You are not logged in.

Pages: 1

#1 2015-03-16 11:11:02

ntisithoj
Member
Registered: 2015-03-09
Posts: 11

passing --skippgpcheck to makechrootpkg (or getting the FF key to work

when trying to do  a makepkg on firefox i get 

==> Verifying source file signatures with gpg...
    firefox-36.0.1.source.tar.bz2 ... FAILED (unknown public key 057CC3EB15A0A4BC)
==> ERROR: One or more PGP signatures could not be verified!

no problem... i just do a 

$ gpg --recv-keys 057CC3EB15A0A4BC
gpg: key 3A06537A: "Mozilla Software Releases <releases@mozilla.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

hmm... it says it is already there... 

$ gpg --list-keys                 
/home/dev/.gnupg/pubring.kbx
------------------------------
pub   rsa4096/3A06537A 2013-07-16
uid       [ unknown] Mozilla Software Releases <releases@mozilla.org>
sub   rsa4096/15A0A4BC 2013-07-16 [expires: 2015-07-16]

and indeed, rerunning make results in the same error.


so, I just ignore that with 

makepkg --skippgpcheck

However, Firefox will only build succesfully in chroot... but when I add --skippgpcheck to the makechrootpkg, I still get the error

makechrootpkg  -c -r $CHROOT -- CFLAGS="-march=sandybridge -mtune=sandybridge -O3 -pipe" CXXFLAGS="-march=sandybridge -mtune=sandybridge -O3 -pipe"  --skippgpcheck

Am I doing this wrong?  or is there another way to ether

1) verify the package
2) get makechrootpkg ignore verification

Offline

#2 2015-03-16 18:23:35

mauritiusdadd
Member
From: Benevento, Italy
Registered: 2013-10-27
Posts: 776

Re: passing --skippgpcheck to makechrootpkg (or getting the FF key to work

Well, the problem here is that makechrootpkg invokes makepkg two times: the first time (when it fails to verify the PGP signature) for downloading and verifying the sources and the second time inside the chroot container to actually build the package. Since the sources are downloaded and verified in your user space, passing the option --skippgpcheck is not enough, you have instead to download key to your gpg keyring

gpg --recv-keys 057CC3EB15A0A4BC

and only after that you can run

sudo makechrootpkg  -c -r $CHROOT -- CFLAGS="-march=sandybridge -mtune=sandybridge -O3 -pipe" CXXFLAGS="-march=sandybridge -mtune=sandybridge -O3 -pipe"  --skippgpcheck


PS: you should also use sudo to run makechrootpkg (unless makechrootpkg is already an alias for sudo makechrootpkg) nevermind, makechrootpkg invokes sudo automatically for you.

---EDIT---
Oops, sorry I misread your post... it seems you already imported the pgp key. However It works fine for me.
Can you please post the output of the following command?

 gpg --verbose --verify firefox-36.0.1.source.tar.bz2.asc firefox-36.0.1.source.tar.bz2

Last edited by mauritiusdadd (2015-03-18 07:43:19)

About me - github

-- When you have eliminated the impossible, whatever remains, however improbable, must be the truth -- Spock | Sherlock Holmes

Offline

#3 2015-03-18 07:11:04

ntisithoj
Member
Registered: 2015-03-09
Posts: 11

Re: passing --skippgpcheck to makechrootpkg (or getting the FF key to work

here is the output

bz2.asc firefox-36.0.1.source.tar.bz2verbose --verify firefox-36.0.1.source.tar. 
gpg: armor header: Version: GnuPG v2.0.14 (GNU/Linux)
gpg: Signature made Thu Mar  5 07:32:24 2015 ART using RSA key ID 15A0A4BC
gpg: using subkey 15A0A4BC instead of primary key 3A06537A
gpg: using PGP trust model
gpg: Good signature from "Mozilla Software Releases <releases@mozilla.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 2B90 598A 745E 992F 315E  22C5 8AB1 3296 3A06 537A
     Subkey fingerprint: 5445 390E F5D0 C2EC FB8A  6201 057C C3EB 15A0 A4BC
gpg: binary signature, digest algorithm SHA1, key algorithm rsa4096
[jwdev@sServerArchVM firefox]$

Offline

#4 2015-03-18 08:02:43

mauritiusdadd
Member
From: Benevento, Italy
Registered: 2013-10-27
Posts: 776

Re: passing --skippgpcheck to makechrootpkg (or getting the FF key to work

Ok, i tought that the file firefox-36.0.1.source.tar.bz2.asc could be corrupted because in the PKGBUILD its checksum is skipped, but it seems fine... can you please post also the full output of makechrootpkg?

--- EDIT ---

Oh, I forgot to ask you if you are using an home for gnupg different than the deafult ~/.gnupg, can you post also the output of the following command?

env | grep GNUPG

I also noticed that your user name is jwdev but gpg store the files in /home/dev/.gnupg instead of /home/jwdev/.gnupg, have you modified your HOME path in some way? What is the output of the following commands?

whoami
echo "HOME=$HOME"
sudo -u $(whoami) env | grep HOME
sudo -u $(whoami) env | grep GNUPG

Last edited by mauritiusdadd (2015-03-18 09:19:45)

About me - github

-- When you have eliminated the impossible, whatever remains, however improbable, must be the truth -- Spock | Sherlock Holmes

Offline

#5 2015-03-18 12:40:08

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: passing --skippgpcheck to makechrootpkg (or getting the FF key to work

Could this be related http://allanmcrae.com/2015/01/two-pgp-k … rch-linux/ ?

Offline

Pages: 1

Board footer

Powered by FluxBB