing an AUR package a PGP key can be used to verify the source files. You will need to import this into your personal keyring before it can be verified. If you don’t you’ll get an error similar to:

[...]
llvm-5.0.0.src.tar.xz ... FAILED (unknown public key 0FC3042E345AD05D)
libcxx-5.0.0.src.tar.xz ... FAILED (unknown public key 0FC3042E345AD05D)
libcxxabi-5.0.0.src.tar.xz ... FAILED (unknown public key 0FC3042E345AD05D)
[...]

To “fix” this, simply import the key:

gpg --recv-key 0FC3042E345AD05D

Darn you @jonathon, you are going to run me out of likes.

Thanks for posting this Fixed things perfectly.

no-greeting
no-permission-warning
lock-never
keyserver-options timeout=10
keyserver-options import-clean
keyserver-options no-self-sigs-only
keyserver hkp://keys.gnupg.net:80

That’s great, this was very helpful to me

I had this issue with my installed system earlier today. I used the search feature of the forum and found this thread. The first post by jonathon cleared up and corrected my issue. Many thanks Sir!

Thanks! It works

thank you for posting this.

Hello, I am getting:

error: archlinux-keyring: signature from "Christian Hesse <eworm@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20230821-2-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] Y
error: endeavouros-keyring: signature from "EndeavourOS <info@endeavouros.com>" is unknown trust
:: File /var/cache/pacman/pkg/endeavouros-keyring-20230523-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] Y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

What do I do in this case? I already tried updating mirror servers with eos-rankmirrors and sudo reflector --country Germany --protocol https --save /etc/pacman.d/mirrorlist

update your keyrings with:

sudo pacman -Sy archlinux-keyring endeavouros-keyring

that’s the command i’m getting the error with

2023-09-12_20-471918×663 123 KB

edit: I got it working using the If you have any other errors, you can clear out the pacman keyring and start fresh: section

tried everything, but definitively can’t make it work

sudo pacman -Syy archlinux-keyring endeavouros-keyring
:: Synchronising package databases...
 endeavouros                                                                                                                                                       21,6 KiB   122 KiB/s 00:00 [-----------------------------------------------------------------------------------------------------------------------] 100%
 core                                                                                                                                                             128,9 KiB   516 KiB/s 00:00 [-----------------------------------------------------------------------------------------------------------------------] 100%
 extra                                                                                                                                                              8,3 MiB  8,53 MiB/s 00:01 [-----------------------------------------------------------------------------------------------------------------------] 100%
 community                                                                                                                                                         45,0   B   276   B/s 00:00 [-----------------------------------------------------------------------------------------------------------------------] 100%
 multilib                                                                                                                                                         139,5 KiB   581 KiB/s 00:00 [-----------------------------------------------------------------------------------------------------------------------] 100%
resolving dependencies...
looking for conflicting packages...

Package (2)                      New Version  Net Change

core/archlinux-keyring           20231222-1     1,65 MiB
endeavouros/endeavouros-keyring  20231222-1     0,01 MiB

Total Installed Size:  1,66 MiB

:: Proceed with installation? [Y/n] 
(2/2) checking keys in keyring                                                                                                                                                                [-----------------------------------------------------------------------------------------------------------------------] 100%
downloading required keys...
:: Import PGP key 6D42BDD116E0068F, "Christian Hesse <eworm@archlinux.org>"? [Y/n] 
:: Import PGP key A367FB01AE54040E, "manuel <manuel@endeavouros.com>"? [Y/n] 
(2/2) checking package integrity                                                                                                                                                              [-----------------------------------------------------------------------------------------------------------------------] 100%
error: archlinux-keyring: signature from "Christian Hesse <eworm@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20231222-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: endeavouros-keyring: signature from "manuel <manuel@endeavouros.com>" is unknown trust
:: File /var/cache/pacman/pkg/endeavouros-keyring-20231222-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

So, I changed SigLevel = TrustAll in /etc/pacman.conf and that allowed me to reinstall the archlinux-keyring package

set it back after fixing…

and only to give the info… do not post in old threads… i only find this by accident…
Better open a new one and link to one with similar issue if needed.

And indeed welcome at the forum!

Thanks so much to Jonathon! I wound up having to clear out the pacman keyring as instructed, and then was able to update. Saved me from needing to do a fresh install!