You are not logged in.

#1 2013-08-14 18:54:29

krusty.ar
Member
Registered: 2013-08-14
Posts: 4

[SOLVED]"invalid or corrupted package (PGP signature)" on AUR packages

I'm getting this message when trying to install any package using yaourt or created manually with makepkg. I tried resetting my keyring just in case, but the results are the same, regular pacman packages install without problem.

Am I missing something obvious?
Thanks!

dropbox 2.2.12-1  (Thu Jan 22 12:21:25 ARST 2009)
( Unsupported package: Potentially dangerous ! )
==> Edit PKGBUILD ? [Y/n] ("A" to abort)
==> ------------------------------------
==> n

==> dropbox dependencies:
 - dbus-glib (already installed)
 - gtk2 (already installed)
 - libsm (already installed)


==> Continue building dropbox ? [Y/n]
==> ---------------------------------
==> 
==> Building and installing package
==> Making package: dropbox 2.2.12-1 (Wed Aug 14 15:41:42 ART 2013)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Downloading dropbox-lnx.x86_64-2.2.12.tar.gz...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   406    0   406    0     0    407      0 --:--:-- --:--:-- --:--:--   406
100 20.5M  100 20.5M    0     0   330k      0  0:01:03  0:01:03 --:--:--  357k
  -> Found dropbox.png
  -> Found dropbox.desktop
  -> Found terms.txt
  -> Found dropbox.service
==> Validating source files with sha256sums...
    dropbox-lnx.x86_64-2.2.12.tar.gz ... Passed
    dropbox.png ... Passed
    dropbox.desktop ... Passed
    terms.txt ... Passed
    dropbox.service ... Passed
==> Extracting sources...
  -> Extracting dropbox-lnx.x86_64-2.2.12.tar.gz with bsdtar
==> Entering fakeroot environment...
==> Starting package()...
==> Tidying install...
  -> Purging unwanted files...
  -> Compressing man and info pages...
==> Creating package "dropbox"...
  -> Generating .PKGINFO file...
  -> Generating .MTREE file...
  -> Compressing package...
==> Leaving fakeroot environment.
==> Finished making: dropbox 2.2.12-1 (Wed Aug 14 15:43:29 ART 2013)

==> Continue installing dropbox ? [Y/n]
==> [v]iew package contents [c]heck package with namcap
==> ---------------------------------------------------
==> 

[sudo] password for krusty: 
loading packages...
error: '/tmp/yaourt-tmp-krusty/PKGDEST.uJz/dropbox-2.2.12-1-x86_64.pkg.tar.xz': invalid or corrupted package (PGP signature)
==> WARNING: Your packages are saved in /tmp/yaourt-tmp-krusty

Last edited by krusty.ar (2013-08-15 03:31:55)

Offline

#2 2013-08-14 19:00:23

WonderWoofy
Member
From: Los Gatos, CA
Registered: 2012-05-19
Posts: 8,412

Re: [SOLVED]"invalid or corrupted package (PGP signature)" on AUR packages

Instead of posting the yaourt output, you should post the makepkg output.  Though it will likely be pretty much the same, it is always better to post the question in regard to the supported tools rather than an unsupported wrapper.  This is of course, unless you are asking about the unsupported wrapper in particular.  But this question does not ask about yaourt specifically.

Offline

#3 2013-08-14 19:13:45

krusty.ar
Member
Registered: 2013-08-14
Posts: 4

Re: [SOLVED]"invalid or corrupted package (PGP signature)" on AUR packages

WonderWoofy wrote:

Instead of posting the yaourt output, you should post the makepkg output.  Though it will likely be pretty much the same, it is always better to post the question in regard to the supported tools rather than an unsupported wrapper.  This is of course, unless you are asking about the unsupported wrapper in particular.  But this question does not ask about yaourt specifically.

krusty@kid-c ~/Downloads/libjpeg6 % makepkg -s
==> Making package: libjpeg6 6b1-2 (Wed Aug 14 16:02:58 ART 2013)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Downloading libjpeg6b_6b1.orig.tar.gz...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  893k  100  893k    0     0  26414      0  0:00:34  0:00:34 --:--:-- 29117
==> Validating source files with md5sums...
    libjpeg6b_6b1.orig.tar.gz ... Passed
==> Extracting sources...
  -> Extracting libjpeg6b_6b1.orig.tar.gz with bsdtar
==> Starting build()...

