GPGME Error; failed to commit transaction (invalid or corrupted package (PGP Signature))

sudo pacman -S archlinux-keyring
warning: archlinux-keyring-20240609-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Package (1)             Old Version  New Version  Net Change

core/archlinux-keyring  20240609-1   20240609-1     0.00 MiB

Total Installed Size:  1.66 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] 
:: Retrieving packages...
 archlinux-keyring-20240609-1-any is up to date
(1/1) checking keys in keyring                                 [----------------------------------] 100%
(1/1) checking package integrity                               [----------------------------------] 100%
error: GPGME error: General error
error: archlinux-keyring: missing required signature
:: File /var/cache/pacman/pkg/archlinux-keyring-20240609-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

I’ve tried everything:

  • Deleting /etc/pacman.d/gnupg and sudo pacman-keys --init and --populate
  • Even installing archlinux-keyring seems to not work
  • Updated /etc/pacman.d/mirrorlist
  • Full System Upgrade didn’t work.
  • Clock is okay.

Only thing that works is setting SigLevel = Never.

Why’s this happening? Do I need to keep SigLevel = Never forever? Security concern?

1 Like

Recently, there have been quite a few users reporting on the issue with GPGME error.

Here is a list of recent threads:

Please have a look and see if the suggested solution to this issue works for you as well.

:bangbang: I would also restore the SigLevel option to default: Required DatabaseOptional

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.