error: XXXX : signature from "David macek <david.macek.0@gmail.com>" is invalid

[hamlibdk]

Describe the issue

running pacman -Syuu ... Receiving messages:

$ pacman -Syuu
error: mingw32: signature from "David Macek <david.macek.0@gmail.com>" is invalid
error: msys: signature from "David Macek <david.macek.0@gmail.com>" is invalid
:: Synchronizing package databases...
 mingw32                         891.1 KiB   754 KiB/s 00:01 [###############################] 100%
 mingw32.sig                     438.0   B  0.00   B/s 00:00 [###############################] 100%
error: mingw32: signature from "David Macek <david.macek.0@gmail.com>" is invalid
error: failed to update mingw32 (invalid or corrupted database (PGP signature))
 mingw64 is up to date
 msys                            300.4 KiB   641 KiB/s 00:00 [###############################] 100%
 msys.sig                        438.0   B  0.00   B/s 00:00 [###############################] 100%
error: msys: signature from "David Macek <david.macek.0@gmail.com>" is invalid
error: failed to update msys (invalid or corrupted database (PGP signature))
error: failed to synchronize all databases

Steps to Reproduce the Problem

pacman -Syuu

have tried steps at https://www.msys2.org/news/ --> 2020-06-29 - new packagers ... They do not resolve issues

Additional Context: Operating System, Screenshots

• OS: [e.g. Windows 10 Pro version 20H2 64bit]

[Biswa96]

Have you tried to install with latest installer from here https://github.com/msys2/msys2-installer/releases?

[hamlibdk]

That is not a solution or a mitigation ... especially since the "last resort fix-all" steps at https://www.msys2.org/news/ fail !

Yet for the record a redeploy from scratch FAILS with the same error.

It was basically working well prior to 2021-2-16 00:00z ... Problems after that time !

The matter is of critical urgency as this is part of as Software Developers' kit - that integrates with Qt - used by many-many of non-commercial developers.

[mayd]

I am experiencing exactly the the same error.

I upgrade my MSYS2 installation weekly, on average, and it was working up until two days ago. Today the pacman upgrade procedure is no longer working.

[lazka]

Likely sourceforge having problems. Waiting a bit might help.

[hamlibdk]

A WORK AROUND

I have a work-around - that being to Disable Signature Checking (ref: ) that appears to make the environment function again.. However, I would recommend the following procedure FIRST (ref: https://www.msys2.org/news/ )

Stage 1: From https://www.msys2.org/news/

If you still see signature errors, resetting your pacman key store might help:

# rm -r /etc/pacman.d/gnupg/
# pacman-key --init
# pacman-key --populate msys2

Stage 2: https://wiki.archlinux.org/index.php/Pacman/Package_signing

Disabling signature checking

Warning: Use with caution. Disabling package signing will allow pacman to install untrusted packages automatically. If you are not concerned about package signing, you can disable PGP signature checking completely. Edit /etc/pacman.conf and uncomment the following line under [options]:

SigLevel = Never

You need to comment out any repository-specific SigLevel settings too because they override the global settings. This will result in no signature checking, which was the behavior before pacman 4. If you decide to do this, you do not need to set up a keyring with pacman-key. You can change this option later if you decide to enable package verification.

[geedeee]

Having the same issue here as well. I update weekly. Last week was working fine.

[mayd]

I already considered bypassing pacman digital signature checking.

However, until I am sure that the cause of this problem is not some kind hack I am reluctant to proceed. After all, it would be an effective way to infect lots of computers. Could be another SolarWinds!

I am amazed that nobody from the MSYS2 project team has yet commented on this issue and provided reassurance to users.

[jeremyd2019]

I have several msys2 installs around on a couple of different machines, and I am not seeing this on any of them. However, @elieux did recently update his key, and there was apparently an issue with the msys2-keyring package update not including cross signatures for it (msys2/MSYS2-keyring#6). I don't know if it was related, but the timing is suspicious.

[lazka]

then pacman-key --refresh might help

[rogerd007]

then pacman-key --refresh might help

Unfortunately not for me - it said the key for David macek was unchanged.

If you still see signature errors, resetting your pacman key store might help:

Unfortunately this did not solve the problem either.

[mingwandroid]

I tried pacman-key --refresh and although it said the same thing, subsequent updates worked (the next update reported the same error but proceeded anyway and the update after that didn't have the error at all).

Can you see if the same is true in your situation?

[rogerd007]

Can you see if the same is true in your situation?

