Invalid signature, corrupt database

[oscarfv]

oscar@w10x64-vm-sky MINGW64 ~
$ pacman -Suy
:: Synchronizing package databases...
 mingw32               468.8 KiB   652 KiB/s 00:01 [#####################] 100%
 mingw32.sig           119.0   B  0.00   B/s 00:00 [#####################] 100%
 mingw64               471.4 KiB  3.27 MiB/s 00:00 [#####################] 100%
 mingw64.sig           119.0   B  0.00   B/s 00:00 [#####################] 100%
 msys                  189.8 KiB  0.00   B/s 00:00 [#####################] 100%
 msys.sig              438.0   B  0.00   B/s 00:00 [#####################] 100%
error: msys: key "4A6129F4E4B84AE46ED7F635628F528CF3053E04" is unknown
:: Import PGP key 4A6129F4E4B84AE46ED7F635628F528CF3053E04? [Y/n]
error: msys: signature from "David Macek <[email protected]>" is unknown trust
error: failed to update msys (invalid or corrupted database (PGP signature))
error: failed to synchronize all databases

oscar@w10x64-vm-sky MINGW64 ~
$ pacman -Suy
error: msys: signature from "David Macek <[email protected]>" is unknown trust
:: Synchronizing package databases...
 mingw32 is up to date
 mingw64 is up to date
 msys                  189.8 KiB   450 KiB/s 00:00 [#####################] 100%
 msys.sig              438.0   B  0.00   B/s 00:00 [#####################] 100%
error: msys: signature from "David Macek <[email protected]>" is unknown trust
error: failed to update msys (invalid or corrupted database (PGP signature))
error: failed to synchronize all databases

oscar@w10x64-vm-sky MINGW64 ~
$

[oscarfv]

In the Arch forum it was suggested that pacman-key --refresh-keys is a possible solution for this. Didn't work.

[maxnelso]

I think I have a similar issue, which I outlined here: msys2/MINGW-packages#6717.

[lazka]

See https://www.msys2.org/news/#2020-06-29-new-packagers

[oscarfv]

See https://www.msys2.org/news/#2020-06-29-new-packagers

That worked for me, thank you @lazka. Also thanks to you and @elieux for becoming packagers!

I'm not closing this issue to give this change more visibility. Feel free to close it when you decide that it is not useful anymore.

[lovetox]

If i follow the guide from the homepage, the keyring verification fails

see: https://ci.appveyor.com/project/lovetox/gajim/builds/34604241/job/6b9d0ab7m4925v56

[lazka]

@lovetox see msys2/msys2.github.io@49cb77c. Looks like pacman-key argument handling has changed some versions ago.

[belegdol]

Correct. The version shipped with appveyor takes just one argument, the signature:
https://github.com/mamedev/mame/blob/master/.appveyor.yml

[sdbbs]

I was originally having this problem, but while I was writing this post, it got fixed, so I just post this for reference.

I updated via pacman -Syu yesterday, all was fine.

Today I get this error, and I found this bug, and I'm trying to follow the steps:

$ pacman -Syu
error: msys: signature from "David Macek <[email protected]>" is invalid
:: Synchronizing package databases...
 mingw32 is up to date
 mingw64 is up to date
 msys                  205.6 KiB   461 KiB/s 00:00 [#####################] 100%
 msys.sig              438.0   B  0.00   B/s 00:00 [#####################] 100%
error: msys: signature from "David Macek <[email protected]>" is invalid
error: failed to update msys (invalid or corrupted database (PGP signature))
error: failed to synchronize all databases

$ curl -O http://repo.msys2.org/msys/x86_64/msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 61344  100 61344    0     0   103k      0 --:--:-- --:--:-- --:--:--  103k

$ curl -O http://repo.msys2.org/msys/x86_64/msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz.sig
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   119  100   119    0     0    319      0 --:--:-- --:--:-- --:--:--   319

$ pacman-key --verify msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz.sig
==> Checking msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz.sig... (detached)
gpg: Signature made Mon, Jun 29, 2020  7:36:14 AM CEST
gpg:                using DSA key AD351C50AE085775EB59333B5F92EFC1A47D45A1
gpg: Good signature from "Alexey Pavlov (Alexpux) <[email protected]>" [full]

