You are not logged in.
Sorry. Bringing it up again...BUT
I have (successfully) imported multiple keys directly from https://www.torproject.org/docs/signing-keys.html.en
# gpg --keyserver pool.sks-keyservers.net --recv-keys D1483FA6C3C07136
gpg: key 4E2C6E8793298290: 41 duplicate signatures removed
gpg: key 4E2C6E8793298290: 160 signatures not checked due to missing keys
gpg: key 4E2C6E8793298290: 1 signature reordered
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) <torbrowser@torproject.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
gpg --keyserver keys.gnupg.net --recv-keys 4E2C6E8793298290
gpg: key 4E2C6E8793298290: 41 duplicate signatures removed
gpg: key 4E2C6E8793298290: 160 signatures not checked due to missing keys
gpg: key 4E2C6E8793298290: 1 signature reordered
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) <torbrowser@torproject.org>" 1 new signature
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: new signatures: 1
curl "https://pgp.mit.edu/pks/lookup?op=get&search=0x4E2C6E8793298290" -o - | gpg --import
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 146k 100 146k 0 0 143k 0 0:00:01 0:00:01 --:--:-- 143k
gpg: key 4E2C6E8793298290: 41 duplicate signatures removed
gpg: key 4E2C6E8793298290: 160 signatures not checked due to missing keys
gpg: key 4E2C6E8793298290: 1 signature reordered
gpg: key 4E2C6E8793298290: "Tor Browser Developers (signing key) <torbrowser@torproject.org>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
but for some reason, and after trying multiple different packages (tor-browser, tor-browser-en, tor-browser-dev-en), I get the same error message from each:
-> Found tor-browser-en.desktop
-> Found tor-browser-en.png
-> Found tor-browser-en.sh
==> Validating source files with md5sums...
tor-browser-linux64-7.5_en-US.tar.xz ... Passed
tor-browser-linux64-7.5_en-US.tar.xz.asc ... Skipped
tor-browser-en.desktop ... Passed
tor-browser-en.png ... Passed
tor-browser-en.sh ... Passed
==> Validating source files with sha256sums...
tor-browser-linux64-7.5_en-US.tar.xz ... Passed
tor-browser-linux64-7.5_en-US.tar.xz.asc ... Skipped
tor-browser-en.desktop ... Passed
tor-browser-en.png ... Passed
tor-browser-en.sh ... Passed
==> Validating source files with sha512sums...
tor-browser-linux64-7.5_en-US.tar.xz ... Passed
tor-browser-linux64-7.5_en-US.tar.xz.asc ... Skipped
tor-browser-en.desktop ... Passed
tor-browser-en.png ... Passed
tor-browser-en.sh ... Passed
==> Verifying source file signatures with gpg...
tor-browser-linux64-7.5_en-US.tar.xz ... FAILED
==> ERROR: One or more PGP signatures could not be verified!
==> ERROR: Makepkg was unable to build tor-browser-en.
==> Validating source files with sha1sums...
tor-browser-dev-en.desktop ... Passed
tor-browser-dev-en.png ... Passed
tor-browser-dev-en.sh ... Passed
==> Validating source_x86_64 files with sha256sums...
tor-browser-linux64-8.0a2_en-US.tar.xz ... Passed
tor-browser-linux64-8.0a2_en-US.tar.xz.asc ... Skipped
==> Verifying source file signatures with gpg...
tor-browser-linux64-8.0a2_en-US.tar.xz ... FAILED
==> ERROR: One or more PGP signatures could not be verified!
==> ERROR: Makepkg was unable to build tor-browser-dev-en.
What am I doing wrong?
Please and thank you.
Offline
The # in the first invocation makes me think you imported them as root, don't import them as root, your user is what builds and verifies the packages.
Offline