Issues with “signature is marginal trust” or “invalid or corrupted package”

If you're getting an error similar to "Can’t update: signature from *** is marginal trust" or "invalid or corrupted package" you probably just need to update your package signing keys:

sudo pacman -Sy archlinux-keyring chaotic-keyring
sudo pacman-key --populate archlinux chaotic
sudo pacman-key --refresh-keys
sudo pacman -Syu

If one fails, try the next then retry , and once all succeed retry the operation.

Of course, it's also possible that the package file actually is corrupt. Remove it from /var/cache/pacman/pkg so pacman will download it again.

If no package file is explicitly mentioned then you may have an incomplete download. Run sudo rm /var/cache/pacman/pkg/*.part to remove any partial downloads.

If --refresh-keys doesn't work (for whatever reason) try:

sudo pacman-key --refresh-keys --keyserver hkps://

This uses a different keyserver than the default so might work better depending on your internet connection. Other keyservers may work better depending on where you are, e.g.

If you have any other errors, there's the "final option":

sudo rm -fr /etc/pacman.d/gnupg
sudo pacman-key --init
sudo pacman-key --populate archlinux chaotic
sudo pacman-key --refresh-keys
sudo pacman -Syyu

And if this still doesn't work, and you trust that the packages are actually correct and not corrupt and haven't been interfered with, then you can force (re)installation of the keyring packages:

sudo pacman -U /var/cache/pacman/pkg/{archlinux,chaotic}-keyring*.pkg.tar.zst

then try again.

If you're installing an AUR package a PGP key can be used to verify the source files. You will need to import this into your personal keyring before it can be verified. If you don't you'll get an error similar to:

llvm-5.0.0.src.tar.xz ... FAILED (unknown public key 0FC3042E345AD05D)
libcxx-5.0.0.src.tar.xz ... FAILED (unknown public key 0FC3042E345AD05D)
libcxxabi-5.0.0.src.tar.xz ... FAILED (unknown public key 0FC3042E345AD05D)

To "fix" this, simply import the key:

gpg --recv-key 0FC3042E345AD05D