A simple guide to fix the “invalid or corrupted package” error in Arch Linux.
I have a few Arch Linux systems in both physical and VM setup, which I access when needed. After almost two months, when I tried to upgrade the Arch Linux in one of them using
sudo pacman -Syu, I got hundreds of errors like this:
The problem is when you get the above error, you can not upgrade/update your Arch system. Even if you sync the mirrors or get a faster one. So, if you run
sudo pacman -Syyu, the error will still be there. This is also problematic since you can’t install any additional packages until this is fixed.
When you install or upgrade packages on an Arch Linux system, pacman checks the digital signatures of the packages against the keys in the
archlinux-keyring package. This verification process ensures that the packages you download and install are unmodified and come from trusted sources.
It contains the public keyring used to verify the authenticity and integrity of packages and in pacman. The
archlinux-keyring package is regularly updated by the Arch Linux developers to include new trusted keys and revoke any compromised keys.
If you have not updated your Arch Linux system for a longer period, then the digital signatures of various packages may mismatch. The changed keys may not match what you have in your system.
Hence the error.
To fix “invalid or corrupted package (PGP signature)” error in Arch Linux, you need to install/update the
archlinux-keyring package from the
Core repo. Run the following from the terminal:
sudo pacman -S archlinux-keyring
After the above command is complete, run the upgrade:
sudo pacman -Syu
This will resolve the problem, and you can continue your normal activity in Arch Linux. It’s recommended to always keep the
archlinux-keyring package up to date to maintain the security and integrity of your Arch Linux system.