You are not logged in.

#1 2017-03-19 16:15:04

medicineman25
Member
Registered: 2014-12-03
Posts: 110

[SOLVED] Locating the KEYID for Adding PGP signatures

Hey guys,

Running 4.8.11-1

I keep getting this error when installing libmng 2:

==> Verifying source file signatures with gpg...
    libmng-2.0.3.tar.xz ... FAILED (error during signature verification)
==> ERROR: One or more PGP signatures could not be verified!

I know that I have to add the pgp signatures to a user keyring, as detailed in this post:


The following is an excerpt:

To do this you first need to verify their key ID, which should be well publicized. Then to get the key use “gpg --recv-key <KEYID>” and trust it (once suitably verified) using “gpg --lsign <KEYID>“.

taken from this link:


I get all that. It's not rocket science. What I cannot find is this 'KEYID' that is apparently "well publicised" ...

Am I staring straight at it?? Seems to me something that should be on the package page... but where oh where is it located...


Thanks in advance

MedicineMan25

Last edited by medicineman25 (2017-03-20 03:53:21)

Offline

#2 2017-03-19 16:47:50

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: [SOLVED] Locating the KEYID for Adding PGP signatures

It should be in the PKGBUILD.


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#3 2017-03-20 02:03:53

medicineman25
Member
Registered: 2014-12-03
Posts: 110

Re: [SOLVED] Locating the KEYID for Adding PGP signatures

Oh... ok cool! I'll submit a change to the wiki to illustrate this. Unless it's documented somewhere else?

Thank you Anarchist!! smile

Offline

#4 2017-03-20 02:29:26

medicineman25
Member
Registered: 2014-12-03
Posts: 110

Re: [SOLVED] Locating the KEYID for Adding PGP signatures

Could you possibly show me where? I'm sorry, I haven't really dealt with keys and pgp before. Seems the documentation is a little bit disjointed in this area:

# Maintainer: Llewelyn Trahaearn <woefulderelict [at] gmail [dot] com>
# Contributor: Michał Lisowski <lisu [at] riseup [dot] net>
# Contributor: Florian Pritz <flo [at] xssn [dot] at>
# Contributor: Felix Yan <felixonmars [at] archlinux [dot] org>
# Contributor: Andrea Scarpino <andrea[at] archlinux [dot] org>
# Contributor: Pierre Schmitz <pierre [at] archlinux [dot] de>

