How To Fix “invalid or corrupted package (PGP signature)” Error In Arch Linux

Today, I tried to upgrade my Arch Linux server using command 'sudo pacman -Syu', and I got the following error:

[...]
:: File /var/cache/pacman/pkg/libpsl-0.16.1-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] y
error: failed to commit transaction (invalid or corrupted package)
Errors occurred, no packages were upgraded.

Then, I ran 'sudo pacman -Syyu' command, but still no luck. I kept getting the same error no matter how many times I tried. After a bit of search on Google and Arch Linux forums, I found that there are new keys in the archlinux-keyring package.

Fix "invalid or corrupted package (PGP signature)" Error In Arch Linux

To fix this issue, we need to update the archlinux-keyring package.

To do so, run:

$ sudo pacman -S archlinux-keyring

Sample output would be:

resolving dependencies...
looking for conflicting packages...

Packages (1) archlinux-keyring-20170104-1

Total Installed Size: 0.81 MiB
Net Upgrade Size: 0.04 MiB

:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring [######################] 100%
(1/1) checking package integrity [######################] 100%
(1/1) loading package files [######################] 100%
(1/1) checking for file conflicts [######################] 100%
(1/1) checking available disk space [######################] 100%
:: Processing package changes...
(1/1) upgrading archlinux-keyring [######################] 100%
==> Appending keys from archlinux.gpg...
gpg: marginals needed: 3 completes needed: 1 trust model: PGP
gpg: depth: 0 valid: 1 signed: 6 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 6 signed: 69 trust: 0-, 0q, 0n, 6m, 0f, 0u
gpg: depth: 2 valid: 69 signed: 7 trust: 69-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2017-09-07
==> Locally signing trusted keys in keyring...
 -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
 -> Locally signing key 684148BB25B49E986A4944C55184252D824B18E8...
 -> Locally signing key 91FFE0700E80619CEB73235CA88E23E377514E00...
 -> Locally signing key 44D4A033AC140143927397D47EFD567D4C7EA887...
 -> Locally signing key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
 -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
==> Importing owner trust values...
==> Disabling revoked keys in keyring...
 -> Disabling key F5A361A3A13554B85E57DDDAAF7EF7873CFD4BB6...
 -> Disabling key 7FA647CD89891DEDC060287BB9113D1ED21E1A55...
 -> Disabling key D4DE5ABDE2A7287644EAC7E36D1A9E70E19DAA50...
 -> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
 -> Disabling key 9515D8A8EAB88E49BB65EDBCE6B456CAF15447D5...
 -> Disabling key 4A8B17E20B88ACA61860009B5CED81B7C2E5C0D2...
 -> Disabling key 63F395DE2D6398BBE458F281F2DBB4931985A992...
 -> Disabling key 0B20CA1931F5DA3A70D0F8D2EA6836E1AB441196...
 -> Disabling key 8F76BEEA0289F9E1D3E229C05F946DED983D4366...
 -> Disabling key 66BD74A036D522F51DD70A3C7F2A16726521E06D...
 -> Disabling key 81D7F8241DB38BC759C80FCE3A726C6170E80477...
 -> Disabling key E7210A59715F6940CF9A4E36A001876699AD6E84...
==> Updating trust database...
gpg: next trustdb check due at 2017-09-07

The above command will update the new keys and disable the revoked keys in your Arch Linux system.

Again, I tried to upgrade my Arch Linux using command:

$ sudo pacman -Syu

This time the upgrade process went well without any issues.