[SOLVED] Possible issue with makepkg or gnupg 2.1???

AdrianCohea · 2015-01-31 20:22:21

I am quite willing to admit that it's possible I'm totally stupid and missing something basic, but I just wanted to see if this makes any sense to you folks. Basically, I'm wondering if there's a regression in makepkg or gpg-agent with GnuPG 2.1.

Step 1: Verify the condition of my personal keyring.

gpg -k | grep Xyne

No results. Good.

Step 2: Verify the condition of pacman's keyring.

sudo pacman-key --list-keys | grep Xyne

No results. Good

Step 3: Use pacman-key (NOT my local GPG keyring) to import Xyne's key and trust it.

sudo pacman-key --recv-key EC3CBE7F607D11E663149E811D1F0DC78F173680
sudo pacman-key --lsign-key EC3CBE7F607D11E663149E811D1F0DC78F173680
sudo pacman-key -u

Step 4: Try to install pm2ml, signed by Xyne, and use makepkg to verify that yaourt is NOT the problem. This will not work.

yaourt -G pm2ml
cd pm2ml
makepkg -s

...

==> Verifying source file signatures with gpg...
    pm2ml-2014.12.31.tar.xz ... FAILED (unknown public key 1D1F0DC78F173680)

Step 5: Check that I'm not crazy.

sudo gpg --homedir=/etc/pacman.d/gnupg --verify pm2ml-2014.12.31.tar.xz.sig

gpg: WARNING: unsafe permissions on homedir '/etc/pacman.d/gnupg'
gpg: assuming signed data in 'pm2ml-2014.12.31.tar.xz'
gpg: Signature made Tue 30 Dec 2014 05:55:07 PM MST using RSA key ID 8F173680
gpg: Good signature from "Xyne. (key #3) <xyne@archlinux.ca>" [full]

Step 6: Import Xyne's key into my local GnuPG keyring, which I should definitely not have to do:

gpg --recv-key EC3CBE7F607D11E663149E811D1F0DC78F173680
gpg --lsign-key EC3CBE7F607D11E663149E811D1F0DC78F173680
makepkg -s

Makepkg will work at this point. I have tried this three times, and I can duplicate it 100% of the time.

Is my configuration messed up, or can anybody else duplicate this? I'm wondering if the gpg-agent since GnuPG 2.1 doesn't switch home directories or something and refuses to see a new key even though I just imported it? It seems like the key and the signature are both clearly valid, but I can only get Xyne's package to verify using makepkg if I import his key into my ~/.gnupg keyring.

Again, I could be totally stupid, but I legitimately do think there might be a bigger issue.

Thanks.

Last edited by AdrianCohea (2015-01-31 21:27:30)

apg · 2015-01-31 20:27:27

http://allanmcrae.com/2015/01/two-pgp-k … rch-linux/

bstaletic · 2015-01-31 20:37:03

If you're building packages with makepkg you need the packager's key in your keyring not pacman's. New feature from pacman 4.2, for more details follow link to Allan's blog posted by apg above.

AdrianCohea · 2015-01-31 20:40:26

Okay, sorry! I didn't know that was intended behavior. That actually makes me a lot happier.

It just didn't seem intuitive to me that I would have to add the developer's public key to my own keyring rather than to pacman's keyring. Almost guides I had previously read previously said I needed to use pacman-key to import the public key.

This thread can be marked as solved, because there is no issue.

jasonwryan · 2015-01-31 21:08:07

Please remember to mark your thread as [Solved] by editing your first post and prepending it to the title.

Arch Linux

#1 2015-01-31 20:22:21

[SOLVED] Possible issue with makepkg or gnupg 2.1???

#2 2015-01-31 20:27:27

Re: [SOLVED] Possible issue with makepkg or gnupg 2.1???

#3 2015-01-31 20:37:03

Re: [SOLVED] Possible issue with makepkg or gnupg 2.1???

#4 2015-01-31 20:40:26

Re: [SOLVED] Possible issue with makepkg or gnupg 2.1???

#5 2015-01-31 21:08:07

Re: [SOLVED] Possible issue with makepkg or gnupg 2.1???

Board footer