You are not logged in.

Pages: 1

#1 2015-01-21 10:35:44

shoelesshunter
Member
From: USA
Registered: 2014-05-18
Posts: 289

makepkg signature verification

when I issue makepkg, I get the following output:

==> Making package: abs 2.4.4-2 (Wed Jan 21 05:31:23 UTC 2015)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Found abs-2.4.4.tar.gz
  -> Found abs-2.4.4.tar.gz.sig
==> Validating source files with md5sums...
    abs-2.4.4.tar.gz ... Passed
    abs-2.4.4.tar.gz.sig ... Passed
==> Verifying source file signatures with gpg...
    abs-2.4.4.tar.gz ... FAILED (the public key 487EACC08557AD082088DABA1EB2638FF56C0C53 is not trusted)

I have imported the key. I have signed the key. what is wrong?

Offline

#2 2015-01-21 10:50:39

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 10,731
Website

Re: makepkg signature verification

Consult the wiki or the many threads on the same topic.

AUR packagesZsh and other configs

Offline

#3 2015-01-21 11:06:49

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: makepkg signature verification

http://allanmcrae.com/2015/01/two-pgp-k … rch-linux/

Offline

#4 2015-01-21 11:26:15

shoelesshunter
Member
From: USA
Registered: 2014-05-18
Posts: 289

Re: makepkg signature verification

thank you, but this happens when I try to add the key

gpg --recv-keys 1EB2638FF56C0C53
gpg: enabled debug flags: memstat
gpg: keyserver receive failed: No data
gpg: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpg: secmem usage: 0/32768 bytes in 0 blocks

Offline

#5 2015-01-21 11:53:42

shoelesshunter
Member
From: USA
Registered: 2014-05-18
Posts: 289

Re: makepkg signature verification

gpg --recv-key 1EB2638FF56C0C53

fails to reach the server however using

sudo gpg --recv-key 1EB2638FF56C0C53] yields [gpg: key F56C0C53: "Dave Reisner <d@falconindy.com>"
gpg: Total number processed: 1
gpg:              unchanged: 1

however, this means the key is in root's keyring and I don't use makepkg as root. am I correct in this?

Last edited by shoelesshunter (2015-01-21 11:55:33)

Offline

#6 2015-01-21 15:30:47

jakobcreutzfeldt
Member
Registered: 2011-05-12
Posts: 1,042

Re: makepkg signature verification

Try following the directions in the GnuPG 2.1 release announcement.  I had a similar problem and migrating my keyring to the new keybox format solved it for me. My guess is that when you ran it with sudo, it created a new keybox (that is, in the new format) so you didn't have any error.

Last edited by jakobcreutzfeldt (2015-01-21 15:32:04)

Offline

Pages: 1

Board footer

Powered by FluxBB