can not downgrade - invalid or corrupted package (PGP signature)

[SvenMeyer]

As I have problems with the 113 version on Manjaro, see #227 , I wanted to downgrade using the previous version from the cache, however this gives me an error. Actually it works with none of the packages which I installed previously without problems.

However, I just remember when I install an update (using the GUI updater) it always downloads ungoogled-chromium twice ... strange.

Is there something wrong with the PGP signature ?

$ echo $DOWNGRADE_FROM_ALA
1

$ sudo downgrade ungoogled-chromium
[sudo] password for sum: 

Downgrading from A.L.A. is disabled on the stable branch. To override this behavior, set DOWNGRADE_FROM_ALA to 1.
See https://wiki.manjaro.org/index.php/Downgrading_packages  for more details.

loading packages...
error: '/var/cache/pacman/pkg/ungoogled-chromium-112.0.5615.165-1-x86_64.pkg.tar.zst': invalid or corrupted package (PGP signature)

[SvenMeyer]

I just did a refresh of the software database using the Manjaro GUI and it came back with an error message when reaching ungoogled_chromium.

However, when I used the CLI it looks like to work. Shouldn't both outcomes be the same ?

$ sudo pacman -Syy
[sudo] password for sum: 
:: Synchronizing package databases...
 core                        141.1 KiB   165 KiB/s 00:01 [##############################] 100%
 extra                      1640.4 KiB  2015 KiB/s 00:01 [##############################] 100%
 community                     6.8 MiB  5.31 MiB/s 00:01 [##############################] 100%
 multilib                    145.2 KiB   648 KiB/s 00:00 [##############################] 100%
 home_ungoogled_chromiu...  1400.0   B  1395   B/s 00:01 [##############################] 100%

[SvenMeyer]

If there anything wrong with specifying the repo in /etc/pacman.conf ?

[home_ungoogled_chromium_Arch]
SigLevel = Required TrustAll
Server = https://download.opensuse.org/repositories/home:/ungoogled_chromium/Arch/$arch

[jstkdng]

I think the OBS changes keys every time all packages in a repository finish building.

[SvenMeyer]

@jstkdng Does that make sense? Is that a "normal" process ?
Maybe just better use your repo ? ;-)

[jstkdng]

Does that make sense? Is that a "normal" process ?

perhaps it does to the OBS folks, not to me. I had to disable Signature Checking whenever I needed to downgrade.

Maybe just better use your repo ? ;-)

My repo also uses the OBS m8. I'd recommend you to move from manjaro to regular arch or an arch distro that doesn't hold package upgrades.

[SvenMeyer]

@jstkdng

I'd recommend you to move from manjaro to regular arch or an arch distro that doesn't hold package upgrades.

What would be your recommendation if I want a stable system just as a "user" ?