pkgname=lib32-qt4
pkgver=4.8.7
pkgrel=10
pkgdesc=&apos;A cross-platform application and UI framework (32-bit)&apos;
arch=(&apos;x86_64&apos;)
url=&apos;http://qt-project.org/&apos;
license=(&apos;GPL3&apos; &apos;LGPL&apos; &apos;FDL&apos; &apos;custom&apos;)
depends=("${pkgname#lib32-}" &apos;lib32-alsa-lib&apos; &apos;lib32-dbus&apos; &apos;lib32-fontconfig&apos; &apos;lib32-glib2&apos;
         &apos;lib32-libgl&apos; &apos;lib32-libmng&apos; &apos;lib32-libpng&apos; &apos;lib32-libsm&apos; &apos;lib32-libtiff&apos;
         &apos;lib32-libxi&apos; &apos;lib32-libxrandr&apos; &apos;lib32-libxv&apos; &apos;lib32-openssl&apos; &apos;lib32-sqlite&apos;)
makedepends=(&apos;cups&apos; &apos;gcc-multilib&apos;  &apos;lib32-gtk2&apos; &apos;lib32-libcups&apos; &apos;lib32-libxfixes&apos; &apos;lib32-mesa&apos;)
optdepends=(&apos;lib32-libxcursor: Xcursor support&apos;
            &apos;lib32-libxfixes: Xfixes support&apos;
            &apos;lib32-libxinerama: Xinerama support&apos;
            &apos;lib32-sni-qt: StatusNotifierItem (AppIndicators) support&apos;)
options=(&apos;staticlibs&apos;) # libQtUiTools builds as static only FS#36606
conflicts=(&apos;lib32-qt&apos;)
replaces=(&apos;lib32-qt<=4.8.4&apos;)
_pkgfqn="qt-everywhere-opensource-src-${pkgver}"
source=("http://download.qt.io/official_releases/qt/4.8/${pkgver}/${_pkgfqn}.tar.gz"
        &apos;improve-cups-support.patch&apos;
        &apos;moc-boost-workaround.patch&apos;
        &apos;kubuntu_14_systemtrayicon.diff&apos;
        &apos;kde4-settings.patch&apos;
        &apos;glib-honor-ExcludeSocketNotifiers-flag.diff&apos;
        &apos;disable-sslv3.patch&apos;
        &apos;l-qclipboard_fix_recursive.patch&apos;
        &apos;l-qclipboard_delay.patch&apos;
        &apos;qt4-gcc6.patch&apos;
        &apos;qt4-glibc-2.25.patch&apos;)
sha512sums=(&apos;f9f81a2e7205e1fd05c8d923dc73244f29aa33f951fa6b7c5c8193449328b37084796b9b71ad0c317e4e6fd00017c10ea5d67b1b2032551cde00548522218125&apos;
            &apos;4a8f828c79bde81ab1e39c9eaba4ef553582d85b62d6d182dda02820c4c8e046de6a25cc77d228955ed37fbc5b55f697a0a464af0bb3e171849851639e9ef4ee&apos;
            &apos;b4eced1fe34f09baa987be59fd21a02f4209551f491ae113c9d1cc3c44b00494a909808e22db306bcae0ee4c4f996097ce2c23994b2ac067cf9f599da5a5fc71&apos;
            &apos;c987f478e6da84e26ef5085c2a354cf085227e75af84d24b1497cfb046cfed89858bfed21850cf9dc0f5df2b66f9eed3ca8955a8c9df81cdddc9b98257231319&apos;
            &apos;fe70a3032164233107aa71ba076ca420be3e179225c9cfb3b7f3ff192abb0eecddebf8cec681461ab7c615191028415ff88f98047e383d7388fefe9e267e00a4&apos;
            &apos;6d5216e539d93352cd5f5ca98b5296feba702feba1f198f81de650c399076f0161d8ae712ecd79f1c2833b00b5ce7d4c390e33bbeb7e5542c6860a58a6785cab&apos;
            &apos;922919e5331b392f4a189e2745fd404c98baac797ba543a78c27e4fa7ec4067625f03c03b6c3c943327ee82cf077804ce3b8eb1684a2e265714b6188f8dbae74&apos;
            &apos;bd63961bcb695beebe8686142b84bff7702db4d85d737f5c2da927252b931700d03602f80048223cbbb05d85a5ddb9cb818321d756577f84843690b318f0c413&apos;
            &apos;0215f81fd0ed3483d1f79f46a53d9378f7462901410f4bc3f235325974c155454b0e75cba5222180e5ca62099cba7b80419b5fab86380ac6d951b9ae12714444&apos;
            &apos;efe8e1842882b784a14ba137bc6a8a579d5133e579f98c61674f5d3d9b79ff8e895775a79fcf757f7726377cd221396a678d181fa069416b0760a5241d39845a&apos;
            &apos;01fbcfb8e0ad22eb614d1a55fc6db5794f395dea6a2f155e974a9b10c91cb5551cc0b30ba84c5b32f520eab985572101901ad5664849d3e96a2de6dba1827868&apos;)

prepare() {
  cd $_pkgfqn

  # (FS#28381) (KDEBUG#180051)
  patch -p1 -i "${srcdir}"/improve-cups-support.patch

  # QTBUG#22829
  patch -p1 -i "${srcdir}"/moc-boost-workaround.patch

  # http://blog.martin-graesslin.com/blog/2014/06/where-are-my-systray-icons/
  patch -p1 -i "${srcdir}"/kubuntu_14_systemtrayicon.diff

  # FS#45106
  patch -p0 -i "${srcdir}"/kde4-settings.patch

  # fixes for LibreOffice from the upstream Qt bug tracker FS#46436, FS#41648, FS#39819
  # https://bugreports.qt.io/browse/QTBUG-37380
  patch -p1 -i "${srcdir}"/glib-honor-ExcludeSocketNotifiers-flag.diff
  # https://bugreports.qt.io/browse/QTBUG-34614
  patch -p0 -i "${srcdir}"/l-qclipboard_fix_recursive.patch
  # https://bugreports.qt.io/browse/QTBUG-38585
  patch -p0 -i "${srcdir}"/l-qclipboard_delay.patch

