You are not logged in.

#1 2012-11-05 20:45:53

teateawhy
Member
From: GER
Registered: 2012-03-05
Posts: 1,138
Website

[Solved] makepkg warning about unknown key

Hello,

when compiling cower 7-1 a strange warning was given by makepkg.

==> Verifying source file signatures with gpg...
cower-7.tar.gz ... FAILED (unknown public key 1EB2638FF56C0C53)
==> WARNING: Warnings have occurred while verifying the signatures.
    Please make sure you really trust them.

EDIT: The warning is shown due to signature files attached to the package. It can be solved for packages made by archlinux devs:
- run as user
"# gpg --list-keys"
  in order to create a gpg database for your current user, if it is not present already.

- add
"keyring /etc/pacman.d/gnupg/pubring.gpg"
  to the end of
~/.gnupg/gpg.conf.

WorMzy wrote:

Alternatively, run makepkg with --skippgpcheck to stop makepkg trying to validate the file with it's .sig file.

Last edited by teateawhy (2012-11-06 16:22:30)

Offline

#2 2012-11-05 21:24:12

WorMzy
Forum Moderator
From: Scotland
Registered: 2010-06-16
Posts: 11,787
Website

Re: [Solved] makepkg warning about unknown key

I assume that makepkg uses your gpg keychain, whereas pacman uses it's own.


Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

#3 2012-11-05 22:01:46

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: [Solved] makepkg warning about unknown key

If it's just about cower, you can ask here: https://bbs.archlinux.org/viewtopic.php?id=97137

Offline

#4 2012-11-06 07:52:19

teateawhy
Member
From: GER
Registered: 2012-03-05
Posts: 1,138
Website

Re: [Solved] makepkg warning about unknown key

WorMzy wrote:

I assume that makepkg uses your gpg keychain, whereas pacman uses it's own.

Thank you for the answer. Now i understand what happened. my Signature level "Optional" will only require keys to be checked if there is a key present. Usually aur submitters do not have a key and no warning shows up.

EDIT:)
The error will occur for all aur Packagebuilds
with attached keys.

The wiki pages about the aur, makepkg, and creating a package need to be updated about this. They do not mention makepkg is affiliated with gpg and checking keys during build time. Now i am reading more about the topic. http://allanmcrae.com/2011/08/pacman-pa … -repo-add/

If it's just about cower, you can ask here...

No, it will happen to other aur packages in certain cases, too, as explained above.

Last edited by teateawhy (2012-11-06 16:13:47)

Offline

#5 2012-11-06 11:45:03

WorMzy
Forum Moderator
From: Scotland
Registered: 2010-06-16
Posts: 11,787
Website

Re: [Solved] makepkg warning about unknown key

teateawhy wrote:

The error will occur only for aur Packagebuilds created by arch linux developers, because of present keys.

Mmm, not quite. You'll have the same problem with any PKGBUILD that has an unknown signature, not just AUR packages by the Arch devs.

The warning (it's not really an error) is coming up because the source tarball's signature is included in the source array:

source=("https://github.com/downloads/falconindy/$pkgname/$pkgname-$pkgver.tar.gz"{,.sig})

That's a lazyman's way of writing:

source=("https://github.com/downloads/falconindy/$pkgname/$pkgname-$pkgver.tar.gz"
        "https://github.com/downloads/falconindy/$pkgname/$pkgname-$pkgver.tar.gz.sig")

makepkg is smart enough to know that .sig files are used to check the authenticy and integrity of it's namesake file, and so automagically runs a gpg check for you. At this point, since you're running makepkg as yourself, gpg is run as you, and uses your ~/.gnupg/pubring.gpg, which I assume doesn't have Dave's key in it. ('gpg --list-keys' would no doubt confirm that).

A quick fix for Arch dev packages would be to add "keyring /etc/pacman.d/gnupg/pubring.gpg" to the end of ~/.gnupg/gpg.conf.

Alternatively, run makepkg with --skippgpcheck to stop makepkg trying to validate the file with it's .sig file.


Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

#6 2012-11-06 16:11:41

teateawhy
Member
From: GER
Registered: 2012-03-05
Posts: 1,138
Website

Re: [Solved] makepkg warning about unknown key

Wormzy wrote:

You'll have the same problem with any PKGBUILD that has an unknown signature, not just AUR packages by the Arch devs.

Thanks for clearing this up, can you give an example for an aur package with signature, not made by arch devs?

Wormzy wrote:

gpg --list-keys

This command actually created the trustdb database,
and afterwards i added the suggested line.
When compiling again, the warning dissappeared .

