News & Headlines

How to fix invalid or corrupted package (PGP signature) issues on Arch Linux

I recently came across this issue on my Archmerge installation and figured I would share the fix here since it took me quite some time to figure out the solution. This is not Archmerge specific but rather Arch Linux specific. I started encountering it on Manjaro and Arch based installs right after I tried to install specific packages.

This is what I was getting when trying to install a package that required fzf (in this case, I was running the command:

packer -S pacli

Since this package relied on the fzf package, I got the following error:

error: fzf: signature from "Ambrevar <>" is unknown trust :: File /var/cache/pacman/pkg/fzf- is corrupted (invalid or corrupted package (PGP signature)).

The solution took me a while to figure out, as mentioned, but I did figure it out eventually. To resolve, launch a terminal and paste in the following:

sudo pacman-key --refresh-keys

This will take a while to refresh all of the keys on your system but once it's complete, you should be good to go.

Mike is the founder and editor of CMS Critic. He consults with vendors and the public to help them find the right products for their websites and businesses. When he's not working here, he's off mixing cocktails for his wife's website, The Kitchen Magpie. You can check out some of his great cocktail shots over on Instagram.