No, no matter how many times I run pacman -Syuu after doing the refresh, I still get the same error messages as the initial post.

[lazka]

what about -Syyuu ?

[rogerd007]

what about -Syyuu ?

Unfortunately, still the same outcome.

$ pacman -Syyuu error: mingw32: signature from "David Macek <david.macek.0@gmail.com>" is invalid error: msys: signature from "David Macek <david.macek.0@gmail.com>" is invalid :: Synchronizing package databases... mingw32 891.1 KiB 2.75 MiB/s 00:00 [#####################] 100% mingw32.sig 438.0 B 0.00 B/s 00:00 [#####################] 100% error: mingw32: signature from "David Macek <david.macek.0@gmail.com>" is invalid error: failed to update mingw32 (invalid or corrupted database (PGP signature)) mingw64 894.5 KiB 4.01 MiB/s 00:00 [#####################] 100% mingw64.sig 438.0 B 0.00 B/s 00:00 [#####################] 100% msys 300.4 KiB 3.86 MiB/s 00:00 [#####################] 100% msys.sig 438.0 B 0.00 B/s 00:00 [#####################] 100% error: msys: signature from "David Macek <david.macek.0@gmail.com>" is invalid error: failed to update msys (invalid or corrupted database (PGP signature)) error: failed to synchronize all databases

[rogerd007]

I think it's an issue with the sourceforge mirror, as I disabled the sourceforge mirror in pacman.conf, and when I ran pacman -Syuu it complained of the keys being of "marginal trust", as opposed to "invalid". After running pacman-key --refresh I was able to successfully run pacman -Syuu and it updated asciidoc and msys2-keyring-1~20210213-1.

Upon completion I re-enabled the sourceforge mirrors and pacman -Syyuu reverts to the "invalid" error regarding the David Macek signature.

[mayd]

After considering comments above I commented out downloads.sourceforge.net in the following files:

/etc/pacman.d/mirrorlist.msys /etc/pacman.d/mirrorlist.mingw32 /etc/pacman.d/mirrorlist.mingw64

Now pacman upgrades work as they should.

Update During the pacman update I noticed one of the updated packages was msys2-keyring-1~20210213-1. Suspicious.

[samhocevar]

For what it’s worth, even after applying all the solutions proposed here, it may help to upgrade the keyring package (pacman -S msys2-keyring) before doing the full upgrade.

[mefistotelis]

What worked for me was:

1. running pacman -Syu to update the package database and base packages as msys2 install manual instructs in point 5

2. updating the keyring package as @samhocevar proposed

3. Then resetting pacman keystore as @hamlibdk proposed

4. Then upgrading all the packages with pacman -Syuu

[EskoDijk]

Same issue, and @mefistotelis Your approach worked for me as well! Thanks

[HnkGitHub]

Same issue here. But left out resetting the pacman keystores as @hamlibdk proposed. After about 3 hours of retrying with different solutions it finally worked.

I like msys2, but this is frustrating. This issue really needs to be ironed out. Need more information from error reporting to be better able to diagnose problems: e.g., just saying someone is an unknown trust does not provide enough information to debug the problem. Why is so and so an unknown trust? I see this issue has been ongoing for over a year.

[Juan321654]

have been going at it for the past 7 hours, tried every single way in here, and more suggestions that were made around google...nothing has worked so far.

[silverqx]

it may help to upgrade the keyring package (pacman -S msys2-keyring) before doing the full upgrade.

I did this as a first thing and it helped, thx

[pe224]

Nothing above worked for me. What I ended up doing was 1) download msys2 source http://repo.msys2.org/distrib/msys2-x86_64-latest.tar.xz 2) run msys2.exe in the extracted source once, so that all keys are initialized/setup properly 3) copy (and overwrite) the following files from extracted source to my original Msys2 installation: /etc/pacman.d/gnupg/pubring.gpg /etc/pacman.d/gnupg/pubring.gpg~ /etc/pacman.d/gnupg/secring.gpg /etc/pacman.d/gnupg/tofu.db /etc/pacman.d/gnupg/trustdb.gpg /usr/share/pacman/keyrings/msys2.gpg /usr/share/pacman/keyrings/msys2-revoked /usr/share/pacman/keyrings/msys2-trusted

This fixed my issue without needing to reinstall everything from scratch.

