Issues with “signature is marginal trust”, "signature is unknown trust", or “invalid or corrupted package”

If you're getting an error similar to "Can’t update: signature from *** is marginal trust" or "invalid or corrupted package" you probably just need to update your package signing keys:

sudo pacman -Sy archlinux-keyring chaotic-keyring
sudo pacman -Syu

If you have added any other repositories, e.g. BlackArch, then add their keyring to the list.

Also make sure your system clock is correct!

Of course, it's also possible that the package file actually is corrupt. Remove it from /var/cache/pacman/pkg/ so pacman will download it again.

If no package file is explicitly mentioned in the output then you may have an incomplete download. Run sudo rm /var/cache/pacman/pkg/*.part to remove any partial downloads.

Sometimes, refreshing the keys can help.

sudo pacman-key --refresh-keys

If --refresh-keys doesn't work (for whatever reason) try:

sudo pacman-key --refresh-keys --keyserver hkps://

This uses a different keyserver than the default so might work better depending on your internet connection. Other keyservers may work better depending on where you are, e.g.

If you have any other errors, you can clear out the pacman keyring and start fresh:

sudo rm -fr /etc/pacman.d/gnupg
sudo pacman-key --init
sudo pacman-key --populate archlinux chaotic
sudo pacman -Syy archlinux-keyring chaotic-keyring
sudo pacman -Syu

And if this still doesn't work, and you trust that the packages are actually correct and not corrupt and haven't been interfered with, then you can force (re)installation of the keyring packages from your cache:

sudo pacman -U /var/cache/pacman/pkg/{archlinux,chaotic}-keyring*.pkg.tar.zst

then try again.

If you don't have them in your cache then download them first. As above, include any keyrings for third-party repos you have added to your system.

If you're installing an AUR package a PGP key can be used to verify the source files. You will need to import this into your personal keyring before it can be verified. If you don't you'll get an error similar to:

llvm-5.0.0.src.tar.xz ... FAILED (unknown public key 0FC3042E345AD05D)
libcxx-5.0.0.src.tar.xz ... FAILED (unknown public key 0FC3042E345AD05D)
libcxxabi-5.0.0.src.tar.xz ... FAILED (unknown public key 0FC3042E345AD05D)

To "fix" this, simply import the key:

gpg --recv-key 0FC3042E345AD05D
Invalid or corrupted package (PGP signature):
Chaotic keyring update
Missing PGP signature forbids update
Errors with pamac update
Every Package fails
Dual boot garuda linux
Netdiscover error--> SOLVED
Fresh install, not saving settings between restart + odd errors
Mugshot, key is unknown
Invalid or corrupted package (PGP signature):
Invalid or corrupted package (PGP signature):
Pacman-init.service takes long time at boot recently
Install and Update of package
Pamac Update Fail
Unable to install/update anything in latest Garuda Linux Gaming
Cannot Update Garuda Linux PGP Key is Corrupt
Cannot Update Garuda Linux PGP Key is Corrupt
Keyring errors on Add/Remove software
Issues updating Garuda
Trouble after upgrade
Error saying that my packages are corrupted (either invalid or corrupted)
Error saying that my packages are corrupted (either invalid or corrupted)
Fresh Install of Garuda Dragonized and can't update with -Syyu on either Pacman or Yay
Invalid or Corrupted Package (after following the FAQ)
Pacman and pamac not working properly for me
Update failing
Errors with pamac update
Errors with pamac update
Failed to many errors to update
Everything about packages
Conflict during update
Can not update Garuda
New Application Starting error
Problems updating
Can't update anymore after restoring SnapShot
BlackArch key broken, can't use pacman
Can´t Update my system
Can't install any thing
Garuda-common-settings and systemd-swap are in conflict
Garuda-common-settings and systemd-swap are in conflict
Update Problem with libcanberra
Installing playonlinux
Issue While updating Garuda Linux (key "FCF3C8CB5CF9C8D4" could not be looked up remotely)
Update failed, *.pkg.tar.zst is corrupted
Errors when running application using terminal / yakuaza
Unable to install anbox in any manner
Unable to install anbox in any manner
Update fails: invalid or damaged package
Can't upgrade system after fresh install (corrupted package)
Corrupt packages
Spdlog update failure
Error: failed to synchronize all databases (invalid or corrupted database (PGP signature))
Cannot start garuda after force update
Telegram desktop
Trouble installing nginx-rtmp from the AUR
KDE - random screen capture to wallpaper quirk
Blackarch: signature from "Levon 'noptrix'
Garuda update signature problem
Bluetooth issue
Error when committing transaction while updating
Things broke
Failed to synchronize all databases (the database is invalid or corrupt (PGP signature))
No user ID for key signature packet of class 10
Can't upgrade because of signature issue
Corupted PGP Signature systemd-oomd-defaults
Error: key "0706B90D37D9B881" could not be looked up remotely
Retroarch-autoconfig-udev-git invalid or corrupted package
Could not open file /var/lib/pacman/local/g
Where garuda wayfire edition? / Dont work updates GPG KEY / wlroots depency
[Solved] SMPlayer fails to show video
Files in hard disk deleted
FAQ and Tutorials Table of Contents
Reinstall All Package: signature is invalid
Updating is broken
Garuda-hooks corrupted?
Getting error with sudo pacman -Syu
Problem with upgrade in fresh instalation
Electronmail causing update failure

really u are the great
i was unable to solve it from many time


Please dont necrobump old threads :wink:
Also welcome to Garuda Linux, nice to see you are enjoying it :blush: