While upgrading Parabola GNU/Linux (which is based on Arch GNU/Linux) using the usual pacman -Syu, I was getting the following error and the upgrade was deadlocked:
error: grub2-theme-gnuaxiom: signature from "bill-auger <email redacted>" is unknown trust:: File /var/cache/pacman/pkg/grub2-theme-gnuaxiom-1.5-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] y error: linux-libre: signature from "bill-auger <email redacted>" is unknown trust:: File /var/cache/pacman/pkg/linux-libre-5.1.3_gnu-1-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] y
I asked in the #parabla freenode channel and apparently "in the special case where -Syu is blocked on a keyring update, you can pacman -Sy *-keyring && pacman -Su"
So I guess the "correct" way to upgrade the system that works in all cases is to run
pacman -Sy *-keyring --needed && pacman -Su
Here's some explanations I received:
but what happens if your full upgrade *needs* the keys to be installed first? i.e. pacman -Syu tries to update two packages: parabola-keyring and linux-libre so, in order to check whether linux-libre is *valid*, you need the new keys but in order to get the new keys, you need to finish installing parabola-keyring and that requires two passes, which is what -Sy parabola-keyring && -Su does