You are not logged in.
When typing mkarchiso -h I get this option
-g <gpg_key> Set the PGP key ID to be used for signing the rootfs image.
Passed to gpg as the value for --default-keyI wanted to try and sign a image but, whenever I try to use the long id for my Gnupg key I get this error .
gpg: WARNING: nothing exportedI tried to look online,at the Archwiki,at official documentation(Gitlab repo and man pages) and in these forums and came up with nothing on this topic.
Here's a list of things I tried:
Using the uid for my Gpg key.
Adding a copy of .gnupg directory to the airrootfs's non-root user's home directory.
Including Gnupg as a package in packages.x86_64.
Using my public key instead of my private key.
Offline
I have the same issue as paradiseofmagic when I wanted to try and sign an image but I get the same error as well.
gpg: WARNING: nothing exportedI've looked at the mkarchiso's -g parameter code to find out more where the problem is. I ripped of the final gpg command to the standalone command line to test it and the command works.
gpg --batch --no-armor --no-include-key-block --output file.sig --detach-sign --default-key KEY_ID fileLooking further at the code, I think that airootfs_image_filename gets the correct filename. I've concluded that I don't know where the problem is.
I am adding my tries to the paradiseofmagic's list of things tried. I made sure the gpg knows the --default-key to sign with; that I have a valid gpg key I can sign with.
Offline
I did some investigation of the source code myself and it doesn't seem to be this that breaks it.
_mk_pgp_signature() {
local gpg_options=()
local airootfs_image_filename="${1}"
_msg_info "Signing rootfs image using GPG..."
rm -f -- "${airootfs_image_filename}.sig"
# Add gpg sender option if the value is provided
[[ -z "${gpg_sender}" ]] || gpg_options+=('--sender' "${gpg_sender}")
# always use the .sig file extension, as that is what mkinitcpio-archiso's hooks expect
gpg --batch --no-armor --no-include-key-block --output "${airootfs_image_filename}.sig" --detach-sign \
--default-key "${gpg_key}" "${gpg_options[@]}" "${airootfs_image_filename}"
_msg_info "Done!"
}But this instead.
_export_gpg_publickey() {
gpg_publickey="${work_dir}/pubkey.gpg"
rm -f -- "$gpg_publickey"
gpg --batch --no-armor --output "$gpg_publickey" --export "${gpg_key}"
[[ -s "$gpg_publickey" ]] || return
}I'll post an issue to Archiso's Gitlab about this as I can't quite wrap my head around this error. It might be because mkarchiso is ran as Root and maybe Root can't access the user's GPG key to export as when entering the command in my shell it works perfectly fine.
Note:
I'm writing this after I went to Gitlab, it appears my assumption earlier was right. This occurs because the script is ran as Root. https://gitlab.archlinux.org/archlinux/ … /issues/40
Last edited by paradiseofmagic (2026-02-02 16:26:07)
Offline