* compiling removed *

make[1]: Leaving directory `/home/krusty/Downloads/libjpeg6/src/jpeg-6b1'
==> Entering fakeroot environment...
==> Starting package()...
make[1]: Entering directory `/home/krusty/Downloads/libjpeg6/src/jpeg-6b1'
test -z "/usr/lib" || /usr/bin/mkdir -p "/home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/lib"
 /bin/sh ./libtool   --mode=install /usr/bin/install -c   libjpeg.la '/home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/lib'
libtool: install: /usr/bin/install -c .libs/libjpeg.so.62.0.0 /home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/lib/libjpeg.so.62.0.0
libtool: install: (cd /home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/lib && { ln -s -f libjpeg.so.62.0.0 libjpeg.so.62 || { rm -f libjpeg.so.62 && ln -s libjpeg.so.62.0.0 libjpeg.so.62; }; })
libtool: install: (cd /home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/lib && { ln -s -f libjpeg.so.62.0.0 libjpeg.so || { rm -f libjpeg.so && ln -s libjpeg.so.62.0.0 libjpeg.so; }; })
libtool: install: /usr/bin/install -c .libs/libjpeg.lai /home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/lib/libjpeg.la
libtool: install: /usr/bin/install -c .libs/libjpeg.a /home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/lib/libjpeg.a
libtool: install: chmod 644 /home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/lib/libjpeg.a
libtool: install: ranlib /home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/lib/libjpeg.a
libtool: install: warning: remember to run `libtool --finish /usr/lib'
test -z "/usr/bin" || /usr/bin/mkdir -p "/home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/bin"
  /bin/sh ./libtool   --mode=install /usr/bin/install -c cjpeg djpeg jpegtran rdjpgcom wrjpgcom '/home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/bin'
libtool: install: warning: `libjpeg.la' has not been installed in `/usr/lib'
libtool: install: /usr/bin/install -c .libs/cjpeg /home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/bin/cjpeg
libtool: install: warning: `libjpeg.la' has not been installed in `/usr/lib'
libtool: install: /usr/bin/install -c .libs/djpeg /home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/bin/djpeg
libtool: install: warning: `libjpeg.la' has not been installed in `/usr/lib'
libtool: install: /usr/bin/install -c .libs/jpegtran /home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/bin/jpegtran
libtool: install: /usr/bin/install -c rdjpgcom /home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/bin/rdjpgcom
libtool: install: /usr/bin/install -c wrjpgcom /home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/bin/wrjpgcom
/bin/sh /home/krusty/Downloads/libjpeg6/src/jpeg-6b1/install-sh -d /home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/include
/usr/bin/install -c -m 644 jconfig.h /home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/include/jconfig.h
test -z "/usr/include" || /usr/bin/mkdir -p "/home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/include"
 /usr/bin/install -c -m 644 jerror.h jmorecfg.h jpeglib.h '/home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/include'
test -z "/usr/share/man/man1" || /usr/bin/mkdir -p "/home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/share/man/man1"
 /usr/bin/install -c -m 644 cjpeg.1 djpeg.1 jpegtran.1 rdjpgcom.1 wrjpgcom.1 '/home/krusty/Downloads/libjpeg6/pkg/libjpeg6/usr/share/man/man1'
make[1]: Leaving directory `/home/krusty/Downloads/libjpeg6/src/jpeg-6b1'
==> Tidying install...
  -> Purging unwanted files...
  -> Compressing man and info pages...
  -> Stripping unneeded symbols from binaries and libraries...
==> Creating package "libjpeg6"...
  -> Generating .PKGINFO file...
  -> Generating .MTREE file...
  -> Compressing package...
==> Leaving fakeroot environment.
==> Finished making: libjpeg6 6b1-2 (Wed Aug 14 16:04:05 ART 2013)
makepkg -s  22.72s user 4.00s system 39% cpu 1:07.22 total
krusty@kid-c ~/Downloads/libjpeg6 % sudo pacman -U libjpeg6-6b1-2-x86_64.pkg.tar.xz 
[sudo] password for krusty: 
loading packages...
error: 'libjpeg6-6b1-2-x86_64.pkg.tar.xz': invalid or corrupted package (PGP signature)

As you can see, the problem seems to come from pacman, not the wrapper or even makepkg

Last edited by krusty.ar (2013-08-14 19:15:40)

Offline

#4 2013-08-14 21:06:18

krusty.ar
Member
Registered: 2013-08-14
Posts: 4

Re: [SOLVED]"invalid or corrupted package (PGP signature)" on AUR packages

I was able to manually install packages by adding my own pgp key to the trusted keys for pacman, and building with makepkg --sign, but this doesn't seem to be the default, so I have some sort of config problem, any ideas?

