Loading...
X

“Error: failed to commit transaction (invalid or corrupted package)” (SOLVED)

When updating or installing packages in Arch Linux, Manjaro and their derivatives, you may encounter the “error: failed to commit transaction (invalid or corrupted package). Errors occurred, no packages were upgraded.” issue.

Full error log:

:: Retrieving packages...
 libinih-55-2-x86_64                                15.4 KiB   385 KiB/s 00:00 [############################################] 100%
(40/40) checking keys in keyring                                               [############################################] 100%
(40/40) checking package integrity                                             [############################################] 100%
error: libinih: signature from "Maxime Gauduin <alucryd@gmail.com>" is marginal trust
:: File /var/cache/pacman/pkg/libinih-55-2-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.

In this case, the error occurs when trying to update the libinih package, but it can occur for other packages as well.

First, try delete the package, as recommended, and run the update again to download the installation package file. This will resolve the issue if the error is caused by a corrupted package, such as a network outage.

If this does not help, then instead of a complete update of the system, run the update of the archlinux-keyring package:

sudo pacman -Sy archlinux-keyring

This should fix the PGP signature verification issue.

This error and the problem with incorrect PGP signature can occur on systems that are rarely updated (updated with long breaks). The error lies in the fact that packages with “invalid” PGP signatures are signed with keys that are contained in the updated version of the archlinux-keyring package. Therefore, by starting with updating archlinux-keyring you get new versions of the keys, which then successfully verify the PGP signatures of the package files.


Leave Your Observation

Your email address will not be published.