Disclaimer: I have (practically) no idea what these files do. Use at your own risk 😉

[IceeSw]

From what I understand from pacman-key, I suggest the following:

And always first understand what you are doing: pacman-key --help ... -d, --delete Remove the specified keyids ... -l, --list-keys List the specified or all keys ...

1.- Run pacman-key -l 2.- Verify you have a key for "David macek" that is expired and another that is valid. 2.1.- Take note or copy the expired key for example, let's say KEYTOREMOVE is the expired key. 3.- Remove the expired key pacman-key -d KEYTOREMOVE

After doing this verify you can install pacman packages signed by "David macek..." signature without issues.

[quanah]

Ran into this today too. What finally worked for me was:

rm -rf /etc/packman.d/gnupg
pacman-key --init
pacman -S msys2-keyring
pacman-key --populate msys2
pacman -Syu

[hjoertel]

Hi, it all doesn't help me, even the last from @quanah Sourceforge update servers are disabled.

[hjoertel]

removing the expired key, results in

(62/62) checking keys in keyring                                                                       [############################################################] 100%
downloading required keys...
:: Import PGP key 628F528CF3053E04, "CI (msys2-autobuild/6e7d6a99/328625740)"? [Y/n] Y
error: key "628F528CF3053E04" could not be looked up remotely
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded.

[hjoertel]

I now successful followed the instructions given here https://www.msys2.org/news/#2020-06-29-new-packagers

and can update and install new packages.

[evandrocoan]

I have an old machine and the official instructions did not worked (it may be because I did not run pacman -Syu with -y, I have my system running tests and doing an upgrade would break my ssh and bash). I used this instead:

It seems that now pacman uses the format zst:

1. curl -O http://repo.msys2.org/msys/x86_64/pacman-mirrors-20210902-1-any.pkg.tar.zst (https://www.msys2.org/news/#2020-06-29-new-packagers), I just downloaded the lasted key file I found on http://repo.msys2.org/msys/x86_64/
2. tar -I zstd -xvf pacman-mirrors-20210902-1-any.pkg.tar.zst -C / or pacman -U pacman-mirrors-20210902-1-any.pkg.tar.zst (https://stackoverflow.com/questions/45355277/how-can-i-decompress-an-archive-file-having-zst-or-tar-zst)

Fix the error error: libevent-devel: signature from "David Macek <david.macek.0@gmail.com>" is unknown trust (https://github.com/msys2/MSYS2-packages/issues/2343#issuecomment-941815336)

1. pacman -Syu (and cancel upgrade with n)
2. rm -rf /etc/packman.d/gnupg
3. pacman-key --init
4. pacman -S msys2-keyring
5. pacman-key --populate msys2
6. Now pacman -S package-name is working again and not failing anymore with:

   $ pacman -S libevent
   error: mingw32: signature from "David Macek <david.macek.0@gmail.com>" is unknown trust
   error: mingw64: signature from "David Macek <david.macek.0@gmail.com>" is unknown trust
   error: msys: signature from "David Macek <david.macek.0@gmail.com>" is unknown trust
   error: database 'mingw32' is not valid (invalid or corrupted database (PGP signature))
   error: database 'mingw64' is not valid (invalid or corrupted database (PGP signature))
   error: database 'msys' is not valid (invalid or corrupted database (PGP signature))

[daleclack]

Nothing above worked for me. What I ended up doing was 1) download msys2 source http://repo.msys2.org/distrib/msys2-x86_64-latest.tar.xz 2) run msys2.exe in the extracted source once, so that all keys are initialized/setup properly 3) copy (and overwrite) the following files from extracted source to my original Msys2 installation: /etc/pacman.d/gnupg/pubring.gpg /etc/pacman.d/gnupg/pubring.gpg~ /etc/pacman.d/gnupg/secring.gpg /etc/pacman.d/gnupg/tofu.db /etc/pacman.d/gnupg/trustdb.gpg /usr/share/pacman/keyrings/msys2.gpg /usr/share/pacman/keyrings/msys2-revoked /usr/share/pacman/keyrings/msys2-trusted

This fixed my issue without needing to reinstall everything from scratch.

Disclaimer: I have (practically) no idea what these files do. Use at your own risk 😉

I fixed the issue by these instructions :)

[fabceolin]

I needed to use a ancient msys2 so I do this to disabled gpg check. perl -pi -e "s/^SigLevel/#SigLevel/g" /etc/pacman.conf perl -pi -e "s/LocalFileSigLevel/#LocalFileSigLevel/g" /etc/pacman.conf perl -pi -e "s/#SigLevel = Never/SigLevel = Never/g" /etc/pacman.conf

[pofo14]

I am having the same issue, but can't perform the steps outlined to fix it. I am most likely missing something, but I am running this on windows, and can't get the pacman-key command to work. This makes sense as it is a shell script, do I need to use WSL for windows or something to make this work?