Here's my pacman.conf

#
# /etc/pacman.conf
#
# See the pacman.conf(5) manpage for option and repository directives

#
# GENERAL OPTIONS
#
[options]
        # The following paths are commented out with their default values listed.
# If you wish to use different paths, uncomment and update the paths.
#RootDir     = /
#DBPath      = /var/lib/pacman/
#CacheDir    = /var/cache/pacman/pkg/
#LogFile     = /var/log/pacman.log
#GPGDir      = /etc/pacman.d/gnupg/
HoldPkg     = pacman glibc
# If upgrades are available for these packages they will be asked for first
#XferCommand = /usr/bin/curl -C - -f %u > %o
#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u
#CleanMethod = KeepInstalled
Architecture = auto

# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
#IgnorePkg   =
#IgnoreGroup =

#NoUpgrade   =
#NoExtract   =

# Misc options
#UseSyslog
#UseDelta
#TotalDownload
CheckSpace
#VerbosePkgLists

# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
#SigLevel = Optional TrustedOnly

# NOTE: You must run `pacman-key --init` before first using pacman; the local
# keyring can then be populated with the keys of all official Arch Linux
# packagers with `pacman-key --populate archlinux`.

#
# REPOSITORIES
#   - can be defined here or included from another file
#   - pacman will search repositories in the order defined here
#   - local/custom mirrors can be added here or in separate files
#   - repositories listed first will take precedence when packages
#     have identical names, regardless of version number
#   - URLs will have $repo replaced by the name of the current repo
#   - URLs will have $arch replaced by the name of the architecture
#
# Repository entries are of the format:
#       [repo-name]
#       Server = ServerName
#       Include = IncludePath
#
# The header [repo-name] is crucial - it must be present and
# uncommented to enable the repo.
#

# The testing repositories are disabled by default. To enable, uncomment the
# repo name header and Include lines. You can add preferred servers immediately
# after the header, and they will be used before the default mirrors.

#[testing]
SigLevel = PackageRequired
#Include = /etc/pacman.d/mirrorlist

[core]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

[extra]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

#[community-testing]
#SigLevel = PackageRequired
#Include = /etc/pacman.d/mirrorlist

[community]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

# If you want to run 32 bit applications on your x86_64 system,
# enable the multilib repositories as required here.

#[multilib-testing]
#SigLevel = PackageRequired
#Include = /etc/pacman.d/mirrorlist

[multilib]
#SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist

# An example of a custom package repository.  See the pacman manpage for
# tips on creating your own repositories.
#[custom]
#SigLevel = Optional TrustAll
#Server = file:///home/custompkgs

[atlassian]
SigLevel = PackageOptional DatabaseRequired TrustAll
Server = http://downloads.hipchat.com/linux/arch/$arch

And makepkg.conf

#
# /etc/makepkg.conf
#

#########################################################################
# SOURCE ACQUISITION
#########################################################################
#
#-- The download utilities that makepkg should use to acquire sources
#  Format: 'protocol::agent'
DLAGENTS=('ftp::/usr/bin/curl -fC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u'
          'http::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
          'https::/usr/bin/curl -fLC - --retry 3 --retry-delay 3 -o %o %u'
          'rsync::/usr/bin/rsync --no-motd -z %u %o'
          'scp::/usr/bin/scp -C %u %o')

# Other common tools:
# /usr/bin/snarf
# /usr/bin/lftpget -c
# /usr/bin/wget

#########################################################################
# ARCHITECTURE, COMPILE FLAGS
#########################################################################
#
CARCH="x86_64"
CHOST="x86_64-unknown-linux-gnu"

#-- Compiler and Linker Flags
# -march (or -mcpu) builds exclusively for an architecture
# -mtune optimizes for an architecture, but builds for whole processor family
CPPFLAGS="-D_FORTIFY_SOURCE=2"
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4"
CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4"
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"
#-- Make Flags: change this for DistCC/SMP systems
MAKEFLAGS="-j3"
#-- Debugging flags
DEBUG_CFLAGS="-g -fvar-tracking-assignments"
DEBUG_CXXFLAGS="-g -fvar-tracking-assignments"

