If you're getting an error similar to "Can’t update: signature from *** is marginal trust
" or "invalid or corrupted package
" you probably just need to update your package signing keys:
sudo pacman -Sy archlinux-keyring chaotic-keyring
sudo pacman -Syu
If you have added any other repositories, e.g. BlackArch, then add their keyring to the list.
Also make sure your system clock is correct!
Of course, it's also possible that the package file actually is corrupt. Remove it from /var/cache/pacman/pkg/
so pacman
will download it again.
If no package file is explicitly mentioned in the output then you may have an incomplete download. Run sudo rm /var/cache/pacman/pkg/*.part
to remove any partial downloads.
Sometimes, refreshing the keys can help.
sudo pacman-key --refresh-keys
If --refresh-keys
doesn't work (for whatever reason) try:
sudo pacman-key --refresh-keys --keyserver hkps://keyserver.ubuntu.com
This uses a different keyserver than the default so might work better depending on your internet connection. Other keyservers may work better depending on where you are, e.g. keyserver.ubuntu.com
If you have any other errors, you can clear out the pacman keyring and start fresh:
sudo rm -fr /etc/pacman.d/gnupg
sudo pacman-key --init
sudo pacman-key --populate archlinux chaotic
sudo pacman -Syy archlinux-keyring chaotic-keyring
sudo pacman -Syu
And if this still doesn't work, and you trust that the packages are actually correct and not corrupt and haven't been interfered with, then you can force (re)installation of the keyring packages from your cache:
sudo pacman -U /var/cache/pacman/pkg/{archlinux,chaotic}-keyring*.pkg.tar.zst
then try again.
If you don't have them in your cache then download them first. As above, include any keyrings for third-party repos you have added to your system.
If you're installing an AUR package a PGP key can be used to verify the source files. You will need to import this into your personal keyring before it can be verified. If you don't you'll get an error similar to:
[...]
llvm-5.0.0.src.tar.xz ... FAILED (unknown public key 0FC3042E345AD05D)
libcxx-5.0.0.src.tar.xz ... FAILED (unknown public key 0FC3042E345AD05D)
libcxxabi-5.0.0.src.tar.xz ... FAILED (unknown public key 0FC3042E345AD05D)
[...]
To "fix" this, simply import the key:
gpg --recv-key 0FC3042E345AD05D