14

I'm trying to do a full system upgrade using pacman -Syu. It says:

:: File /var/cache/pacman/pkg/turbulence-0.3.5-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). 
Do you want to delete it? [Y/n]

Is there a way to fix this?

Matthias Braun
  • 32,039
  • 22
  • 142
  • 171
Cayle
  • 199
  • 1
  • 1
  • 11

3 Answers3

27

There are tons of topics out there that say you should edit the pacman.config file and remove the PGP key checks entirely but it's not a good idea.

simply run this command and wait for refreshing your keys by downloading them from the servers:

$ sudo pacman-key --refresh-keys

and then proceed with you full system upgrade sudo pacman -Syu

Arash Milani
  • 6,149
  • 2
  • 41
  • 47
  • 6
    This fixed everything for me. It's just as easy as telling pacman to ignore key checks, but is more secure, so it seems silly to *not* use this solution. – Ponkadoodle Jan 24 '16 at 23:11
  • 3
    For me any of those solutions didn't help, so shortcut to bypass integrity checks is changing `/etc/pacman.conf` SigLevel to `SigLevel = Never TrustAll` Do this at your own risk! :-D – rlf89 Aug 18 '22 at 19:45
14

You may also be interested in running pacman-key --populate if the keys are massively out of date or if the other given answer of pacman-key --refresh-keys does not work in practice.

David Birks
  • 163
  • 2
  • 5
Tech1337
  • 1,557
  • 13
  • 16
-1

I ran into this problem when using a (ridiculously) outdated Arch version.

In case anyone else runs into this while using Docker, you can try downloading a fresh image (docker pull archlinux) in lieu of directly refreshing the keys.

I think this is useful because the sibling answers did not work for me.

David Sainez
  • 6,446
  • 1
  • 22
  • 45