  # React to OpenSSL&apos;s OPENSSL_NO_SSL3 define
  patch -p1 -i "${srcdir}"/disable-sslv3.patch

  sed -i "s|-O2|${CXXFLAGS} -m32|" mkspecs/common/{g++,gcc}-base.conf
  sed -i "/^QMAKE_LFLAGS_RPATH/s| -Wl,-rpath,||g" mkspecs/common/gcc-base-unix.conf
  sed -i "/^QMAKE_LFLAGS\s/s|+=|+= ${LDFLAGS} -m32|g" mkspecs/common/gcc-base.conf

  sed -i "/^QMAKE_LINK\s/s|g++|g++ -m32|g" mkspecs/common/g++-base.conf
  sed -i "s|-Wl,-O1|-m32 -Wl,-O1|" mkspecs/common/g++-unix.conf
  sed -e "s|-O2|$CXXFLAGS -m32|" \
      -e "/^QMAKE_RPATH/s| -Wl,-rpath,||g" \
      -e "/^QMAKE_LINK\s/s|g++|g++ -m32|g" \
      -e "/^QMAKE_LFLAGS\s/s|+=|+= $LDFLAGS|g" \
      -i mkspecs/common/g++.conf

  cp mkspecs/common/linux{,32}.conf
  sed -i "/^QMAKE_LIBDIR\s/s|=|= /usr/lib32|g" mkspecs/common/linux32.conf
  sed -i "s|common/linux.conf|common/linux32.conf|" mkspecs/linux-g++-32/qmake.conf

  # Fix build with GCC6 (Fedora)
  patch -p1 -i "$srcdir"/qt4-gcc6.patch

  # Fix build of Qt4 applications with glibc 2.25 (Fedora)
  patch -p1 -i "$srcdir"/qt4-glibc-2.25.patch
 }

build() {
  cd $_pkgfqn
  export QT4DIR=${srcdir}/${_pkgfqn}
  export LD_LIBRARY_PATH=${QT4DIR}/lib:${LD_LIBRARY_PATH}
  export CXXFLAGS+=" -std=gnu++98" # Fix build with GCC 6
  export PKG_CONFIG_PATH="/usr/lib32/pkgconfig"
#  export PKG_CONFIG_LIBDIR=&apos;/usr/lib32/pkgconfig&apos;
  
  ./configure -confirm-license -opensource -platform linux-g++-32 \
    -prefix /usr \
    -bindir /usr/lib/qt4/bin \
    -headerdir /usr/include/qt4 \
    -libdir /usr/lib32 \
    -plugindir /usr/lib32/qt4/plugins \
    -importdir /usr/lib32/qt4/imports \
    -datadir /usr/share/qt4 \
    -translationdir /usr/share/qt4/translations \
    -sysconfdir /etc/xdg \
    -system-sqlite \
    -no-phonon \
    -no-phonon-backend \
    -no-webkit \
    -graphicssystem raster \
    -openssl-linked \
    -nomake demos \
    -nomake examples \
    -nomake docs \
    -silent \
    -no-rpath \
    -optimized-qmake \
    -no-reduce-relocations \
    -dbus-linked \
    -no-openvg
  make
}

package() {
  cd $_pkgfqn
  make INSTALL_ROOT="${pkgdir}" install

  # Remove conflicting files.
  rm -rf "${pkgdir}"/usr/{bin,include,lib,share}

  # install license addition
  install -D -m644 LGPL_EXCEPTION.txt \
    ${pkgdir}/usr/share/licenses/${pkgname}/LGPL_EXCEPTION

  # Fix wrong libs path in pkgconfig files
  find "${pkgdir}/usr/lib32/pkgconfig" -type f -name &apos;*.pc&apos; \
    -exec perl -pi -e "s, -L${srcdir}/?\S+,,g" {} \;

  # Fix wrong bins path in pkgconfig files
  find "${pkgdir}/usr/lib32/pkgconfig" -type f -name &apos;*.pc&apos; \
    -exec sed -i &apos;s|/usr/bin/|/usr/lib/qt4/bin/|g&apos; {} \;

  # Fix wrong path in prl files
  find "${pkgdir}/usr/lib32" -type f -name &apos;*.prl&apos; \
    -exec sed -i -e &apos;/^QMAKE_PRL_BUILD_DIR/d;s/\(QMAKE_PRL_LIBS =\).*/\1/&apos; {} \;

  # The TGA plugin is broken (FS#33568)
  rm "${pkgdir}"/usr/lib32/qt4/plugins/imageformats/libqtga.so
}
            

Thanks

Offline

#5 2017-03-20 02:35:13

medicineman25
Member
Registered: 2014-12-03
Posts: 110

Re: [SOLVED] Locating the KEYID for Adding PGP signatures

I found it under 'glob' ... Another piece of information that would be useful in the wiki...

So, I tried this:

gpg --recv-key 78f0ceb64b945da4e2bffef88ebcf173d52536bb

Then I tried using the last 6-digits and 8-digits and they both returned:

gpg: keyserver receive failed: No data

Offline

#6 2017-03-20 02:42:00

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: [SOLVED] Locating the KEYID for Adding PGP signatures

Um, good luck with that... The maintainer should have included that information in there. Leave a comment on the AUR page and ask the maintainer to fix it.