[hjoertel]

I am having the same issue, but can't perform the steps outlined to fix it. I am most likely missing something, but I am running this on windows, and can't get the pacman-key command to work. This makes sense as it is a shell script, do I need to use WSL for windows or something to make this work?

for me instructions at https://www.msys2.org/news/#2020-06-29-new-packagers did help If not. Backup your ~ and try a new install

[fabceolin]

You can try disable gpg checking temporarily and update to see if helps: perl -pi -e "s/^SigLevel/#SigLevel/g" /etc/pacman.conf perl -pi -e "s/LocalFileSigLevel/#LocalFileSigLevel/g" /etc/pacman.conf perl -pi -e "s/#SigLevel = Never/SigLevel = Never/g" /etc/pacman.conf

Em dom., 21 de nov. de 2021 às 08:41, hjoertel @.***> escreveu:

I am having the same issue, but can't perform the steps outlined to fix it. I am most likely missing something, but I am running this on windows, and can't get the pacman-key command to work. This makes sense as it is a shell script, do I need to use WSL for windows or something to make this work?

for me instructions at https://www.msys2.org/news/#2020-06-29-new-packagers did help If not. Backup your ~ and try a new install

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/msys2/MSYS2-packages/issues/2343#issuecomment-974800560, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAE6CQNWKBYGN5QWKJVAAH3UNDLHRANCNFSM4XVZOQ2A . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

-- Fabrício Ceolin

[dsieh]

For those of us who has had this "pacman error: ... : signature from ... is unknown trust" problem for a long time. There is likely an additional issue of pacman-key calling an invalid keyserver. The fix is to run pacman-key with an explicit keyserver option:

$ pacman-key --keyserver keyserver.ubuntu.com --refresh-keys

after running:

$ pacman -U msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz

This solution avoids running the updated installer to reinstall MSYS2.

The key delivered in msys2-keyring-r21.b39fb11-1-any.pkg.tar.xz has expired, needing "pacman-key --refresh-keys" to update. There is more detail in this stackoverflow answer.

[chapmanjacobd]

David's new key expired on March 3rd 2022... I think there might be some packages which were signed with this old key

pacman-key -d 87771331B3F1FF5263856A6D974C8BE49078F532

error: liblz4: signature from "David Macek <david.macek.0@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/liblz4-1.9.3-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: gmp: signature from "David Macek <david.macek.0@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/gmp-6.2.1-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: base: signature from "David Macek <david.macek.0@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/base-2020.12-1-any.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.

as well as gcc

error: gcc: signature from "David Macek <david.macek.0@gmail.com>" is unknown trust
:: File /var/cache/pacman/pkg/gcc-10.2.0-1-x86_64.pkg.tar.zst is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] n

[Biswa96]

Packaging keys were last updated on 29th Dec 2021. Did you miss any msys2-keyring update? Make sure everything is up-to-date with pacman -Syyu command.

[stadlerb]

I had the same problem, and for me only msys2-keyring-1~20210904-1 was installed and trying to upgrade it didn't help. What I did in the end was download the newest msys2-keyring package and sig from https://repo.msys2.org/msys/x86_64/ and installed it with pacman -U. Upgrading the offending packages works now. However, now I am getting a warning that the local version of msys2-keyring is too new :-)

PS: Seems I'm also stuck with pacman-mirrors-20211116-1. I also noticed that the mirror lists under /etc/pacman.d were installed as mirrorlist.*.pacnew. Renaming them broke things, though, as pacman -Sy is unwilling to do anything because Christoph Reiter's key is not recognized anymore and the signature database is supposedly corrupted.

[jeremyd2019]

I had the same problem, and for me only msys2-keyring-1~20210904-1 was installed and trying to upgrade it didn't help. What I did in the end was download the newest msys2-keyring package and sig from https://repo.msys2.org/msys/x86_64/ and installed it with pacman -U. Upgrading the offending packages works now. However, now I am getting a warning that the local version of msys2-keyring is too new :-)

That shouldn't happen. Did you update the sync dbs (including the y option in pacman -Syu)?

