How to fix invalid or corrupted package (PGP signature) issues on Arch Linux

By Mike Johnston October 22, 2017 Articles and Editorials

I recently came across this issue on my Archmerge installation and figured I would share the fix here since it took me quite some time to figure out the solution. This is not Archmerge specific but rather Arch Linux specific. I started encountering it on Manjaro and Arch based installs right after I tried to install specific packages.

This is what I was getting when trying to install a package that required fzf (in this case, I was running the command:

packer -S pacli

Since this package relied on the fzf package, I got the following error:

error: fzf: signature from "Ambrevar <ambrevar@gmail.com>" is unknown trust :: File /var/cache/pacman/pkg/fzf-0.17.0.2-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).

The solution took me a while to figure out, as mentioned, but I did figure it out eventually. To resolve, launch a terminal and paste in the following:

sudo pacman-key --refresh-keys

This will take a while to refresh all of the keys on your system but once it's complete, you should be good to go.

Mike Johnston

Mike Johnston Author

Mike started CMS Critic in 2008 and has become a recognizable face and valued expert in the world of content management. He has worked with many small business and enterprises to establish their online presence and to assist with marketing strategies. If you are interested in working with him, drop him a line.

About CMS Critic

CMS Critic is one of the top resources on the web for unbiased, honest reviews. Since 2008, we've provided a resource for readers worldwide to find information, get advice and discover the latest news about software, hardware and services such as Content Management Systems, Website Builders, Linux Distributions and much more. To learn how to contribute or work with us, drop us a line.

Follow Us