I ran into this update problem:
(195/195) checking package integrity [##########################################] 100%
error: firefox: signature from "Artix Buildbot <[email protected]>" is invalid
:: File /var/cache/pacman/pkg/firefox-103.0.1-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: mxml: signature from "David Runge <[email protected]>" is marginal trust
:: File /var/cache/pacman/pkg/mxml-3.3.1-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: yoshimi: signature from "David Runge <[email protected]>" is marginal trust
:: File /var/cache/pacman/pkg/yoshimi-2.2.1-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.
Not knowing any better I -R emoved the offending packages and then completed the update. Following that I reinstalled the same offending packages of which the same version numbers that were unacceptable for the update installed without any problems.
I'm not sure this is the proper way to handle the situation...
You probably hadn't updated the last couple of weeks with -Syu. And there were *-keyring with updates. If you see new keyring packages, take those first. These issues/errors are likely on the web somewhere too.
You didn't have to remove those packages.
Recently got into same problem. The solution was to add universe repo and update archlinux-keyring from there