You are not logged in.

#1 2015-01-07 07:13:05

Quatro
Member
From: Portugal
Registered: 2013-06-14
Posts: 24

One or more PGP signatures could not be verified!

Trying to install anything with pacaur or using makepkg gives out this error:

==> Making package: cower 12-2 (Wed Jan  7 07:11:25 WET 2015)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Downloading cower-12.tar.gz...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 22636  100 22636    0     0  60301      0 --:--:-- --:--:-- --:--:-- 60362
  -> Downloading cower-12.tar.gz.sig...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   287  100   287    0     0   1136      0 --:--:-- --:--:-- --:--:--  1134
==> Validating source files with md5sums...
    cower-12.tar.gz ... Passed
    cower-12.tar.gz.sig ... Skipped
==> Verifying source file signatures with gpg...
    cower-12.tar.gz ... FAILED (unknown public key 1EB2638FF56C0C53)
==> ERROR: One or more PGP signatures could not be verified!

Can someone help?

Offline

#2 2015-01-07 07:37:46

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: One or more PGP signatures could not be verified!


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#3 2015-01-07 18:41:32

Quatro
Member
From: Portugal
Registered: 2013-06-14
Posts: 24

Re: One or more PGP signatures could not be verified!

I'm sorry. I still don't what to do. I added the invalid key using pacman key, but it still doesn't work.

Offline

#4 2015-01-07 18:51:45

Head_on_a_Stick
Member
From: The Wirral
Registered: 2014-02-20
Posts: 8,280
Website

Re: One or more PGP signatures could not be verified!

Allan "Broke It" Mcrae wrote:

To get the key use “gpg --recv-key <KEYID>” and trust it (once suitably verified) using “gpg --lsign <KEYID>“.

Did you actually read the blog?

The whole point is that you're not supposed to add public PGP keys to pacman's keyring, you add it to your user's keyring (providing you trust the vendor).

Last edited by Head_on_a_Stick (2015-01-07 18:55:25)


Para todos todo, para nosotros nada

Offline

#5 2015-01-07 18:52:40

progandy
Member
Registered: 2012-05-17
Posts: 5,262

Re: One or more PGP signatures could not be verified!

Makepkg doesn't use the pacman keyring, but the one for your username (~/.gnupg/) You'll have to add keys with "gpg --recv-keys" and not pacman-key.


| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |

Offline

#6 2015-01-16 15:55:06

mir91
Banned
Registered: 2013-11-17
Posts: 143

Re: One or more PGP signatures could not be verified!

I get

==> Verifying source file signatures with gpg...
    linux-3.18.tar ... FAILED (unknown public key 79BE3E4300411886)
    patch-3.18.2 ... FAILED (unknown public key 38DBBDC86092693E)

$ gpg --recv-key 79BE3E4300411886

gpg: keyserver receive failed: Address family not supported by protocol

when trying to add the key.

Last edited by mir91 (2015-01-16 15:56:23)

Offline

#7 2015-01-16 16:46:09

TE
Member
Registered: 2014-06-21
Posts: 78

Re: One or more PGP signatures could not be verified!

Quatro, back to your question -- I have the same problem with cower (the engine behind pacaur), that's what's trying to upgrade - cower is using the shared libraries from pacman, so with the new pacman-4.2 upgrade you have to rebuild/upgrade cower to link to the new libs. His PKGBUILD has this:

source=("http://code.falconindy.com/archive/$pkgname/$pkgname-$pkgver.tar.gz"{,.sig})
validpgpkeys=('487EACC08557AD082088DABA1EB2638FF56C0C53')  # Dave Reisner

It just never works right for me, you're supposed to import his key somehow but I never want to be bothered as I have too many systems and just don't care. If you just do this real quick instead:

curl -L -O https://aur.archlinux.org/packages/co/cower/cower.tar.gz
tar -zxvf cower.tar.gz 
cd cower
makepkg -s --skippgpcheck
sudo pacman -U cower-*.pkg.tar.xz 

...that will upgrade your cower skipping the GPG issue, then allow your pacaur to work again. Yes, it's taking a "risk" by not verifying the source as the author intends, but that's no different than any other AUR package. $0.02, evaluate your own risks. smile

Offline

#8 2015-01-16 18:27:23

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: One or more PGP signatures could not be verified!