$ pacman -U msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz
error: msys: signature from "David Macek <[email protected]>" is invalid
error: database 'msys' is not valid (invalid or corrupted database (PGP signature))
loading packages...
warning: msys2-keyring-r21.b39fb11-1 is up to date -- reinstalling
error: failed to prepare transaction (invalid or corrupted database)

$ pacman -U --config <(echo) msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz
loading packages...
warning: msys2-keyring-r21.b39fb11-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (1) msys2-keyring-r21.b39fb11-1

Total Installed Size:  0.05 MiB
Net Upgrade Size:      0.00 MiB

:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring                                    [###################################] 100%
(1/1) checking package integrity                                  [###################################] 100%
(1/1) loading package files                                       [###################################] 100%
(1/1) checking for file conflicts                                 [###################################] 100%
:: Processing package changes...
(1/1) reinstalling msys2-keyring                                  [###################################] 100%
==> Appending keys from msys2.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signing key 6E8FEAFF9644F54EED90EEA0790AE56A1D3CFDDC...
  -> Locally signing key D55E7A6D7CE9BA1587C0ACACF40D263ECA25678A...
  -> Locally signing key 123D4D51A1793859C2BE916BBBE514E53E0D0813...
  -> Locally signing key B91BCF3303284BF90CC043CA9F418C233E652008...
  -> Locally signing key 9DD0D4217D75A33B896159E6DA7EF2ABAEEA755C...
  -> Locally signing key 69985C5EB351011C78DF7F6D755B8182ACD22879...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
  -> Disabling key B19514FB53EB3668471B296E794DCF97F93FC717...
==> Updating trust database...
gpg: next trustdb check due at 2021-06-19

Previously, at this point, I restarted the MSYS2 terminal, and then ran pacman -Syu, which failed again for me - but this time I did not restart the terminal after last command, instead I just proceeded directly:

$ pacman -Syu
error: msys: signature from "David Macek <[email protected]>" is invalid
:: Synchronizing package databases...
 mingw32 is up to date
 mingw64 is up to date
 msys                                 205.6 KiB   467 KiB/s 00:00 [###################################] 100%
 msys.sig                             438.0   B  0.00   B/s 00:00 [###################################] 100%
:: Starting core system upgrade...
warning: terminate other MSYS2 programs before proceeding
resolving dependencies...
looking for conflicting packages...

Packages (3) filesystem-2020.02-7  msys2-runtime-3.1.6-2  msys2-runtime-devel-3.1.6-2

Total Download Size:    8.12 MiB
Total Installed Size:  46.40 MiB
Net Upgrade Size:      -0.02 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 filesystem-2020.02-7-x86_64           31.3 KiB   245 KiB/s 00:00 [###################################] 100%
 msys2-runtime-3.1.6-2-x86_64           2.7 MiB   742 KiB/s 00:04 [###################################] 100%
 msys2-runtime-devel-3.1.6-2-x86_64     5.4 MiB   657 KiB/s 00:08 [###################################] 100%
(3/3) checking keys in keyring                                    [###################################] 100%
(3/3) checking package integrity                                  [###################################] 100%
(3/3) loading package files                                       [###################################] 100%
(3/3) checking for file conflicts                                 [###################################] 100%
(3/3) checking available disk space                               [###################################] 100%
:: Processing package changes...
(1/3) upgrading filesystem                                        [###################################] 100%
(2/3) upgrading msys2-runtime                                     [###################################] 100%
(3/3) upgrading msys2-runtime-devel                               [###################################] 100%
:: To complete this update all MSYS2 processes including this terminal will be closed. Confirm to proceed [Y/n] y

Restarted MSYS2 terminal here - and now pacman -Syu is fine:

$ pacman -Syu
:: Synchronizing package databases...
 mingw32 is up to date
 mingw64 is up to date
 msys is up to date
:: Starting core system upgrade...
 there is nothing to do
:: Starting full system upgrade...
 there is nothing to do

