DEV Community

Mario García
Mario García

Posted on • Updated on

Signature is unknown trust - Arch Linux on VBox

#linux #opensource

Problem

I was trying to configure an Arch Linux virtual machine with Vagrant + Virtual Box and ran the following commands:

mkdir archlinux
cd archlinux
vagrant init archlinux/archlinux
vagrant up
Enter fullscreen mode Exit fullscreen mode

After the vagrant box was downloaded and the virtual machine was configured and up running, I logged in:

vagrant ssh
Enter fullscreen mode Exit fullscreen mode

The first thing I did was to upgrade the system by running:

sudo pacman -Syyu
Enter fullscreen mode Exit fullscreen mode

After all the packages were downloaded, it asked me to import some PGP keys:

:: Import PGP key 3B94A80E50A477C7, "Jan Alexander Steffens (heftig) <heftig@archlinux.org>"? [Y/n]
:: Import PGP key 3B94A80E50A477C7, "Jan Alexander Steffens (heftig) <heftig@archlinux.org>"? [Y/n]
Enter fullscreen mode Exit fullscreen mode

and it gave me the following error with every single package:

error: archlinux-keyring: signature from "Christian Hesse <eworm@archlinux.org>" is unknown trust
:: File /var/cache/pacman/pkg/archlinux-keyring-20200603-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n]
Enter fullscreen mode Exit fullscreen mode

The latest version of the Arch Linux box was released on June 3rd and this error also occurred with some previous versions released this year, even when I was trying to install any package.

Solution

There's an answer to a post in the Manjaro Linux Forum suggesting that the error can be fixed by running the following commands:

sudo rm -r /etc/pacman.d/gnupg
sudo pacman -Sy gnupg archlinux-keyring manjaro-keyring
sudo pacman-key --init
sudo pacman-key --populate archlinux manjaro 
sudo pacman-key --refresh-keys 
sudo pacman -Sc
Enter fullscreen mode Exit fullscreen mode

But running sudo pacman -Sy gnupg archlinux-keyring manjaro-keyring will give the same error and the manjaro-keyring package is not necessary as well as manjaro in sudo pacman-key --populate archlinux manjaro, as we're running Arch Linux. So the steps to follow are:

sudo rm -r /etc/pacman.d/gnupg
sudo pacman-key --init
sudo pacman-key --populate archlinux 
sudo pacman-key --refresh-keys
sudo pacman -Sy gnupg archlinux-keyring 
sudo pacman -Sc
Enter fullscreen mode Exit fullscreen mode

After that we can upgrade the system or install a package as usual.

Top comments (2)

Collapse
 
m157q profile image
M157q

This blog post saves me. Thank you!

Collapse
 
fabrixx profile image
fabrixx

a verification process of every single key starts that lasts hours and hours, at a certain point I closed everything and went to bed

Read next

shadiajam profile image

Should We Rethink About IDs? A Deep Dive into "Snowflake IDs"

Shadi AJAM -

dapphari007 profile image

My Hacktoberfest 2024 Journey: From First Pull Request to Open Source Growth

HARISH K -

mohsenkamrani profile image

Master Cron Expressions In 2 minutes

Sam -

sammybarasa profile image

FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory on Digital OceanDroplet

Sammy Barasa -