You are not logged in.

#1 2012-01-30 07:19:22

trc
Member
From: Beaver Dam, WI
Registered: 2010-01-14
Posts: 85
Website

Pacman package signing and the AUR

Wasn't sure if I should put this in the AUR section or here, so I figured I'd try here first.

Basically I was wondering if there was something I could set in pacman.conf to have it ignore trying to verify packages I fetch from the AUR using a pacman wrapper like yaourt, while still checking for signatures from the official repos? Thanks for your assistance and if this is in the wrong forum I apologize in advance.


~trc

Offline

#2 2012-01-30 08:50:17

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,365
Website

Re: Pacman package signing and the AUR

I have "SigLevel = Optional TrustedOnly" as my global level and then augment it with "SigLevel = PackageRequired" on the repos that are fully signed.   This way a "pacman -U <pkg>" works without a signature there.

We will probably have an additional configuration option in the future to allow overriding the SigLevel for -U operations.

Offline

#3 2012-12-26 13:15:44

merijn
Member
Registered: 2009-02-06
Posts: 9

Re: Pacman package signing and the AUR

I'm trying to install a package from aur but I get the message: invalid or corrupted package (PGP signature) when issuing pacman -U
So I tried the solution mentioned above by setting "SigLevel = Optional TrustedOnly" but I still get the same message.
I even tried disabling signature checking with "Siglevel = Never" but still get the same message.

Any idea what I am doing wrong?

Offline

#4 2012-12-26 21:00:27

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,130

Re: Pacman package signing and the AUR

How did you make the package? Did the package compile OK?

@Allan,
Isn't "SigLevel = Optional TrustedOnly" the default in any case? I have this line commented in pacman.conf and I can still install AUR packages with pacman -U OK. (But checking is enabled for all the repos in pacman.conf.)


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#5 2012-12-27 04:04:39

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: Pacman package signing and the AUR

merijn wrote:

I'm trying to install a package from aur but I get the message: invalid or corrupted package (PGP signature) when issuing pacman -U
So I tried the solution mentioned above by setting "SigLevel = Optional TrustedOnly" but I still get the same message.
I even tried disabling signature checking with "Siglevel = Never" but still get the same message.

Any idea what I am doing wrong?

Have you changed makepkg.conf, specifically BUILDENV array? There is an option "sign". If it is enabled, packages from AUR (which are locally built) will be signed with your own private key. Before that your public key must be signed by your local pacman key to receive a sufficient trust level. So you have to tell us your makepkg config...


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#6 2012-12-28 12:36:21

merijn
Member
Registered: 2009-02-06
Posts: 9

Re: Pacman package signing and the AUR

My package compiled without errors. And just to check I tried to install another package from aur but had the same error.

Thanx for the pointer "Leonid.I"
Currently package signing is disabled in my makepkg.conf
I created my own gpg key pair (gpg --gen-key).
To add my public key to the pacman keyring I should do the following? I'm not sure if that is the correct key I'm adding

sudo pacman-key -a ~/.gnupg/pubring.gpg

and signing the package should be done as followed?

makepkg -s --sign --key ~/.gnupg/secring.gpg

But when I get this to work I would still like to know why I can't install unsigned packages without signing them myself.
This didn't present a problem in the past, so I'm wondering what changed.

Offline

#7 2012-12-28 13:02:09

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,365
Website

Re: Pacman package signing and the AUR

merijn wrote:

Currently package signing is disabled in my makepkg.conf

makepkg.conf does not matter.   It should work with the default Arch pacman.conf - post yours if you can not see what is wrong.

Offline

#8 2012-12-28 13:44:39

merijn
Member
Registered: 2009-02-06
Posts: 9

Re: Pacman package signing and the AUR

And then I saw it.
I only had my "SigLevel = PackageRequired" option of the testing repo uncommented.

Like this:

#[testing]
SigLevel = PackageRequired
#Include = /etc/pacman.d/mirrorlist

So I think this option was overriding my default Siglevel.

Thanx for the help.
Now I can install my packages from aur.

Offline

Board footer

Powered by FluxBB