PS: Seems I'm also stuck with pacman-mirrors-20211116-1. I also that the mirror lists under /etc/pacman.d were installed as mirrorlist.*.pacnew. It looks like renaming them broke things, though, as pacman -Sy is unwillig to do anything because Christoph Reiter's key is not recognized anymore and the signature database is supposedly corrupted.

Oh, was the first mirror in your mirrorlist sourceforge? That's not being updated anymore, so I could see you getting old sync dbs from there...

[stadlerb]

Oh, was the first mirror in your mirrorlist sourceforge? That's not being updated anymore, so I could see you getting old sync dbs from there...

Yes it was. I just reinstalled MSYS2, but I renamed the old directory before. If there's any info you can need to help others fix the issue, just let me know :-)

[stadlerb]

For some reason I had an error with the invalid certificate during pacman -Su even after reinstalling MSYS2. I manually re-downloaded all *.sig files from repo.msys2.org into /var/lib/pacman/sync and now it seems to work again.

[stadlerb]

Comparing the old and new *.sig files, they look completely different from each other. Are they all legitimate but for the wrong DB versions or are they really corrupted?

[bnthomason]

Hello! I downloaded Devkitpro and used Msys2 to use the following code: pacman -S make gcc zlib-devel git

I get an error with this signature and name, what fix should I persue, as there's many above.

[IceeSw]

I had fixed my issue before by updating the keys. I might have done it through refresh or init. But now I had again the "pacman error: ... : signature from ... is unknown trust" message as mentioned above by @dsieh on Nov, 2021. You may want to try directly what @silverqx mentioned September 15, 2021. (That is "Next step (several posts above mention this):" below)

However, I followed some steps and those let me installed packaged signed by "David's Macek" key again.

Some might be redundant but what I did was:

pacman-key -l I found that the following entry was expired and removed it. uid [ expired] David Macek david.macek.0@gmail.com

pacman-key -d 87... It expired 2022-03-03

pacman-key --refresh I got an error: gpg: keyserver refresh failed: Try again later ==> ERROR: A specified local key could not be updated from a keyserver.

The key was successfully removed though. Which can be confirmed by running pacman-key -l again.

I got the following error while trying to install packages signed with the old key: ... error: key "62..." could not be looked up remotely error: required key missing from keyring error: failed to commit transaction (unexpected error) Errors occurred, no packages were upgraded.

Then I ran: pacman -Syu And answered n as follows (as mentioned by @evandrocoan October 23, 2021): ... :: Proceed with installation? [Y/n] n

Next step (several posts above mention this): pacman -S msys2-keyring

Which signed the keys successfully and disabled revoked keys: ... ==> Updating trust database... gpg: next trustdb check due at 2022-06-26

After this I could install the packages. And understand better how this works by doing the attempts to fix it without modifying files manually or executing the pacman-key command with another key-server.

[lemire]

I solved my problem by typing pacman -Syu.

[Biswa96]

This issue was solved with new newer msys2 installer. Please use new installers from https://github.com/msys2/msys2-installer/releases or update existing packages.

[11rom]

run this it will solve the problem " pacman -S msys2-keyring '' before I suffered to fix the issue but I found this on internet.

[Adrian-Hawryluk]

then pacman-key --refresh might help

Finally, something that actually worked. I was having a hard time as it wouldn't allow me to install pax. The workaround:

A WORK AROUND

I have a work-around - that being to Disable Signature Checking (ref: ) that appears to make the environment function again.. However, I would recommend the following procedure FIRST (ref: https://www.msys2.org/news/ )

Stage 1: From https://www.msys2.org/news/

If you still see signature errors, resetting your pacman key store might help:

# rm -r /etc/pacman.d/gnupg/
# pacman-key --init
# pacman-key --populate msys2

Didn't work.

[AndrewTPiotrowski]

then pacman-key --refresh might help

THANK YOUUUUUU

[1000283]

Bear in mind the keys mentioned in MSYS's FAQ no longer exists and --verify will fail (the resulting fetched files are HTML 404 messages). At this moment, these work:

curl -O https://repo.msys2.org/msys/x86_64/msys2-keyring-1~20230316-1-any.pkg.tar.zst
curl -O https://repo.msys2.org/msys/x86_64/msys2-keyring-1~20230316-1-any.pkg.tar.zst.sig
pacman-key --verify msys2-keyring-1~20230316-1-any.pkg.tar.zst.sig
pacman -U msys2-keyring-1~20230316-1-any.pkg.tar.zst

Doublecheck at the repo.