Installing a new Package or updating fails with a message about “invalid or corrupted package” or “key is disabled”
/docs/operation/faq-howto-troubleshooting/error-corrupted-package/
This and similar messages are triggered when UBOS cannot verify that a Package
you are trying to install or upgrade has been created by a trusted developer (i.e. one whose
public key is listed as “trusted” in pacman
’s trust database).
There are several conditions that cause these messages, such as:
-
the signature for the Package file is invalid (e.g. just made up);
-
the signature for the Package file is valid, but
pacman
’s trust database does not have the needed public key to verify it; -
the signature for the Package file is valid,
pacman
’s trust database has the public key to verify it, but the key is not marked as trusted there; -
the package indeed was created by a non-trusted developer. This is unlikely, unless you are a developer and you created the Package yourself. If you decide that you wish to trust the developer (such as yourself) in spite of UBOS’ policies, use
pacman-key
to add the key topacman
’s gpg database -
your trust database is out of date.
Try this:
-
Update the trust database with
sudo pacman-key --refresh-keys
-
You can also weaken the
pacman
security requirements by making signatures optional by editing/etc/pacman.conf
. This is only recommended if you know what you are doing.