You are not logged in.
when trying to do a makepkg on firefox i get
==> Verifying source file signatures with gpg...
firefox-36.0.1.source.tar.bz2 ... FAILED (unknown public key 057CC3EB15A0A4BC)
==> ERROR: One or more PGP signatures could not be verified!
no problem... i just do a
$ gpg --recv-keys 057CC3EB15A0A4BC
gpg: key 3A06537A: "Mozilla Software Releases <releases@mozilla.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
hmm... it says it is already there...
$ gpg --list-keys
/home/dev/.gnupg/pubring.kbx
------------------------------
pub rsa4096/3A06537A 2013-07-16
uid [ unknown] Mozilla Software Releases <releases@mozilla.org>
sub rsa4096/15A0A4BC 2013-07-16 [expires: 2015-07-16]
and indeed, rerunning make results in the same error.
so, I just ignore that with
makepkg --skippgpcheck
However, Firefox will only build succesfully in chroot... but when I add --skippgpcheck to the makechrootpkg, I still get the error
makechrootpkg -c -r $CHROOT -- CFLAGS="-march=sandybridge -mtune=sandybridge -O3 -pipe" CXXFLAGS="-march=sandybridge -mtune=sandybridge -O3 -pipe" --skippgpcheck
Am I doing this wrong? or is there another way to ether
1) verify the package
2) get makechrootpkg ignore verification
Offline
Well, the problem here is that makechrootpkg invokes makepkg two times: the first time (when it fails to verify the PGP signature) for downloading and verifying the sources and the second time inside the chroot container to actually build the package. Since the sources are downloaded and verified in your user space, passing the option --skippgpcheck is not enough, you have instead to download key to your gpg keyring
gpg --recv-keys 057CC3EB15A0A4BC
and only after that you can run
sudo makechrootpkg -c -r $CHROOT -- CFLAGS="-march=sandybridge -mtune=sandybridge -O3 -pipe" CXXFLAGS="-march=sandybridge -mtune=sandybridge -O3 -pipe" --skippgpcheck
PS: you should also use sudo to run makechrootpkg (unless makechrootpkg is already an alias for sudo makechrootpkg) nevermind, makechrootpkg invokes sudo automatically for you.
---EDIT---
Oops, sorry I misread your post... it seems you already imported the pgp key. However It works fine for me.
Can you please post the output of the following command?
gpg --verbose --verify firefox-36.0.1.source.tar.bz2.asc firefox-36.0.1.source.tar.bz2
Last edited by mauritiusdadd (2015-03-18 07:43:19)
Offline
here is the output
bz2.asc firefox-36.0.1.source.tar.bz2verbose --verify firefox-36.0.1.source.tar.
gpg: armor header: Version: GnuPG v2.0.14 (GNU/Linux)
gpg: Signature made Thu Mar 5 07:32:24 2015 ART using RSA key ID 15A0A4BC
gpg: using subkey 15A0A4BC instead of primary key 3A06537A
gpg: using PGP trust model
gpg: Good signature from "Mozilla Software Releases <releases@mozilla.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2B90 598A 745E 992F 315E 22C5 8AB1 3296 3A06 537A
Subkey fingerprint: 5445 390E F5D0 C2EC FB8A 6201 057C C3EB 15A0 A4BC
gpg: binary signature, digest algorithm SHA1, key algorithm rsa4096
[jwdev@sServerArchVM firefox]$
Offline
Ok, i tought that the file firefox-36.0.1.source.tar.bz2.asc could be corrupted because in the PKGBUILD its checksum is skipped, but it seems fine... can you please post also the full output of makechrootpkg?
--- EDIT ---
Oh, I forgot to ask you if you are using an home for gnupg different than the deafult ~/.gnupg, can you post also the output of the following command?
env | grep GNUPG
I also noticed that your user name is jwdev but gpg store the files in /home/dev/.gnupg instead of /home/jwdev/.gnupg, have you modified your HOME path in some way? What is the output of the following commands?
whoami
echo "HOME=$HOME"
sudo -u $(whoami) env | grep HOME
sudo -u $(whoami) env | grep GNUPG
Last edited by mauritiusdadd (2015-03-18 09:19:45)
Offline
Could this be related http://allanmcrae.com/2015/01/two-pgp-k … rch-linux/ ?
Offline