I recently came across this issue on my <a href="http://archmerge.com/" rel="nofollow noopener noreferrer" target="_blank">Archmerge</a> installation and figured I would share the fix here since it took me quite some time to figure out the solution. This is not Archmerge specific but rather Arch Linux specific. I started encountering it on Manjaro and Arch based installs right after I tried to install specific packages.
This is what I was getting when trying to install a package that required fzf (in this case, I was running the command:
<code>packer -S pacli </code>
Since this package relied on the fzf package, I got the following error:
<code>error: fzf: signature from "Ambrevar &lt;ambrevar@gmail.com&gt;" is unknown trust :: File /var/cache/pacman/pkg/fzf-0.17.0.2-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).</code>
The solution took me a while to figure out, as mentioned, but I did figure it out eventually. To resolve, launch a terminal and paste in the following:
<code>sudo pacman-key --refresh-keys</code>
This will take a while to refresh all of the keys on your system but once it's complete, you should be good to go.

How to fix invalid or corrupted package (PGP signature) issues on Arch Linux

arch-linux-logo_kpqxwi

mike-johnston company logo

mike-johnston

mike-johnston Profile

I recently came across this issue on my Archmerge installation and figured I would share the fix here since it took me quite some time to figure out the solution. This is not Archmerge specific but rather Arch Linux specific. I started encountering it on Manjaro and Arch based installs right after I tried to install specific packages. 
 This is wha...