Skipping the signature check means that the signature check was skipped - so there's no guarantee around the sources.
Can you find Allans key?
gpg --keyserver https://keyserver.ubuntu.com/ --search-keys AB19265E5D7D20687D303246BA1DFB64FFF979E7
pkill dirmngr gpg --keyserver https://keyserver.ubuntu.com/ --search-keys 0AB9E991C6AF658B
So that didn't solve the issue either.
I did a complete reinstall of my arch system, and tried again. I am getting all of the same errors.
What I tried next was to do
$ makepkg --skipinteg
This avoided the PGP check and allowed the package to build. What are the consequences of this?
And then when I try to actually install the package
[posop@arch zfs-utils]$ sudo pacman -U zfs-2.1.0.tar.gz
loading packages...
error: missing package metadata in zfs-2.1.0.tar.gz
error: 'zfs-2.1.0.tar.gz': invalid or corrupted package
pkill dirmngr
gpg --keyserver https://keyserver.ubuntu.com/ --search-keys 0AB9E991C6AF658B
]]>[posop@arch zfs-utils]$ gpg --version
gpg (GnuPG) 2.2.28
libgcrypt 1.9.3-unknown
...
[posop@arch zfs-utils]$ gpg --list-keys
/etc/pacman.d/gnupg/pubring.gpg
-------------------------------
pub rsa4096 2021-07-04 [SC]
92291B373B4B7F53F847D32E8B2F79B6FCD27FDC
uid [ unknown] Pacman Keyring Master Key <pacman@localhost>
pub rsa4096 2011-11-29 [SC]
AB19265E5D7D20687D303246BA1DFB64FFF979E7
uid [ unknown] Allan McRae (Arch Linux Master Key) <allan@master-key.archlinux.org>
...
So it seems to be working? This is a fresh Arch install as of 7/4/2021
]]>┌─[Centurion ~] └─╼ gpg --keyserver https://keyserver.ubuntu.com/ --search-keys 0AB9E991C6AF658B gpg: data source: https://162.213.33.8:443 (1) Brian Behlendorf <behlendorf1@llnl.gov> Brian Behlendorf (LLNL) <behlendorf1@llnl.gov> 1024 bit DSA key 0AB9E991C6AF658B, created: 2007-09-20 Keys 1-1 of 1 for "0AB9E991C6AF658B". Enter number(s), N)ext, or Q)uit >
Hm, I am getting different results:
[posop@arch zfs-utils]$ gpg --keyserver https://keyserver.ubuntu.com/ --search-keys 0AB9E991C6AF658B
gpg: error searching keyserver: Server indicated a failure
gpg: keyserver search failed: Server indicated a failure
Any idea why that could be?
I installed bind and ran:
[posop@arch zfs-utils]$ host keyserver.ubuntu.com
keyserver.ubuntu.com has address 162.213.33.8
keyserver.ubuntu.com has address 162.213.33.9
So it seems that keyserver.ubuntu.com is resolving for me.
Again thanks so much for your help!
]]>host keyserver.ubuntu.com
is a way to resolve the domain to an IP and will tell us whether you can resolve keyserver.ubuntu.com - it's not related to gpg at all.
]]>┌─[Centurion ~]
└─╼ gpg --keyserver https://keyserver.ubuntu.com/ --search-keys 0AB9E991C6AF658B
gpg: data source: https://162.213.33.8:443
(1) Brian Behlendorf <behlendorf1@llnl.gov>
Brian Behlendorf (LLNL) <behlendorf1@llnl.gov>
1024 bit DSA key 0AB9E991C6AF658B, created: 2007-09-20
Keys 1-1 of 1 for "0AB9E991C6AF658B". Enter number(s), N)ext, or Q)uit >
]]>host keyserver.ubuntu.com
Not sure what to do with this line of code, searched gpg man pages and no mention of "host"
I did updated my 2nd post to correct syntax based your response:
$ echo "keyserver keyserver.ubuntu.com" > ~/.gnupg/gpg.conf
$ gpg --verbose --keyserver keyserver.ubuntu.com --recv 0AB9E991C6AF658B
gpg: keyserver receive failed: Server indicated a failure
Still getting a failure from the server, is there an error, or an update command I am missing?
]]>$ gpg --keyserver https://keyserver.ubuntu.com/ --search-keys 0AB9E991C6AF658B
gpg: error searching keyserver: Server indicated a failure
gpg: keyserver search failed: Server indicated a failure
This is a temporary failure. Make sure you can resolve the keyserver, that you can access it in a browser, and that you also try with the hkps rather than https protocol, e.g.
gpg --keyserver hkps://keyserver.ubuntu.com --search-keys 0AB9E991C6AF658B
Until you can obtain and import the key it is pointless trying any further steps.
]]>host keyserver.ubuntu.com
The syntax is eg.
keyserver keyserver.ubuntu.com
and ~/.gnupg/gpg.conf trumps ~/.gnupg/dirmngr.con
]]>Use another keyserver: https://wiki.archlinux.org/title/GnuPG#Key_servers
Thank you, my attempt to implement the above link is as follows:
$ echo "keyserver keyserver.ubuntu.com" > ~/.gnupg/gpg.conf
$ gpg --verbose --keyserver https://keyserver.ubuntu.com/ --recv 0AB9E991C6AF658B
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
$ gpg --keyserver https://keyserver.ubuntu.com/ --search-keys 0AB9E991C6AF658B
gpg: error searching keyserver: Server indicated a failure
gpg: keyserver search failed: Server indicated a failure
$ makepkg
zfs-2.1.0.tar.gz ... FAILED (unknown public key 0AB9E991C6AF658B)
==> ERROR: One or more PGP signatures could not be verified!
GnuPG 2.2.29 was released today and switches to the Ubuntu keyserver, so as soon as that is packaged, your attempt to add the key would work by default. But until then you'll need to manually specify the Ubuntu keyserver.
Are the above steps the proper way to manually specify the Ubuntu keyserver?
Thank you very much for your support in this matter!
]]>