==> Verifying source file signatures with gpg...
    cower-7.tar.gz ... Passed
==> Extracting Sources...

Thank you for the solution.

Last edited by teateawhy (2012-11-06 17:23:21)

Offline

#7 2012-11-07 00:54:26

WorMzy
Forum Moderator
From: Scotland
Registered: 2010-06-16
Posts: 11,787
Website

Re: [Solved] makepkg warning about unknown key

I'm sure there'll be one or two, but I can't think of any AUR packages off the top of my head. There's an abundance of non-AUR packages with signed source files though, e.g. bash, coreutils, less, readline, etc.

Note that the source files in these packages are not signed by the Arch devs, but by the respective project devs. For example, less is signed by Mark Nudelman.


Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

#8 2012-11-08 03:27:32

cfr
Member
From: Cymru
Registered: 2011-11-27
Posts: 7,130

Re: [Solved] makepkg warning about unknown key

But presumably that's only an issue if you use ABS? Otherwise, you aren't using the source packages, right?

Note that you can manually check the signature using pacman-key independently of makepkg since I guess this pulls the system wide pacman keys. (I just get a warning that the trustdb is not writeable which is good - it shouldn't be.)


CLI Paste | How To Ask Questions

Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L

Offline

#9 2012-11-08 10:48:10

WorMzy
Forum Moderator
From: Scotland
Registered: 2010-06-16
Posts: 11,787
Website

Re: [Solved] makepkg warning about unknown key

cfr wrote:

But presumably that's only an issue if you use ABS?

I don't think it's an issue at all, to be honest. tongue

But the point is that any PKGBUILD can have a signed source tarball, not just ones developed by the Arch devs.


Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

#10 2015-01-04 07:45:52

rajat
Member
Registered: 2013-10-10
Posts: 10

Re: [Solved] makepkg warning about unknown key

- run as user
"# gpg --list-keys"
  in order to create a gpg database for your current user, if it is not present already.
- add
"keyring /etc/pacman.d/gnupg/pubring.gpg"
  to the end of
~/.gnupg/gpg.conf.

This was a solution for me as well, I was trying to install wine-multimedia package from AUR and it was failing no matter what I did.

After searching the forums I found this solution and I would like to thank the author of this solution for his great help.

Regards
Rajat


Linux is easy.. People are Difficult

Offline

#11 2015-01-04 07:48:28

Allan
Pacman
From: Brisbane, AU
Registered: 2007-06-09
Posts: 11,365
Website

Re: [Solved] makepkg warning about unknown key

rajat wrote:

- add
"keyring /etc/pacman.d/gnupg/pubring.gpg"
  to the end of
~/.gnupg/gpg.conf.


Why?   That adds the Arch Linux package keys to your local keyring.  This is basically useless for use with makepkg, where the people signing the source tarballs are the upstream developer and have nothing to do with Arch.  That only works for cower because an Arch packager develops cower.

Edit: http://allanmcrae.com/2015/01/two-pgp-k … rch-linux/

Offline

#12 2015-01-17 20:51:20

x-yuri
Member
Registered: 2013-01-06
Posts: 157

Re: [Solved] makepkg warning about unknown key

In other words, I had makepkg exiting with an error:

$ makepkg
==> Making package: cower 12-2 (Sat Jan 17 22:46:09 EET 2015)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Found cower-12.tar.gz
  -> Found cower-12.tar.gz.sig
==> Validating source files with md5sums...
    cower-12.tar.gz ... Passed
    cower-12.tar.gz.sig ... Skipped
==> Verifying source file signatures with gpg...
    cower-12.tar.gz ... FAILED (unknown public key 1EB2638FF56C0C53)
==> ERROR: One or more PGP signatures could not be verified!

So, I added the key to my keyring:

$ gpg --recv-key 1EB2638FF56C0C53
gpg: key F56C0C53: public key "Dave Reisner <d@falconindy.com>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1

And was able to successfully create the package.

Offline

#13 2017-03-05 18:53:33

rekahsoft
Member
Registered: 2010-07-18
Posts: 33
Website

Re: [Solved] makepkg warning about unknown key

You can use

GNUPGHOME=/etc/pacman.d/gnupg makepkg ...

so you don't have to modify your users gpg keyring and instead use pacmans.

Offline

#14 2017-03-05 19:25:59

WorMzy
Forum Moderator
From: Scotland
Registered: 2010-06-16
Posts: 11,787
Website

Re: [Solved] makepkg warning about unknown key

Thanks for sharing, but please don't necrobump.

https://wiki.archlinux.org/index.php/Co … bumping.22

Closing.


Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

Board footer

Powered by FluxBB