You are not logged in.

#1 2024-05-25 07:20:58

archqt
Member
Registered: 2015-04-29
Posts: 185

gpgme-1.23.2.tar.bz2 error bad public key [SOLVED]

Hi,
i have this. It tries to update gpgme-qt5

pikaur -Su
gpgme-1.23.2.tar.bz2 ... FAILED (Public Key Unknown E98E9B2D19C6C8BD)

I translated the error from french to english

I have already refresh keys

sudo pacman-key --init && sudo pacman-key --populate

Sincerely

Last edited by archqt (2024-05-25 19:55:42)

Offline

#2 2024-05-25 10:49:29

gromit
Package Maintainer (PM)
From: Germany
Registered: 2024-02-10
Posts: 88
Website

Re: gpgme-1.23.2.tar.bz2 error bad public key [SOLVED]

Hey you need to import the relevant gpg key so signature verification can be done:

gpg --recv-key E98E9B2D19C6C8BD

https://wiki.archlinux.org/title/Arch_U … _if_needed

Offline

#3 2024-05-25 11:14:45

archqt
Member
Registered: 2015-04-29
Posts: 185

Re: gpgme-1.23.2.tar.bz2 error bad public key [SOLVED]

gromit wrote:

Hey you need to import the relevant gpg key so signature verification can be done:

gpg --recv-key E98E9B2D19C6C8BD

https://wiki.archlinux.org/title/Arch_U … _if_needed

Yes i can do that, but how do i know it is not a bad package. The role of signing is to be sure it is a managed package.
And the role of AUR server is to be sure that i download something controlled.

Offline

#4 2024-05-25 11:23:38

gromit
Package Maintainer (PM)
From: Germany
Registered: 2024-02-10
Posts: 88
Website

Re: gpgme-1.23.2.tar.bz2 error bad public key [SOLVED]

I think we have some misconceptions to clear up here:
You are not downloading a package from the AUR, its a build recipe ("PKGBUILD"), the entire content of the AUR is unsupported user produced content (read: untrusted) as the big banner on top says:

DISCLAIMER: AUR packages are user produced content. Any use of the provided files is at your own risk.

The GPG key is required in order to verify the signature that the upstream project has put on the sourcecode not on the finished built package like it is the case for the repo packages.

See this part of the PKGBUILD: https://aur.archlinux.org/cgit/aur.git/ … me-qt5#n21

Offline

#5 2024-05-25 19:54:44

archqt
Member
Registered: 2015-04-29
Posts: 185

Re: gpgme-1.23.2.tar.bz2 error bad public key [SOLVED]

Thanks

Offline

Board footer

Powered by FluxBB