Skip to main content
Topic solved
This topic has been marked as solved and requires no further attention.
Topic: Some packages in the repository have bad/corrupted signatures (Read 142 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Some packages in the repository have bad/corrupted signatures

I just recently installed Artix and everything went fine. However, some packages have bad/corrupted signatures. For example, dep, dmenu, and dzen2 have bad/corrupted signatures according to pacman. Here's the output when I try to install them.

Packages (1) dep-0.5.0-2

Total Installed Size:  12.98 MiB

:: Proceed with installation? [Y/n] Y
(1/1) checking keys in keyring                      [##########################] 100%
(1/1) checking package integrity                    [##########################] 100%
error: dep: signature from "Eli Schwartz <[email protected]>" is unknown trust
:: File /var/cache/pacman/pkg/dep-0.5.0-2-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).

Packages (2) dmenu-git-4.9.5.gdb6093f-1 [removal]  dmenu-4.9-1

Total Download Size:   0.02 MiB
Total Installed Size:  0.08 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n]
:: Retrieving packages...
 dmenu-4.9-1-x86_64         19.9 KiB   864K/s 00:00 [##########################] 100%
(1/1) checking keys in keyring                      [##########################] 100%
(1/1) checking package integrity                    [##########################] 100%
error: dmenu: signature from "Levente Polyak (anthraxx) <[email protected]>" is unknown trust
:: File /var/cache/pacman/pkg/dmenu-4.9-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).


Packages (1) dzen2-0.9.5.14.488ab66-1

Total Download Size:   0.03 MiB
Total Installed Size:  0.15 MiB

:: Proceed with installation? [Y/n] Y
:: Retrieving packages...
 dzen2-0.9.5.14.488ab...    33.7 KiB  1249K/s 00:00 [##########################] 100%
(1/1) checking keys in keyring                      [##########################] 100%
(1/1) checking package integrity                    [##########################] 100%
error: dzen2: signature from "Levente Polyak (anthraxx) <[email protected]>" is unknown trust
:: File /var/cache/pacman/pkg/dzen2-0.9.5.14.488ab66-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).

Re: Some packages in the repository have bad/corrupted signatures

Reply #1
In general when there is signature error I check if the package "archlinux-keyring" is up to date and update if needed.
Code: [Select]
pacman -Syy archlinux-keyring
It fixes my problems in 99% of cases.
Mna is as good as his tools.

Re: Some packages in the repository have bad/corrupted signatures

Reply #2
That worked, thanks! But I ran pacman -S archlinux-keyring instead of pacman -Syy archlinux-keyring. Wouldn't the latter command be a bad idea since it would be a partial upgrade? I know on Arch partial upgrades are strongly recommended against. Does Artix support partial upgrades better than Arch?

EDIT: Also, shouldn't archlinux-keyring be a dependency of packages that need it, like dzen2, dmenu and dep?

Re: Some packages in the repository have bad/corrupted signatures

Reply #3
Quote
Partial upgrade ?
I do not think so, this package should contain only keyrings.

Code: [Select]
pacman -Syy <package>
This command only updates your package database, to make sure you install the latest version.
I chose "-Syy" to forcefully update you package database.
In the end it is up to you to decide what is appropriate.

Quote
EDIT: Also, shouldn't archlinux-keyring be a dependency of packages that need it, like dzen2, dmenu and dep?
pacman depends on it, only pacman is actively using it in most cases.
If you want to change it,  please contact Arch developers first.

This is so common problem that is has few lines on Arch wiki:
https://wiki.archlinux.org/index.php/Pacman#Signature_from_%22User_%[email protected]%3E%22_is_unknown_trust,_installation_failed
And few line on Artix wiki:
https://wiki.artixlinux.org/Main/Troubleshooting#Invalid_or_corrupted_packages_.28PGP_signature.29

I told you what I do first to fix such problems.
Mna is as good as his tools.

Re: Some packages in the repository have bad/corrupted signatures

Reply #4
Ok, thanks