Warning/Error during system update (Public keyring not found / signature is unknown trust)

Wanted to do a system update today and running into the following issue:

:: Proceed with installation? [Y/n] Y
:: Retrieving packages...
 mesa-1:23.1.8-1-x86_64                          15,1 MiB  16,8 MiB/s 00:01 [------------------------------------------] 100%
 lib32-mesa-1:23.1.8-1-x86_64                    13,2 MiB  29,0 MiB/s 00:00 [------------------------------------------] 100%
 gst-plugins-bad-libs-1.22.6-1-x86_64             2,4 MiB  22,4 MiB/s 00:00 [------------------------------------------] 100%
 gst-plugins-base-libs-1.22.6-1-x86_64            2,2 MiB  12,8 MiB/s 00:00 [------------------------------------------] 100%
 gstreamer-1.22.6-1-x86_64                     1836,4 KiB  17,4 MiB/s 00:00 [------------------------------------------] 100%
 lib32-gst-plugins-base-libs-1.22.6-1-x86_64   1592,9 KiB  15,1 MiB/s 00:00 [------------------------------------------] 100%
 freerdp-2:2.11.2-1-x86_64                     1589,4 KiB  14,5 MiB/s 00:00 [------------------------------------------] 100%
 shadow-4.14.0-3-x86_64                        1171,9 KiB  16,3 MiB/s 00:00 [------------------------------------------] 100%
 gst-plugins-bad-1.22.6-1-x86_64               1112,0 KiB  17,2 MiB/s 00:00 [------------------------------------------] 100%
 lib32-gstreamer-1.22.6-1-x86_64               1038,7 KiB  10,6 MiB/s 00:00 [------------------------------------------] 100%
 lib32-sqlite-3.43.1-1-x86_64                   693,6 KiB  11,3 MiB/s 00:00 [------------------------------------------] 100%
 lib32-vkd3d-1.9-1-x86_64                       410,8 KiB  6,69 MiB/s 00:00 [------------------------------------------] 100%
 rsync-3.2.7-5-x86_64                           335,3 KiB  4,25 MiB/s 00:00 [------------------------------------------] 100%
 gst-plugins-base-1.22.6-1-x86_64               322,2 KiB  4,49 MiB/s 00:00 [------------------------------------------] 100%
 lib32-gmp-6.3.0-1-x86_64                       290,8 KiB  3,74 MiB/s 00:00 [------------------------------------------] 100%
 virtualbox-host-modules-arch-7.0.10-18-x86_64  273,7 KiB  2,52 MiB/s 00:00 [------------------------------------------] 100%
 lib32-libcups-2.4.7-1-x86_64                   246,1 KiB  2,58 MiB/s 00:00 [------------------------------------------] 100%
 gst-plugins-ugly-1.22.6-1-x86_64               211,4 KiB  3,13 MiB/s 00:00 [------------------------------------------] 100%
 libsecret-0.21.1-1-x86_64                      188,7 KiB  2,39 MiB/s 00:00 [------------------------------------------] 100%
 gst-libav-1.22.6-1-x86_64                       95,5 KiB  1447 KiB/s 00:00 [------------------------------------------] 100%
 lib32-libva-2.20.0-1-x86_64                     86,4 KiB  1543 KiB/s 00:00 [------------------------------------------] 100%
 python-python-socks-2.4.2-1-any                 79,8 KiB  1140 KiB/s 00:00 [------------------------------------------] 100%
 lib32-tdb-1.4.9-1-x86_64                        42,3 KiB   741 KiB/s 00:00 [------------------------------------------] 100%
 gtk-update-icon-cache-1:4.12.2-1-x86_64         17,4 KiB   259 KiB/s 00:00 [------------------------------------------] 100%
 python-aiohttp-socks-0.8.2-1-any                16,5 KiB   275 KiB/s 00:00 [------------------------------------------] 100%
 python-trove-classifiers-2023.9.19-1-any        14,9 KiB   266 KiB/s 00:00 [------------------------------------------] 100%
 filesystem-2023.09.18-1-any                     14,4 KiB   425 KiB/s 00:00 [------------------------------------------] 100%
 lib32-libxss-1.2.4-1-x86_64                      6,9 KiB   116 KiB/s 00:00 [------------------------------------------] 100%
 pambase-20230918-1-any                           3,1 KiB  55,2 KiB/s 00:00 [------------------------------------------] 100%
 vivaldi-6.2.3105.51-1-x86_64                   102,8 MiB  15,8 MiB/s 00:06 [------------------------------------------] 100%
 chromium-117.0.5938.92-2-x86_64                 93,2 MiB  14,0 MiB/s 00:07 [------------------------------------------] 100%
 linux-headers-6.5.4.arch2-1-x86_64              24,5 MiB  3,65 MiB/s 00:07 [------------------------------------------] 100%
 linux-6.5.4.arch2-1-x86_64                     127,4 MiB  7,22 MiB/s 00:18 [------------------------------------------] 100%
 Total (33/33)                                  392,4 MiB  22,2 MiB/s 00:18 [------------------------------------------] 100%
(33/33) checking keys in keyring                                            [------------------------------------------] 100%
warning: Public keyring not found; have you run 'pacman-key --init'?
(33/33) checking package integrity                                          [------------------------------------------] 100%
error: filesystem: signature from "David Runge <dvzrv@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/filesystem-2023.09.18-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 