[Kinfe123]

error: mingw32: key "4A6129F4E4B84AE46ED7F635628F528CF3053E04" is unknown
:: Import PGP key 4A6129F4E4B84AE46ED7F635628F528CF3053E04? [Y/n]
error: key "4A6129F4E4B84AE46ED7F635628F528CF3053E04" could not be looked up remotely
error: mingw64: key "4A6129F4E4B84AE46ED7F635628F528CF3053E04" is unknown
:: Import PGP key 4A6129F4E4B84AE46ED7F635628F528CF3053E04? [Y/n]
error: key "4A6129F4E4B84AE46ED7F635628F528CF3053E04" could not be looked up remotely
error: msys: key "4A6129F4E4B84AE46ED7F635628F528CF3053E04" is unknown
:: Import PGP key 4A6129F4E4B84AE46ED7F635628F528CF3053E04? [Y/n]
error: key "4A6129F4E4B84AE46ED7F635628F528CF3053E04" could not be looked up remotely
error: database 'mingw32' is not valid (invalid or corrupted database (PGP signature))
error: database 'mingw64' is not valid (invalid or corrupted database (PGP signature))
error: database 'msys' is not valid (invalid or corrupted database (PGP signature))
Install MSYS2 and MINGW development toolchain failed
Installation failed: pacman failed

I tried all of the option that you have suggested over here but none of it doesnt work for me

[Biswa96]

1. See the news https://www.msys2.org/news/#2020-06-29-new-packagers
2. Try pacman-key --init; pacman-key --populate
3. If possible, try newer version of msys2-installer.

[Cooliokid956]

please help me with this i just reinstalled msys2 just for it to worsen
im using x86 version because i have to

[Biswa96]

i686 msys2 installer was deprecatee since 22-05-2020, news link. You can use x86_64 installer if you've x86_64 OS. Also you can access mingw32 packages there.

[bardware]

I tried to follow the 2020-06-29-new-packagers guide and got the signature of Alexey Pavlov. Still, the message error: key "4A6129F4E4B84AE46ED7F635628F528CF3053E04" could not be looked up remotely remained.
I'm on an older installation and want to update the packages.

The statement pacman -U --config <(echo) msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz helped, however, the doc says convince pacman to not care about those databases for a while. Will I eventually uninstall this?
What's the issue with the remote availability of 4A6129F4E4B84AE46ED7F635628F528CF3053E04?

[eddieparker]

I have the same issue as @bardware, except if I try to run the pacman -U --config <(echo) msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz line, I get:

error: config file /dev/fd/63 could not be read: Not a directory

And I can't progress further? Any tips on what I can do to fix this? My /dev/fd is not a directory.

[mcuee]

I followed the steps by sdbbs and it works fine.

[DominusExult]

after I followed all these steps and did an update I get lots of

2 [main] make (9752) shared_info::initialize: size of shared memory region changed from 49080 to 51128
2 [main] make (10632) shared_info::initialize: size of shared memory region changed from 49080 to 51128
1 [main] cp (1924) shared_info::initialize: size of shared memory region changed from 49080 to 51128

no idea if this is because of the steps or something else. Should I open a new issue? This is really annoying :(

[lazka]

restarting windows should help (or close all msys2 processes, but restarting is easier)

[DominusExult]

Thanks, I just did and indeed that fixed it. Sorry for the noise

[pps83rbx]

See https://www.msys2.org/news/#2020-06-29-new-packagers

This useless link is mentioned in all tickets related to that failure with msys2 update (it doesn't work for me, not sure what I need to run, and I don't want to read that long poem). I've used msys2 for many years, have never had any problems, and this update with key is a huge failure imo. No clear answer what to run to make and update/upgrade. This should have been handled properly instead of breaking things for everybody.

