Error when committing transaction while updating

Hi
Absolute newbie here, so apologies in advance for any mistakes.
Background:
I installed Garuda Linux on my old laptop sometime ago and use it as my personal laptop (browsing, sending long emails, etc.)
Recently, I tried to update Brave and got a message asking me to do a full update.
When I tried this, I get the following message.
Essentially, it downloads all the updates, the keys and then throws an error message saying that the signature is unknown trust and ends with an error saying “Could not commit transaction. Invalid or corrupt package PGP signature”
Sample error message:
Error: ananicy-rules-git: signature from “Nico Jensch (Chaotic-AUR) [email protected]” is unknown trust

I googled this message and executed
sudo pacman -S archlinux-keyring && sudo pacman -Syu per suggestion here:
https://www.reddit.com/r/GarudaLinux/comments/qhabr8/corrupted_package_integrity_after_running_sudo/

Got the same errors.

I searched this forum and found this thread, which doesn’t seem to apply to my situation.

At this point, I admit I am way in over my head and will ask for help.

Does anyone know how I can get rid of these errors and update my system?

Thanks a lot for your patience

Hi there, welcome.
Try update from terminal.
If not working, try

sudo pacman-key --refresh-keys

Out of curiosity, exactly how long has it been between updates. The longer you leave it, the more issues you tend to encounter. Weeks between updates isn't so bad, but months between updates makes things much harder.

Thank you very much for replying.
I tried this, but unfortunately, I got the following error.

gpg: refreshing 131 keys from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: A specified local key could not be updated from a keyserver.

I must confess it has been a few months.
Is my best bet a back up of all of my files followed by a reinstall?

Don’t give up for this!
There are a few other suggestions here

I just did this
sudo pacman-key --keyserver keys.openpgp.org --refresh-keys
It is running...
Fingers crossed.
Thank you for setting me on the right track.

So, here's what I got (edited for clarity):
gpg: refreshing 131 keys from hkp://keys.openpgp.org
gpg: Total number processed: 130
gpg: unchanged: 22
gpg: new signatures: 1
gpg: signatures cleaned: 1

gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 7 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 7 signed: 83 trust: 1-, 0q, 0n, 6m, 0f, 0u
gpg: depth: 2 valid: 79 signed: 26 trust: 79-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2022-01-20
==> ERROR: A specified local key could not be updated from a keyserver.

And the key that was causing me issues is not in the list of updated/unchanged keys

"Nico Jensch (Chaotic-AUR) [email protected]"

Try
sudo pacman -S chaotic-keyring

Thanks a lot for replying.

Tried that, got the same error that I get when I try to update the system

error: chaotic-keyring: signature from “Nico Jensch (Chaotic-AUR) [email protected]” is unknown trust
:: File /var/cache/pacman/pkg/chaotic-keyring-20210617-2-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature))

Remove this

From my local drive?
It gets deleted when I answer yes to the following prompt.
Here’s the whole dump (And thanks a lot for your patience dealing with a newbie, truly appreciate it)

╰─λ sudo pacman -S chaotic-keyring
resolving dependencies…
looking for conflicting packages…

Packages (1) chaotic-keyring-20210617-2

Total Download Size: 0.02 MiB
Total Installed Size: 0.02 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages…
chaotic-keyring-20210617-2-any 15.9 KiB 0.00 B/s 00:00 [----------------------------------------------------------------------------------------] 100%
(1/1) checking keys in keyring [----------------------------------------------------------------------------------------] 100%
(1/1) checking package integrity [----------------------------------------------------------------------------------------] 100%
error: chaotic-keyring: signature from “Nico Jensch (Chaotic-AUR) [email protected]” is unknown trust
:: File /var/cache/pacman/pkg/chaotic-keyring-20210617-2-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

Either the package is corrupt or you do not have my key added to your system (although I wonder how this could happen ) . If the latter is the case, installing the keyring won't succeed as it is signed with the key as well. To help this, you can fetch it manually:

pacman-key --recv-key FBA220DFC880C036 --keyserver keyserver.ubuntu.com
pacman-key --lsign-key FBA220DFC880C036

Then, the installation of the package should succeed.

That worked!
I got past the error and the system update is running now

So far all good except for two errors, which I don’t think are related to the issues I’ve been having

Upgrading whoogle-git (0.4.1_r339.ga54917e-1 → 0.7.0_r490.gf4b65be-1)…
chown: invalid user: ‘whoogle.whoogle’
Error: whoogle-git: command failed to execute correctly

Failed to write file “/sys/module/pcie_aspm/parameters/policy”: Operation not permitted
Error: command failed to execute correctly

Thanks much
And wow, I get an answer from you!
Really appreciate your help

Apart from some unrelated errors, my update has completed successfully.
Thank you very much
@filo @dr460nf1r3 @tbg for all your help.
Truly appreciate it.

I’m quite sure the whoogle user configuration was introduced at a later version than yours, so afaik it would only be present after a reboot. In case whoogle causes issues, I would suggest executing chown -R whoogle.whoogle /opt/whoogle-search/app/static. The second error can happen on devices which don’t support a specific feature, so it can be ignored. Guess you are good

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.