I recently came across this issue on my Archmerge installation and figured I would share the fix here since it took me quite some time to figure out the solution. This is not Archmerge specific but rather Arch Linux specific. I started encountering it on Manjaro and Arch based installs right after I tried to install specific packages.
This is what I was getting when trying to install a package that required fzf (in this case, I was running the command:
packer -S pacli
Since this package relied on the fzf package, I got the following error:
error: fzf: signature from "Ambrevar <email@example.com>" is unknown trust :: File /var/cache/pacman/pkg/fzf-0.17.0.2-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
The solution took me a while to figure out, as mentioned, but I did figure it out eventually. To resolve, launch a terminal and paste in the following:
sudo pacman-key --refresh-keys
This will take a while to refresh all of the keys on your system but once it's complete, you should be good to go.