After running all possible commands mentioned all over the place, I still cannot update and get this error from running pacman -Syuu:

(8/8) checking package integrity                                                                                                                                         [########################################################################################################] 100%
      0 [main] pacman (18360) shared_info::initialize: size of shared memory region changed from 40888 to 49080                                                          [--------------------------------------------------------------------------------------------------------]   0%
      0 [main] pacman (11244) shared_info::initialize: size of shared memory region changed from 40888 to 49080                                                          [###################-------------------------------------------------------------------------------------]  19%
      1 [main] pacman (15672) shared_info::initialize: size of shared memory region changed from 40888 to 49080                                                          [####################------------------------------------------------------------------------------------]  20%
      0 [main] pacman (31588) shared_info::initialize: size of shared memory region changed from 40888 to 49080                                                          [#################################################-------------------------------------------------------]  48%
      0 [main] pacman (27008) shared_info::initialize: size of shared memory region changed from 40888 to 49080                                                          [####################################################----------------------------------------------------]  50%
      0 [main] pacman (21016) shared_info::initialize: size of shared memory region changed from 40888 to 49080                                                          [#######################################################-------------------------------------------------]  53%
(8/8) loading package files                                                                                                                                              [########################################################################################################] 100%
error: could not open file /var/cache/pacman/pkg/bash-5.1.004-1-x86_64.pkg.tar.zst: Child process exited with status 127
error: could not open file /var/cache/pacman/pkg/filesystem-2021.01-1-x86_64.pkg.tar.zst: Child process exited with status 127
error: could not open file /var/cache/pacman/pkg/mintty-1~3.4.4-1-x86_64.pkg.tar.zst: Child process exited with status 127
error: could not open file /var/cache/pacman/pkg/libzstd-1.4.8-1-x86_64.pkg.tar.zst: Child process exited with status 127
error: could not open file /var/cache/pacman/pkg/zstd-1.4.8-1-x86_64.pkg.tar.zst: Child process exited with status 127
error: could not open file /var/cache/pacman/pkg/pacman-5.2.2-9-x86_64.pkg.tar.zst: Child process exited with status 127
error: failed to commit transaction (cannot open package file)
Errors occurred, no packages were upgraded.

[dmn-star]

@pps83rbx
The following steps worked for me when updating an older msys2 version:

1. install the new keys ( https://www.msys2.org/news/#2020-06-29-new-packagers)
2. taskkill /fi "MODULES eq msys-2.0.dll" + exit the terminal ([BUG] bash.exe crashed after upgrading msys2-runtime to version 3.1.4-1 #1966)
3. install zstd and pacman manually ( Pacman 5.2.1-7 breaks upgrade from older installation (e.g. appveyor) #1967)
   pacman --noconfirm -U "http://repo.msys2.org/msys/x86_64/libzstd-1.4.4-2-x86_64.pkg.tar.xz"
pacman --noconfirm -U "http://repo.msys2.org/msys/x86_64/zstd-1.4.4-2-x86_64.pkg.tar.xz"
pacman --noconfirm -U "http://repo.msys2.org/msys/x86_64/pacman-5.2.1-6-x86_64.pkg.tar.xz"
4. taskkill /fi "MODULES eq msys-2.0.dll" + exit the terminal
5. update pacman separately first (https://www.msys2.org/news/#2020-05-31-update-may-fail-with-could-not-open-file)
   pacman --noconfirm -Sydd pacman
6. taskkill /fi "MODULES eq msys-2.0.dll" + exit the terminal
7. Core update (in case any core packages are outdated)
   pacman --noconfirm -Syuu
8. taskkill /fi "MODULES eq msys-2.0.dll" + exit the terminal
9. Normal update
   pacman --noconfirm -Syuu
10. taskkill /fi "MODULES eq msys-2.0.dll"

[pps83rbx]

@dmn-star Perhaps something what you did would work for me also.
I fixed it a bit differently. I didn't want to completely reinstall msys from scratch (to keep my local changes/settings), so to unbreak it I had to manually copy pacman and dll's from a clear msys install, this made it work on my old install where I was finally able to update everything and now it's ok.

[elieux]

@pps83rbx, your issue is not the one this ticket is about. Step 3 from @dmn-star would fix it.

I'm not quite sure if core packages using Zstd is intended though, let me check.

[elieux]

this update with key is a huge failure imo. No clear answer what to run to make and update/upgrade. This should have been handled properly instead of breaking things for everybody.

Regarding keys, hypothetically speaking, we could've improved the upgrade path for irregularly updated installations, but it'd create complications for everyone. Given MSYS2 is a rolling release distro, I don't think it's unheard of to not support these installations 100 percent.

