How pacman trusts packages
Arch Linux uses pacman-key, a wrapper around GnuPG, to manage trusted keys for officially signed packages. When a key in the keyring expires, signature verification fails during pacman -Syu.
Three escalating fixes
Start with the lightest option and only escalate if it doesn't resolve the issue:
- Refresh all keys — slow but thorough
- Receive and locally sign the specific key — faster, targeted
- Reinitialize the keyring — last resort, rebuilds trust from scratch
See the Command Builder for exact commands for each method.