You are not logged in.

#1 2012-01-30 07:19:22

trc
Member
From: Beaver Dam, WI
Registered: 2010-01-14
Posts: 85
Website

Pacman package signing and the AUR

Wasn't sure if I should put this in the AUR section or here, so I figured I'd try here first.

Basically I was wondering if there was something I could set in pacman.conf to have it ignore trying to verify packages I fetch from the AUR using a pacman wrapper like yaourt, while still checking for signatures from the official repos? Thanks for your assistance and if this is in the wrong forum I apologize in advance.


~trc

Offline

#2 2012-01-30 08:50:17

Allan
Developer
From: Brisbane, AU
Registered: 2007-06-09
Posts: 10,396
Website

Re: Pacman package signing and the AUR

I have "SigLevel = Optional TrustedOnly" as my global level and then augment it with "SigLevel = PackageRequired" on the repos that are fully signed.   This way a "pacman -U <pkg>" works without a signature there.

We will probably have an additional configuration option in the future to allow overriding the SigLevel for -U operations.

Offline

#3 2012-12-26 13:15:44

merijn
Member
Registered: 2009-02-06
Posts: 9

Re: Pacman package signing and the AUR

I'm trying to install a package from aur but I get the message: invalid or corrupted package (PGP signature) when issuing pacman -U
So I tried the solution mentioned above by setting "SigLevel = Optional TrustedOnly" but I still get the same message.
I even tried disabling signature checking with "Siglevel = Never" but still get the same message.

Any idea what I am doing wrong?

Offline

#4 2012-12-26 21:00:27

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 5,661

Re: Pacman package signing and the AUR

How did you make the package? Did the package compile OK?

@Allan,
Isn't "SigLevel = Optional TrustedOnly" the default in any case? I have this line commented in pacman.conf and I can still install AUR packages with pacman -U OK. (But checking is enabled for all the repos in pacman.conf.)


How To Ask Questions The Smart Way | Help Vampires

Arch Linux | x86_64 | GPT | EFI boot | grub2 | systemd | LVM2 on LUKS
Lenovo x121e | Intel(R) Core(TM) i3-2367M CPU @ 1.40GHz GenuineIntel | Intel Centrino Wireless-N 1000 | US keyboard with Euro | 320G 7200 RPM Seagate HDD

Offline

#5 2012-12-27 04:04:39

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 948

Re: Pacman package signing and the AUR

merijn wrote:

I'm trying to install a package from aur but I get the message: invalid or corrupted package (PGP signature) when issuing pacman -U
So I tried the solution mentioned above by setting "SigLevel = Optional TrustedOnly" but I still get the same message.
I even tried disabling signature checking with "Siglevel = Never" but still get the same message.

Any idea what I am doing wrong?

Have you changed makepkg.conf, specifically BUILDENV array? There is an option "sign". If it is enabled, packages from AUR (which are locally built) will be signed with your own private key. Before that your public key must be signed by your local pacman key to receive a sufficient trust level. So you have to tell us your makepkg config...


Arch Linux is more than just GNU/Linux -- it's an adventure

Offline

#6 2012-12-28 12:36:21

merijn
Member
Registered: 2009-02-06
Posts: 9

Re: Pacman package signing and the AUR

My package compiled without errors. And just to check I tried to install another package from aur but had the same error.

Thanx for the pointer "Leonid.I"
Currently package signing is disabled in my makepkg.conf
I created my own gpg key pair (gpg --gen-key).
To add my public key to the pacman keyring I should do the following? I'm not sure if that is the correct key I'm adding

sudo pacman-key -a ~/.gnupg/pubring.gpg

and signing the package should be done as followed?

makepkg -s --sign --key ~/.gnupg/secring.gpg

But when I get this to work I would still like to know why I can't install unsigned packages without signing them myself.
This didn't present a problem in the past, so I'm wondering what changed.

Offline

#7 2012-12-28 13:02:09

Allan
Developer
From: Brisbane, AU
Registered: 2007-06-09
Posts: 10,396
Website

Re: Pacman package signing and the AUR

merijn wrote:

Currently package signing is disabled in my makepkg.conf

makepkg.conf does not matter.   It should work with the default Arch pacman.conf - post yours if you can not see what is wrong.

Offline

#8 2012-12-28 13:44:39

merijn
Member
Registered: 2009-02-06
Posts: 9

Re: Pacman package signing and the AUR

And then I saw it.
I only had my "SigLevel = PackageRequired" option of the testing repo uncommented.

Like this:

#[testing]
SigLevel = PackageRequired
#Include = /etc/pacman.d/mirrorlist

So I think this option was overriding my default Siglevel.

Thanx for the help.
Now I can install my packages from aur.

Offline

Board footer

Powered by FluxBB