[elieux]

I'm not quite sure if core packages using Zstd is intended though, let me check.

Yes, it was intentional. I've created a "news" entry describing this including the fix for older installations (copied from @dmn-star).

[lbmeng]

U-Boot Azure Windows build started to fail since yesterday (Jun 21, 2021)

      checking keyring...
      checking package integrity...
      error: gcc-libs: signature from "David Macek <[email protected]>" is unknown trust
      :: File /var/cache/pacman/pkg/gcc-libs-10.2.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
      error: gcc: signature from "David Macek <[email protected]>" is unknown trust
      :: File /var/cache/pacman/pkg/gcc-10.2.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
      error: failed to commit transaction (invalid or corrupted package)
      Errors occurred, no packages were upgraded.

Switching to the latest installer (version 20210604) seems to fix it.

[csdvrx]

Analysis of the problem

'pacman-key --populate msys2' will not work, as the new package listing new packagers has not be installed (and can't be) due to key issues.

# pacman-key --populate msys2
==> Appending keys from msys2.gpg...
==> Locally signing trusted keys in keyring...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
==> Updating trust database...
gpg: no need for a trustdb check

Likewise, 'pacman-key --refresh-key' will do nothing, as it can't know who the new packagers are

If adding keys manually to work around that, pacman-key will fail as the keyserver seems to default to a non working pool (hkps://hkps.pool.sks-keyservers.net):

(...)
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: keyserver refresh failed: No name
==> ERROR: Could not update key: 974C8BE49078F532
(...)

Adding hkp://pgp.mit.edu:11371 doesn't seem to work either

Proposed workaround

In 3 steps:

• manually import David Macek key into pacman-key gnupg pubring

• add a working keyserver to pacman-key gnupg configuration : https://bbs.archlinux.org/viewtopic.php?id=233362 suggest ubuntu keyserver

• update the trust database

Step 1 : add the key manually

# wget https://github.com/1480c1.gpg
--2021-06-23 18:19:41--  https://github.com/1480c1.gpg
Resolving github.com (github.com)... 140.82.114.4
Connecting to github.com (github.com)|140.82.114.4|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 26651 (26K) [text/plain]
Saving to: ‘1480c1.gpg’

1480c1.gpg          100%[===================>]  26.03K  --.-KB/s    in 0.07s

2021-06-23 18:19:41 (390 KB/s) - ‘1480c1.gpg’ saved [26651/26651]

*# pacman-key -a 1480c1.gpg --gpgdir /etc/pacman.d/gnupg/
==> Updating trust database...
gpg: no need for a trustdb check

Step 2: add a keyserver manually

# echo "keyserver hkp://keyserver.ubuntu.com" >> /etc/pacman.d/gnupg/gpg.conf

Step 3: refresh the keys manually

# pacman-key --refresh-key

(...)
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkp://keyserver.ubuntu.com
gpg: key 974C8BE49078F532: "David Macek <[email protected]>" 4 new signatures
gpg: key 974C8BE49078F532: "David Macek <[email protected]>" 1 signature cleaned
gpg: Total number processed: 1
gpg:         new signatures: 4
gpg:     signatures cleaned: 1
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   9  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   9  signed:   3  trust: 3-, 0q, 0n, 6m, 0f, 0u
gpg: depth: 2  valid:   3  signed:   0  trust: 3-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2022-01-23

What happens

Before: package installation or upgrade failed

# pacman -Syuu
:: Synchronizing package databases...
 mingw32 is up to date
 mingw64 is up to date
 ucrt64 is up to date
 clang64 is up to date
 msys is up to date
:: Starting core system upgrade...
 there is nothing to do
:: Starting full system upgrade...
:: Replace mingw-w64-x86_64-pkg-config with mingw64/mingw-w64-x86_64-pkgconf? [Y/n] y
:: Replace mingw-w64-x86_64-x264-git with mingw64/mingw-w64-x86_64-x264? [Y/n] y
:: Replace pax-git with msys/pax? [Y/n] y
:: Replace pkg-config with msys/pkgconf? [Y/n] y
:: Replace sqlite-vfslog with msys/sqlite-extensions? [Y/n] y
resolving dependencies...
(...)

