Pacman Reports Corrupt Packages


Recently I did a pacman -Syu system update. The update failed, however,

Output

The output that I got back from pacman included these kinds of errors:

➜ sudo pacman -Syu postgresql
...
:: File /var/cache/pacman/pkg/python-pip-22.2.2-2-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: zita-alsa-pcmi: signature from "David Runge " is marginal trust
:: File /var/cache/pacman/pkg/zita-alsa-pcmi-0.5.1-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.

Well, of course I don't want to take packages on marginal trust! So sure, I deleted them, Y. But that meant that no packages were upgraded.

Update the keyring

The problem was, however, that my own database of package mirrors was out of date. It had been a while.

I had to install the keyring:

➜ sudo pacman -S archlinux-keyring
...
==> Appending keys from archlinux.gpg...
gpg: public key DB323392796CA067 is 3037 days newer than the signature
==> Locally signing trusted keys in keyring...
  -> Locally signed 1 keys.
==> Importing owner trust values...
gpg: setting ownertrust to 4
==> Disabling revoked keys in keyring...
  -> Disabled 3 keys.
==> Updating trust database...
...

This did the trick. After that, keys are golden, fully trusted, and the next pacman command worked like he was chasin' cherries.