#########################################################################
# BUILD ENVIRONMENT
#########################################################################
#
# Defaults: BUILDENV=(fakeroot !distcc color !ccache check !sign)
#  A negated environment option will do the opposite of the comments below.
#
#-- fakeroot: Allow building packages as a non-root user
#-- distcc:   Use the Distributed C/C++/ObjC compiler
#-- color:    Colorize output messages
#-- ccache:   Use ccache to cache compilation
#-- check:    Run the check() function if present in the PKGBUILD
#-- sign:     Generate PGP signature file
#
BUILDENV=(fakeroot !distcc color !ccache check !sign)
#
#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,
#-- specify a space-delimited list of hosts running in the DistCC cluster.
#DISTCC_HOSTS=""
#
#-- Specify a directory for package building.
#BUILDDIR=/tmp/makepkg

#########################################################################
# GLOBAL PACKAGE OPTIONS
#   These are default values for the options=() settings
#########################################################################
#
# Default: OPTIONS=(strip docs libtool staticlibs emptydirs zipman purge !upx !debug)
#  A negated option will do the opposite of the comments below.
#
#-- strip:      Strip symbols from binaries/libraries
#-- docs:       Save doc directories specified by DOC_DIRS
#-- libtool:    Leave libtool (.la) files in packages
#-- staticlibs: Leave static library (.a) files in packages
#-- emptydirs:  Leave empty directories in packages
#-- zipman:     Compress manual (man and info) pages in MAN_DIRS with gzip
#-- purge:      Remove files specified by PURGE_TARGETS
#-- upx:        Compress binary executable files using UPX
#-- debug:      Add debugging flags as specified in DEBUG_* variables
#
OPTIONS=(strip docs libtool staticlibs emptydirs zipman purge !upx !debug)

#-- File integrity checks to use. Valid: md5, sha1, sha256, sha384, sha512
INTEGRITY_CHECK=(md5)
#-- Options to be used when stripping binaries. See `man strip' for details.
STRIP_BINARIES="--strip-all"
#-- Options to be used when stripping shared libraries. See `man strip' for details.
STRIP_SHARED="--strip-unneeded"
#-- Options to be used when stripping static libraries. See `man strip' for details.
STRIP_STATIC="--strip-debug"
#-- Manual (man and info) directories to compress (if zipman is specified)
MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info})
#-- Doc directories to remove (if !docs is specified)
DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc})
#-- Files to be removed from all packages (if purge is specified)
PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod)

#########################################################################
# PACKAGE OUTPUT
#########################################################################
#
# Default: put built package and cached source in build directory
#
#-- Destination: specify a fixed directory where all packages will be placed
#PKGDEST=/home/packages
#-- Source cache: specify a fixed directory where source files will be cached
#SRCDEST=/home/sources
#-- Source packages: specify a fixed directory where all src packages will be placed
#SRCPKGDEST=/home/srcpackages
#-- Log files: specify a fixed directory where all log files will be placed
#LOGDEST=/home/makepkglogs
#-- Packager: name/email of the person or organization building packages
#PACKAGER="John Doe <john@doe.com>"
#-- Specify a key to use for package signing
#GPGKEY=""

#########################################################################
# COMPRESSION DEFAULTS
#########################################################################
#
COMPRESSGZ=(gzip -c -f -n)
COMPRESSBZ2=(bzip2 -c -f)
COMPRESSXZ=(xz -c -z -)
COMPRESSLRZ=(lrzip -q)
COMPRESSLZO=(lzop -q)
COMPRESSZ=(compress -c -f)

#########################################################################
# EXTENSION DEFAULTS
#########################################################################
#
# WARNING: Do NOT modify these variables unless you know what you are
#          doing.
#
PKGEXT='.pkg.tar.xz'
SRCEXT='.src.tar.gz'

# vim: set ft=sh ts=2 sw=2 et:

Offline

#5 2013-08-15 03:21:05

Scimmia
Bug Wrangler
Registered: 2012-09-01
Posts: 5,077

Re: [SOLVED]"invalid or corrupted package (PGP signature)" on AUR packages

You haven't merged your pacman.conf.pacnew from the 4.1 update. Do that and your problem will go away.

Offline

#6 2013-08-15 03:30:16

krusty.ar
Member
Registered: 2013-08-14
Posts: 4

Re: [SOLVED]"invalid or corrupted package (PGP signature)" on AUR packages

Scimmia wrote:

You haven't merged your pacman.conf.pacnew from the 4.1 update. Do that and your problem will go away.

Thanks, In case someone else runs into the same, I think the important change is:

LocalFileSigLevel = Optional

Offline

Board footer

Powered by FluxBB