Total Download Size:    717.71 MiB
Total Installed Size:  4500.74 MiB
Net Upgrade Size:      1339.98 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
(...)
(364/364) checking keys in keyring                 [#####################] 100%
(364/364) checking package integrity               [#####################] 100%
error: gcc-libs: signature from "David Macek <[email protected]>" is unknown trust
:: File /var/cache/pacman/pkg/gcc-libs-10.2.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] 
Interrupt signal received

After: the temporary workaround allows the new key to be properly added:

# pacman -Syuu
(...)

Total Installed Size:  4500.74 MiB
Net Upgrade Size:      1339.98 MiB

:: Proceed with installation? [Y/n] y
(364/364) checking keys in keyring                 [#####################] 100%
(364/364) checking package integrity               [#####################] 100%
(364/364) loading package files                    [#####################] 100%
(364/364) checking for file conflicts              [#####################] 100%
(369/369) checking available disk space            [#####################] 100%
warning: could not get file information for autorebasebase1st.bat
:: Processing package changes...
(1/5) removing sqlite-vfslog                       [#####################] 100%
(2/5) removing pax-git                             [#####################] 100%
(3/5) removing mingw-w64-x86_64-x264-git           [#####################] 100%
(4/5) removing mingw-w64-x86_64-pkg-config         [#####################] 100%
(5/5) removing pkg-config                          [#####################] 100%
(  1/364) upgrading gcc-libs                       [#####################] 100%
(  2/364) upgrading libexpat                       [#####################] 100%
(...)
==> Appending keys from msys2.gpg...
==> Locally signing trusted keys in keyring...
(...)
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
==> Updating trust database...
gpg: next trustdb check due at 2022-01-23
(...)

I believe this is sufficient to close this issue.

[Woor]

It's not fixed. I tried about every workaround in this threat and I still get:

error: wget: signature from "David Macek [email protected]" is unknown trust
:: File /var/cache/pacman/pkg/wget-1.21.1-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: pax: signature from "David Macek [email protected]" is unknown trust
:: File /var/cache/pacman/pkg/pax-20201030-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.

For 111 packages....

UPDATE: The only way for me to update was to disable signature checking entirely in pacman.conf. But even after pacman -Syu passed, re-enabling it still prevents me from installing any new packages. I'm out of ideas at this point.

[wickedmic]

I was able to fix this by roughly following what @csdvrx proposed. But it felt wrong to just trust some key downloaded from somewhere (I'm talking about the # wget https://github.com/1480c1.gpg step). So here is what I did:

First, this was the error I was getting when running pacman -Syu:

error: bash-completion: signature from "David Macek <[email protected]>" is unknown trust
:: File /var/cache/pacman/pkg/bash-completion-2.11-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).

The way I fixed it:

1. Get the Key-ID (0x9078f532) from https://www.msys2.org/news/#2020-06-29-new-packagers
2. Use https://keyserver.ubuntu.com to get the key. Just type in the ID and you end up here:
   https://keyserver.ubuntu.com/pks/lookup?search=0x9078f532&fingerprint=on&op=index
3. Download the key

> wget "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x87771331b3f1ff5263856a6d974c8be49078f532" -O key

4. Proceed as @csdvrx proposed

> pacman-key -a key --gpgdir /etc/pacman.d/gnupg/
> echo "keyserver hkp://keyserver.ubuntu.com" >> /etc/pacman.d/gnupg/gpg.conf
> pacman-key --refresh-keys

After this pacman -Syu worked again. I did not need to close any windows or the like.

[capatina]

@csdvrx
THIS WAS THE SOLUTION. THANK YOU

[BobbyEdwards]

I was able to fix this by roughly following what @csdvrx proposed. But it felt wrong to just trust some key downloaded from somewhere (I'm talking about the # wget https://github.com/1480c1.gpg step). So here is what I did:

First, this was the error I was getting when running pacman -Syu:

error: bash-completion: signature from "David Macek <[email protected]>" is unknown trust
:: File /var/cache/pacman/pkg/bash-completion-2.11-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).

