You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2012-01-21 04:21:55
- thehodapp
- Member
- Registered: 2010-11-08
- Posts: 30
Signing AUR packages fails
So I've managed to set up pacman with package signing after the latest upgrade (spending a lot more effort than I think should be necessary).
I'm now able to update all my packages from the main repositories like I used to. However, I still need to manually compile some of my programs from AUR package builds. I figured since I've already set up my private key with:
pacman-key --initI should be able to run makepkg with the --sign flag just fine, but I get an error after it creates the package and tries to sign:
==> Signing package...
==> WARNING: Failed to sign package file.
Obviously I'm doing something wrong, but for all my searching I can't figure out what to do. Thanks for help in advance.
Oh and the reason I'm doing this is because pacman won't let me install the package unless it's signed.
Offline
#2 2012-01-21 07:25:10
- Allan
- Pacman
- From: Brisbane, AU
- Registered: 2007-06-09
- Posts: 11,410
- Website
Re: Signing AUR packages fails
The key setup with pacman-key --init is just for managing your pacman keyring. To sign AUR packages you will need to setup a key with gnupg.
What is your default SigLevel that "pacman -U <file>" does not work?
Offline
#3 2012-01-21 08:23:46
- thehodapp
- Member
- Registered: 2010-11-08
- Posts: 30
Re: Signing AUR packages fails
I think I had the SigLevel at TrustedOnly but now I'm using "Optional TrustAll" which fixes my problem (in a more indirect way).
Is there some resource I could refer to so that I could sign my own packages? Or is it really not worth it?
Offline
#4 2012-01-21 10:12:37
- ngoonee
- Forum Fellow
- From: Between Thailand and Singapore
- Registered: 2009-03-17
- Posts: 7,356
Re: Signing AUR packages fails
I think I had the SigLevel at TrustedOnly but now I'm using "Optional TrustAll" which fixes my problem (in a more indirect way).
Is there some resource I could refer to so that I could sign my own packages? Or is it really not worth it?
Is someone likely to be able to access your built packages and modify/replace them in between your building them and your installing (or reinstalling) them?
Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.
Offline
#5 2012-01-21 17:48:02
- thehodapp
- Member
- Registered: 2010-11-08
- Posts: 30
Re: Signing AUR packages fails
Is someone likely to be able to access your built packages and modify/replace them in between your building them and your installing (or reinstalling) them?
Highly unlikely.
Offline
Pages: 1