TE wrote:

you're supposed to import his key somehow but I never want to be bothered as I have too many systems and just don't care.

Like everything else, this can be automated with a couple of lines in your ~/.gnupg/gpg.conf file, as described in the wiki.


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#9 2015-01-16 21:01:11

Potomac
Member
Registered: 2011-12-25
Posts: 528

Re: One or more PGP signatures could not be verified!

jasonwryan wrote:
TE wrote:

you're supposed to import his key somehow but I never want to be bothered as I have too many systems and just don't care.

Like everything else, this can be automated with a couple of lines in your ~/.gnupg/gpg.conf file, as described in the wiki.

I don't find this part in the wiki, can you tell me exactly where have you read this ?

https://wiki.archlinux.org/index.php/Gnupg

Offline

#10 2015-01-16 21:09:31

clfarron4
Member
From: London, UK
Registered: 2013-06-28
Posts: 2,163
Website

Re: One or more PGP signatures could not be verified!

Potomac wrote:
jasonwryan wrote:
TE wrote:

you're supposed to import his key somehow but I never want to be bothered as I have too many systems and just don't care.

Like everything else, this can be automated with a couple of lines in your ~/.gnupg/gpg.conf file, as described in the wiki.

I don't find this part in the wiki, can you tell me exactly where have you read this ?

https://wiki.archlinux.org/index.php/Gnupg

I saw automatic importing of missing keys in this BBS thread. Don't know if it is in the ArchWiki though.

Last edited by clfarron4 (2015-01-16 21:09:53)


Claire is fine.
Problems? I have dysgraphia, so clear and concise please.
My public GPG key for package signing
My x86_64 package repository

Offline

#11 2015-01-16 23:53:45

TE
Member
Registered: 2014-06-21
Posts: 78

Re: One or more PGP signatures could not be verified!

clfarron4 wrote:
Potomac wrote:
jasonwryan wrote:

Like everything else, this can be automated with a couple of lines in your ~/.gnupg/gpg.conf file, as described in the wiki.

I don't find this part in the wiki, can you tell me exactly where have you read this ?

https://wiki.archlinux.org/index.php/Gnupg

I saw automatic importing of missing keys in this BBS thread. Don't know if it is in the ArchWiki though.

Just found it here: https://wiki.archlinux.org/index.php/Ma … e_checking

It is a personal preference, I don't want to import Arch/AUR keys into my normal personal keyring - but reading the gpg (and makepkg) manpage it looks like if you set GNUPGHOME=/some/path first that should work to set a special keyring just for AUR and a custom config from the wiki.

Offline

#12 2015-01-17 00:14:31

bleach
Member
Registered: 2013-07-26
Posts: 264

Re: One or more PGP signatures could not be verified!

have you tried keyserver-options auto-key-retrieve in gpg.conf

^never mind TE point to that.

Last edited by bleach (2015-01-17 00:20:37)

Offline

#13 2015-01-17 01:38:31

mir91
Banned
Registered: 2013-11-17
Posts: 143

Re: One or more PGP signatures could not be verified!

So does anyone know why gpg says "Address family not supported by protocol" or should I make a new forum thread for that question?

Offline

#14 2015-01-17 01:39:56

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: One or more PGP signatures could not be verified!

That's a different topic. When you open it, paste the commands that you used and the verbose debug output.


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#15 2016-02-15 02:30:03

khaled
Member
Registered: 2016-02-15
Posts: 1

Re: One or more PGP signatures could not be verified!

gpg --recv-keys 2E1AC68ED40814E0
makepkg -sci

Offline

#16 2016-02-15 04:45:25

x33a
Forum Fellow
Registered: 2009-08-15
Posts: 4,587

Re: One or more PGP signatures could not be verified!

@khaled,

please don't necrobump.

https://wiki.archlinux.org/index.php/Fo … bumping.22

Closing.

Offline

Board footer

Powered by FluxBB