PGP Signature Failed multiple times.

macleod2486 · 2012-11-01 03:19:57

The pgp signature fails every time I try to install a package from AUR.

These are the steps I take.

1) I download the file, in this case the broadcom-wl from this site.
https://aur.archlinux.org/packages/br/b … -wl.tar.gz
2) Then I extract the file with a tar -xvf broadcom-wl.tar.gz command
3) Then I go in the resulting directory, in this case broadcom-wl
4) Then I use the makepkg -s to make the package. The resulting files are as follows

PKGBUILD linux-recent.patch
broadcom-wl-5.100.82.112-8-i686.pkg.tar.xz modprobe.d
hybrid-portsrc_x86_32-v5_100_82_112.tar.gz pkg
install src
license.patch user-ioctl.patch

5) Then I attempt to install the package broadcom-wl-5.100.82.112-8-i686.pkg.tar.xz using pacman -U <file i just mentioned>
6) Then I get this error error: 'broadcom-wl-5.100.82.112-8-i686.pkg.tar.xz': invalid or corrupted package (PGP signature)

My pacman.conf file reads this

[core]
SigLevel = Optional
Include = /etc/pacman.d/mirrorlist

[extra]
SigLevel = Optional
Include = /etc/pacman.d/mirrorlist

#[community-testing]
#SigLevel = PackageRequired
#Include = /etc/pacman.d/mirrorlist

[community]
SigLevel = Optional
Include = /etc/pacman.d/mirrorlist

I also created my own key with gnpg and added it to the pacman-key keyring then tried using makepkg --sign -s command to see any different results, only to be disappointed.

Stebalien · 2012-11-01 05:02:34

First you really should set SigLevel to PackageRequired on the individual repositories. Second, there should be more to your pacman.conf (post the entire thing in code tags).

karol · 2012-11-01 11:32:29

Try https://wiki.archlinux.org/index.php/Pa … 9.22_error (next to last question)
Sorry, misread your post.

Maybe it's https://bugs.archlinux.org/task/32302 ?

Last edited by karol (2012-11-01 11:35:52)

macleod2486 · 2012-11-01 22:39:04

Sorry for the long delay been at work and school.

But here's the complete pacman.conf contents.

#
# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives

#
# GENERAL OPTIONS
#
[options]
# The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir     = /
#DBPath      = /var/lib/pacman/
#CacheDir    = /var/cache/pacman/pkg/
#LogFile     = /var/log/pacman.log
#GPGDir      = /etc/pacman.d/gnupg/
HoldPkg     = pacman glibc
# If upgrades are available for these packages they will be asked for first
SyncFirst   = pacman
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto

# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
#IgnorePkg   =
#IgnoreGroup =

#NoUpgrade   =
#NoExtract   =

# Misc options
#UseSyslog
#UseDelta
#TotalDownload
CheckSpace
#VerbosePkgLists

# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseOptional TrustedOnly

# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.

#
# REPOSITORIES
#   - can be defined here or included from another file
#   - pacman will search repositories in the order defined here
#   - local/custom mirrors can be added here or in separate files
#   - repositories listed first will take precedence when packages
#     have identical names, regardless of version number
#   - URLs will have $repo replaced by the name of the current repo
#   - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
#       [repo-name]
#       Server = ServerName
#       Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#

# The testing repositories are disabled by default. To enable, uncomment the
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.

#[testing]
#SigLevel = PackageRequired
#Include = /etc/pacman.d/mirrorlist

[core]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

[extra]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

#[community-testing]
#SigLevel = PackageRequired
#Include = /etc/pacman.d/mirrorlist

[community]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

# An example of a custom package repository.  See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

I only edited the SigLevel to see if that was the problem in the previous post but of course that is not the case.

As for karol, makepkg --sign does work and is able to provide a .sig file once it completes

Last edited by macleod2486 (2012-11-02 01:10:22)

karol · 2012-11-01 22:56:33

Please use [ code ] tags for posting snippets of code. https://bbs.archlinux.org/help.php#bbcode

like this

It makes the code more readable and - in case of longer listings - more convenient to scroll through.

Stebalien · 2012-11-01 23:19:07

The global SigLevel option is causing your problem. Just comment it out; signatures will still be checked for packages installed via repositories as your repository sections specify `SigLevel = PackageRequired`.

macleod2486 · 2012-11-02 01:14:02

That appears to have worked! Thank you kind sir for your time.

Arch Linux

#1 2012-11-01 03:19:57

PGP Signature Failed multiple times.

#2 2012-11-01 05:02:34

Re: PGP Signature Failed multiple times.

#3 2012-11-01 11:32:29

Re: PGP Signature Failed multiple times.

#4 2012-11-01 22:39:04

Re: PGP Signature Failed multiple times.

#5 2012-11-01 22:56:33

Re: PGP Signature Failed multiple times.

#6 2012-11-01 23:19:07

Re: PGP Signature Failed multiple times.

#7 2012-11-02 01:14:02

Re: PGP Signature Failed multiple times.

Board footer