The way I fixed it:

1. Get the Key-ID (0x9078f532) from https://www.msys2.org/news/#2020-06-29-new-packagers
2. Use https://keyserver.ubuntu.com to get the key. Just type in the ID and you end up here:
   https://keyserver.ubuntu.com/pks/lookup?search=0x9078f532&fingerprint=on&op=index
3. Download the key

> wget "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x87771331b3f1ff5263856a6d974c8be49078f532" -O key

1. Proceed as @csdvrx proposed

> pacman-key -a key --gpgdir /etc/pacman.d/gnupg/
> echo "keyserver hkp://keyserver.ubuntu.com" >> /etc/pacman.d/gnupg/gpg.conf
> pacman-key --refresh-keys

After this pacman -Syu worked again. I did not need to close any windows or the like.

This worked! Thanks @wickedmic!

[nulano]

I did not get errors initially, but I've been having new packages fail to verify. The solution for me turned out to be pacman -S msys2-keyring, after which pacman -Syu worked again.

[michkot]

I did not get errors initially, but I've been having new packages fail to verify. The solution for me turned out to be pacman -S msys2-keyring, after which pacman -Syu worked again.

When updating msys after ~8 months, the instructions from news + ^this actually helped!

[acidtonic]

Sad to find my buildbot scripted automated test vm's started failing with this ridiculous trust error message from David Macek's key.

How long is this going to be an issue without getting automatically resolved? It's literally the same dude's key from 2020 and here I am 2 full years later suddenly impacted by this exact issue.

:(

[wtuemura]

Googling the error, it redirects here. After doing rm -r /etc/pacman.d/gnupg/ && pacman-key --init && pacman-key --populate msys2 && pacman-key --refresh-keys, looks like some gpg keys has erros:

gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: key 280056C915DFC20C marked as ultimately trusted
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/6505491C7A061E293231E6B2280056C915DFC20C.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
==> Appending keys from msys2.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signed 6 keys.
==> Importing owner trust values...
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
==> Disabling revoked keys in keyring...
  -> Disabled 2 keys.
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   6  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   6  signed:   5  trust: 0-, 0q, 0n, 6m, 0f, 0u
gpg: depth: 2  valid:   5  signed:   0  trust: 5-, 0q, 0n, 0m, 0f, 0u
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key F40D263ECA25678A: "Alexey Pavlov (Alexpux) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key 790AE56A1D3CFDDC: "David Macek (MSYS2 master key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key DA7EF2ABAEEA755C: "Martell Malone (martell) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key BBE514E53E0D0813: "Ray Donnelly (MSYS2 Developer - master key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key 755B8182ACD22879: "Christoph Reiter (MSYS2 master key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key 9F418C233E652008: "Ignacio Casal Quinteiro <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key 5F92EFC1A47D45A1: "Alexey Pavlov (Alexpux) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key 974C8BE49078F532: "David Macek <[email protected]>" 3 new signatures
gpg: key 974C8BE49078F532: "David Macek <[email protected]>" 1 signature cleaned
gpg: Total number processed: 1
gpg:         new signatures: 3
gpg:     signatures cleaned: 1
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   6  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   6  signed:   6  trust: 0-, 0q, 0n, 6m, 0f, 0u
gpg: depth: 2  valid:   6  signed:   0  trust: 6-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2022-11-18
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key D595C9AB2C51581E: "Martell Malone (MSYS2 Developer) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key FA11531AA0AA7F57: "Christoph Reiter (MSYS2 development key) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: error retrieving '[email protected]' via WKD: No name
gpg: error reading key: No name
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key 794DCF97F93FC717: "Martell Malone (martell) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg: error retrieving '[email protected]' via WKD: No data
gpg: error reading key: No data
gpg: refreshing 1 key from hkps://keyserver.ubuntu.com
gpg: key 4DF3B7664CA56930: "Ray Donnelly (MSYS2 Developer) <[email protected]>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

The error still persists:

error: mingw-w64-x86_64-libvorbis: signature from "David Macek <[email protected]>" is unknown trust
:: File /var/cache/pacman/pkg/mingw-w64-x86_64-libvorbis-1.3.7-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: mingw-w64-x86_64-ffms2: signature from "David Macek <[email protected]>" is unknown trust
:: File /var/cache/pacman/pkg/mingw-w64-x86_64-ffms2-2.40-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.

