You are not logged in.

#1 2012-11-01 03:19:57

macleod2486
Member
Registered: 2012-11-01
Posts: 5

PGP Signature Failed multiple times.

The pgp signature fails every time I try to install a package from AUR.

These are the steps I take.

1) I download the file, in this case the broadcom-wl from this site.
    https://aur.archlinux.org/packages/br/b … -wl.tar.gz
2) Then I extract the file with a   tar -xvf broadcom-wl.tar.gz command
3) Then I go in the resulting directory, in this case broadcom-wl
4) Then I use the makepkg -s to make the package.  The resulting files are as follows

PKGBUILD                                    linux-recent.patch
broadcom-wl-5.100.82.112-8-i686.pkg.tar.xz  modprobe.d
hybrid-portsrc_x86_32-v5_100_82_112.tar.gz  pkg
install                                     src
license.patch                               user-ioctl.patch

5) Then I attempt to install the package broadcom-wl-5.100.82.112-8-i686.pkg.tar.xz using pacman -U <file i just mentioned>
6) Then I get this error error: 'broadcom-wl-5.100.82.112-8-i686.pkg.tar.xz': invalid or corrupted package (PGP signature)

My pacman.conf file reads this

[core]
SigLevel = Optional
Include = /etc/pacman.d/mirrorlist

[extra]
SigLevel = Optional
Include = /etc/pacman.d/mirrorlist

#[community-testing]
#SigLevel = PackageRequired
#Include = /etc/pacman.d/mirrorlist

[community]
SigLevel = Optional
Include = /etc/pacman.d/mirrorlist

I also created my own key with gnpg and added it to the pacman-key keyring then tried using makepkg --sign -s command to see any different results, only to be disappointed.

Offline

#2 2012-11-01 05:02:34

Stebalien
Member
Registered: 2010-04-27
Posts: 1,227
Website

Re: PGP Signature Failed multiple times.

First you really should set SigLevel to PackageRequired on the individual repositories. Second, there should be more to your pacman.conf (post the entire thing in code tags).


Steven [ web : git ]
GPG:  327B 20CE 21EA 68CF A7748675 7C92 3221 5899 410C
Do not email: honeypot@stebalien.com

Offline

#3 2012-11-01 11:32:29

karol
Archivist
Registered: 2009-05-06
Posts: 25,431

Re: PGP Signature Failed multiple times.

Try https://wiki.archlinux.org/index.php/Pa … 9.22_error (next to last question)
Sorry, misread your post.

Maybe it's https://bugs.archlinux.org/task/32302 ?

Last edited by karol (2012-11-01 11:35:52)

Offline

#4 2012-11-01 22:39:04

macleod2486
Member
Registered: 2012-11-01
Posts: 5

Re: PGP Signature Failed multiple times.

Sorry for the long delay been at work and school. 

But here's the complete pacman.conf contents.

#
# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives

#
# GENERAL OPTIONS
#
[options]
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir     = /
#DBPath      = /var/lib/pacman/
#CacheDir    = /var/cache/pacman/pkg/
#LogFile     = /var/log/pacman.log
#GPGDir      = /etc/pacman.d/gnupg/
HoldPkg     = pacman glibc
# If upgrades are available for these packages they will be asked for first
SyncFirst   = pacman
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto

# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
#IgnorePkg   =
#IgnoreGroup =

#NoUpgrade   =
#NoExtract   =

# Misc options
#UseSyslog
#UseDelta
#TotalDownload
CheckSpace
#VerbosePkgLists

# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseOptional TrustedOnly

# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.

#
# REPOSITORIES
#   - can be defined here or included from another file
#   - pacman will search repositories in the order defined here
#   - local/custom mirrors can be added here or in separate files
#   - repositories listed first will take precedence when packages
#     have identical names, regardless of version number
#   - URLs will have $repo replaced by the name of the current repo
#   - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
#       [repo-name]
#       Server = ServerName
#       Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#

# The testing repositories are disabled by default. To enable, uncomment the
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.

#[testing]
#SigLevel = PackageRequired
#Include = /etc/pacman.d/mirrorlist

[core]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

[extra]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

#[community-testing]
#SigLevel = PackageRequired
#Include = /etc/pacman.d/mirrorlist

[community]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

# An example of a custom package repository.  See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

I only edited the SigLevel to see if that was the problem in the previous post but of course that is not the case.


As for karol, makepkg --sign does work and is able to provide a .sig file once it completes

Last edited by macleod2486 (2012-11-02 01:10:22)

Offline

#5 2012-11-01 22:56:33

karol
Archivist
Registered: 2009-05-06
Posts: 25,431

Re: PGP Signature Failed multiple times.

Please use [ code ] tags for posting snippets of code. https://bbs.archlinux.org/help.php#bbcode

like this

It makes the code more readable and - in case of longer listings - more convenient to scroll through.

Offline

#6 2012-11-01 23:19:07

Stebalien
Member
Registered: 2010-04-27
Posts: 1,227
Website

Re: PGP Signature Failed multiple times.

The global SigLevel option is causing your problem. Just comment it out; signatures will still be checked for packages installed via repositories as your repository sections specify `SigLevel = PackageRequired`.


Steven [ web : git ]
GPG:  327B 20CE 21EA 68CF A7748675 7C92 3221 5899 410C
Do not email: honeypot@stebalien.com

Offline

#7 2012-11-02 01:14:02

macleod2486
Member
Registered: 2012-11-01
Posts: 5

Re: PGP Signature Failed multiple times.

That appears to have worked!  Thank you kind sir for your time.

Offline

Board footer

Powered by FluxBB