ArchLinux Signature Error


When updating archlinux using:

sudo pacman -Syu

I sometimes get an error message that looks something like this:

error: zstd: signature from "Andrzej Giniewicz (giniu) <>" is marginal trust
:: File /var/cache/pacman/pkg/zstd-1.3.2-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] Y
error: failed to commit transaction (invalid or corrupted package (PGP signature))
Errors occurred, no packages were upgraded.

Pacman uses a collection of PGP keys which check signed packages and databases. If a key is corrupted or invalid, a package cannot be installed or updated. In the example presented above, the package zstd prevented my whole system from getting upgraded.

To fix this, you try to update the keys using the following:

sudo pacman -Sy archlinux-keyring
sudo pacman-key --populate archlinux
sudo pacman-key --refresh-keys

The source for this fix is from here:source