Maybe 3 or 4 years ago, I've posted a workaround here to a different MSYS error preventing me to upgrade the system.

The exact same workaround works with this one:

• Edit /etc/pacman.conf add SigLevel = Never and save.
• Run the command rm -r /etc/pacman.d/gnupg/ && pacman-key --init && pacman-key --populate msys2
• Try pacman -Suy again, it should work without any further issues.
• When all set and done, remove SigLevel = Never from /etc/pacman.conf and save.

Now everything should be working.

pacman -Suy
:: Synchronizing package databases...
 mingw32 is up to date
 mingw64 is up to date
 ucrt64 is up to date
 clang32 is up to date
 clang64 is up to date
 msys is up to date
:: Starting core system upgrade...
 there is nothing to do
:: Starting full system upgrade...
 there is nothing to do

Hope it helps.

[Biswa96]

This is not an issue anymore. Workaround available ☝️

[emmanuelkamala]

oscar@w10x64-vm-sky MINGW64 ~
$ pacman -Suy
:: Synchronizing package databases...
 mingw32               468.8 KiB   652 KiB/s 00:01 [#####################] 100%
 mingw32.sig           119.0   B  0.00   B/s 00:00 [#####################] 100%
 mingw64               471.4 KiB  3.27 MiB/s 00:00 [#####################] 100%
 mingw64.sig           119.0   B  0.00   B/s 00:00 [#####################] 100%
 msys                  189.8 KiB  0.00   B/s 00:00 [#####################] 100%
 msys.sig              438.0   B  0.00   B/s 00:00 [#####################] 100%
error: msys: key "4A6129F4E4B84AE46ED7F635628F528CF3053E04" is unknown
:: Import PGP key 4A6129F4E4B84AE46ED7F635628F528CF3053E04? [Y/n]
error: msys: signature from "David Macek <[email protected]>" is unknown trust
error: failed to update msys (invalid or corrupted database (PGP signature))
error: failed to synchronize all databases

oscar@w10x64-vm-sky MINGW64 ~
$ pacman -Suy
error: msys: signature from "David Macek <[email protected]>" is unknown trust
:: Synchronizing package databases...
 mingw32 is up to date
 mingw64 is up to date
 msys                  189.8 KiB   450 KiB/s 00:00 [#####################] 100%
 msys.sig              438.0   B  0.00   B/s 00:00 [#####################] 100%
error: msys: signature from "David Macek <[email protected]>" is unknown trust
error: failed to update msys (invalid or corrupted database (PGP signature))
error: failed to synchronize all databases

oscar@w10x64-vm-sky MINGW64 ~
$

I had that same problem, what worked for me was to uninstall Ruby, then went and download a fresh copy of Ruby 3.1.1 with devkit installer, when I installed it, I did not get any errors and its working fine. I am using windows 10(without WSL) and Ruby 3.1.1 with Ruby on Rails version 7.0.4.

[Artoria2e5]

Funny enough, got the same issue again after I don't know how many months of not using my msys2. The same old pacman -U --config <(echo) msys2-keyring-*.tar.* worked. Should probably make it a shell alias at this point.

[sharpenHolic]

See https://www.msys2.org/news/#2020-06-29-new-packagers

thanks！ It did help.

[paranormalized-encryptid]

I had this issue on multiple fresh installs of MSYS2 a couple days ago while trying to build the MinGW64 toolchain. It kept hanging while trying to update a package just called msys I think, forcing me to close the terminal, at which point MSYS2 seemingly corrupted and refused to recognize any signatures from thereon out. The problem persisted even with antivirus disabled. The advice to populate keys, refresh keys, use the config trick, reset the pacman key store etc. did nothing. After uninstalling and reinstalling MSYS2 about 4-5 times, the only way I was able to somehow dodge the problem was to throw the commands listed here at the wall and hope they stuck. (I'm a new user, no experience with Arch Linux or pacman.)