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#7 2017-03-20 02:46:26

Scimmia
Fellow
Registered: 2012-09-01
Posts: 11,466

Re: [SOLVED] Locating the KEYID for Adding PGP signatures

Why in the world did you post the lib32-qt4 PKGBUILD when it doesn't even have any signed sources?

Offline

#8 2017-03-20 03:16:08

medicineman25
Member
Registered: 2014-12-03
Posts: 110

Re: [SOLVED] Locating the KEYID for Adding PGP signatures

Um, good luck with that... The maintainer should have included that information in there. Leave a comment on the AUR page and ask the maintainer to fix it.

ah... ok... haha... that's cool, thought something was amiss. Just wasn't sure if I was going crazy and didn't wanna grief the maintainer for no reason...

Why in the world did you post the lib32-qt4 PKGBUILD when it doesn't even have any signed sources?

@Scimmia not sure what you mean ay... is that not the issue we are discussing?? Sorry, as I said I'm really new to using gpg and user keyrings. Quite frankly, I'm still a little fuzzy on public-key architecture and web-of-trust in general. Currently doing the readings to get myself up-to-par.

Offline

#9 2017-03-20 03:52:16

medicineman25
Member
Registered: 2014-12-03
Posts: 110

Re: [SOLVED] Locating the KEYID for Adding PGP signatures

I found it under 'glob' ... Another piece of information that would be useful in the wiki...
So, I tried this:
gpg --recv-key 78f0ceb64b945da4e2bffef88ebcf173d52536bb
Then I tried using the last 6-digits and 8-digits and they both returned:
gpg: keyserver receive failed: No data


Ah geez... ok... I stuffed up... that's referencing the PKGBUILD for lib32-qt4. I was supposed to look in the PKGBUILD for lib32-libmng, not lib32-qt4!! *dodges random food thrown in direction of here*

Even though I was seeing this error from attempts to install lib32-libmng directly... *dodges more ballistic food*

BUT, your input was still extremely helpful. I will be submitting a change to the wiki, as I would never have found the KEYID location without your help. So, thank you muchly, from across the ditch, @Anarchist.


Anyway, I proceeded to install lib32-libmng, as I had previously attempted. However this time, when it asked me to edit the PKGBUILD, I selected 'Y' and looky looky I found a cookie:

pkgname=lib32-libmng
pkgver=2.0.3
pkgrel=1
pkgdesc="A collection of routines used to create and manipulate MNG format graphics files (32-bit)"
arch=('x86_64')
url="http://www.libmng.com/"
license=('custom')
depends=('lib32-lcms2' "${pkgname#lib32-}" )
makedepends=('gcc-multilib')
source=(http://downloads.sourceforge.net/sourceforge/${pkgname#lib32-}/${pkgname#lib32-}-${pkgver}.tar.xz{,.asc})
sha512sums=('764efd94643c17c449abcb8f676ec2aa750a2461cf46bc961343f8d443a16ac2caa135c27d846deb2351b9f25d6170c42a500d21f63c13276905fdd743b8fec6'
            'SKIP')
validpgpkeys=('8048643BA2C840F4F92A195FF54984BFA16C640F')    <<<<<<<<<<<-----------------------------<<<<<<<<<<------------------

Entering:

gpg --recv-key 8048643BA2C840F4F92A195FF54984BFA16C640F

Imported and validated the key, then I was able to proceed unhindered.

Thanks guys..

Last edited by medicineman25 (2017-03-20 06:18:52)

Offline

#10 2017-03-20 04:12:00

Xyne
Administrator/PM
Registered: 2008-08-03
Posts: 6,963
Website

Re: [SOLVED] Locating the KEYID for Adding PGP signatures

When your post is the last in the thread, please use the edit button to append info instead of creating a new post. Needless bumping is against our forum policy (link in sig below).

As for public-key architecture and web-of-trust in general, public keys let you verify that the owner of a key has signed a file. If the signature is correct and you trust the key, then you can be sure that the file has not been tampered with or corrupted. The level of trust depends on the trust in the key. You can either trust the key directly, or you can trust others who have trusted it (the whole "web of trust" part). If you trust Bob, and Bob trusts Alice, then you can trust Alice.

How you determine which keys to trust is up to you. In general though, you shouldn't validate the keys by singing them with your own unless you really trust them. Going back to Bob and Alice, if Bob trusts anyone without checking, then trusting Bob is a security risk.


My Arch Linux StuffForum EtiquetteCommunity Ethos - Arch is not for everyone

Offline

Board footer

Powered by FluxBB