Getting error File /var/cache/pacman/pkg/garuda-setup-assistant-r24.1ab4be6-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature))

New to Garuda and Arch linux in general. Trying to update the system. Any guidance or help will be appreciated.

Run the command sudo pacman -Syyuu (which was suggested in another forum for this issue) I get the following:

Total Download Size:      0.01 MiB
Total Installed Size:  5337.80 MiB
Net Upgrade Size:        48.18 MiB

:: Proceed with installation? [Y/n]
:: Retrieving packages...
 garuda-setup-assistant-r24.1ab4be6-1-any                        10.3 KiB  0.00   B/s 00:00 [------------------------------------------------------]  99%
(478/478) checking keys in keyring                                                          [------------------------------------------------------] 100%
(478/478) checking package integrity                                                        [------------------------------------------------------] 100%
error: garuda-setup-assistant: signature from "Pedro Henrique Lara Campos <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/garuda-setup-assistant-r24.1ab4be6-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.

What happens of you just delete the corrupted package?
And welcome btw :smiley:

Package deleted and downloaded again but same Error

1 Like

Looks like an issue with the ChaoticAUR package database.... @lolimancer ?

1 Like

I just installed Garuda on a new system for the first time. Did experience the upgrade failure referenced here:

And I'm now getting this error too. It may have been a result of the rebuild mentioned in the above thread. I have cleared my package cache, and rebuilt the database as suggested. I am still receiving the same error as the OP.

1 Like

I rebuild the package, try again please
On my system it installs fine :eyes:


It is now working on my system. Whatever you did, you did it well. Thank-you

1 Like

This has been a reoccurring issue, I had to ask a Chaotic-AUR to rebuild a few packages recently too, I wonder what's causing this :thinking:


there seems to be a few threads on this

I assume it involves keyrings, but the repo maintainers should know better.


Essentially, the entry in the database does not match the package on disk.

This normally results in one of two things:

  1. Signature does not match ("invalid or corrupted package"); file is same size or smaller than database entry;
  2. File size does not match ("filesize exceeded"); file is larger than database entry filesize.
1 Like

Thank you, whatever you did worked. I only just now got to try updating again and it all worked.


Yea, but that doesn't really answer WHY it's happening in the first place :thinking:


Possibly a race condition on the builder (e.g. two repo-add operations running at the same time)?