Is that a general issue or only on my system? How should I proceed? Should I interrupt the update with “CRTL + C”? Is that safe to do at this point?

Never had such an issue during an update so some guidance would be appreciated.

Not sure if I can help, though have you tried running pacman-key --init as stated by pacman? There seem to be an issue with one of the PGP signatures of one of the maintainers.

Also, has the update proceeded or it aborted?

I updated minutes ago without any issue.

Try this then update
pacman -Sy archlinux-keyring

The update is currently still at the above mentioned question/step:

warning: Public keyring not found; have you run 'pacman-key --init'?
(33/33) checking package integrity                                          [------------------------------------------] 100%
error: filesystem: signature from "David Runge <dvzrv@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/filesystem-2023.09.18-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]

Is it safe to just cancel the update with “CTRL + C” at this point?

I think so as it hasn’t actually updated anything yet it’s only downloaded the packages, I would normally just hit “n” and let it cancel out by itself

❯ sudo pacman -Sy archlinux-keyring
:: Synchronizing package databases...
 endeavouros is up to date
 core is up to date
 extra is up to date
 community is up to date
 multilib is up to date
warning: archlinux-keyring-20230918-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Package (1)             Old Version  New Version  Net Change

core/archlinux-keyring  20230918-1   20230918-1     0,00 MiB

Total Installed Size:  1,62 MiB
Net Upgrade Size:      0,00 MiB

:: Proceed with installation? [Y/n] Y
(1/1) checking keys in keyring                                              [------------------------------------------] 100%
warning: Public keyring not found; have you run 'pacman-key --init'?
downloading required keys...
error: keyring is not writable
error: required key missing from keyring
error: failed to commit transaction (could not find or read file)
Errors occurred, no packages were upgraded.


Sorry I missed this before and see what @Noctem was referring to, try running this then see if can update

sudo pacman-key --init
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key…
gpg: revocation certificate stored as ‘/etc/pacman.d/gnupg/openpgp-revocs.d/73100B7AC6F89462A1E386FDD42D6758176F2E66.rev’
gpg: Done
==> Updating trust database…
gpg: public key of ultimately trusted key 69AB3CF722FEA55C not found
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
==> ERROR: Trust database could not be updated.

I don’t know why but something seems to be broken on my system… :fearful:

Hmm, this is a bit beyond me, the closest soultion I can find on the forum is this (I’d read through the whole post). Sorry I can’t be of anymore help at the moment.

Yeah, after looking through this thread I tried the solution of @pebcak and now it works again.

This is what I did:

sudo mv /etc/pacman.d/gnupg /etc/pacman.d/gnupg.bak
sudo pacman-key --init
sudo pacman-key --populate archlinux endeavouros
sudo pacman -Syy archlinux-keyring endeavouros-keyring
sudo pacman -Su

So, from what I gather, these commands are like giving the keyring a fresh start. I’m a bit puzzled why this was the way to go, though. :thinking: If anyone’s got some insights into what might have tangled up my keyring in the first place, I’m all ears!


Glad to hear you were able to solve it

1 Like

Yeah, thank you and @Noctem for helping me.

1 Like

I always follow this when these issues pop up:

[FAQ] Issues with “signature is marginal trust”, “signature is unknown trust”, or “invalid or corrupted package” - General system / Newbie - EndeavourOS


This also fixed the issue for me. What I am curious to know is why this happened on a freshly installed system with no changes or customizations made.

New Arch user, loving it so far.

EDIT: while the fix did seem to work as far as updating/upgrading is concerned I now have a new problem.

The laptop will not shut down gracefully and I am forced to do a manual hard power down.

As I said, this is a fresh install with no changes. I then reinstalled the system and powering off is normal, i.e. gracefully.

If anyone knows what happened or how to prevent the issue I would be more than happy to know.

1 Like

Welcome to the forum @rubi1200 :wave: