You are not logged in.
- Topics: Active | Unanswered
#1 2017-12-01 19:21:09
- brachyonic
- Member
- Registered: 2013-02-13
- Posts: 6
Running into strange? signature verification issue with linux-rt
Greetings!
I'm running into a, to me, strange issue verifying the signature of patch-4.11.12-rt14.patch
I have auto-key-retrieve in my gpg.conf and I see it refreshes from the keyserver during the process which seems like it should prevent any such issue.
Additionally, it passes this part of the process just fine on my laptop, so it seems the issue should be something on my desktop, but i dont know where to begin
Below is the terminal output
apacman -S linux-rt
grep: warning: GREP_OPTIONS is deprecated; please use an alias or script
grep: warning: GREP_OPTIONS is deprecated; please use an alias or script
grep: warning: GREP_OPTIONS is deprecated; please use an alias or script
Aur Targets (1): linux-rt
:: Proceed with installation? [Y/n] y
-> Split package base: linux-rt uild kernel with a different name
-> PKGBUILD contains: pkgbase pkgbase-headers pkgbase-docs
Edit linux-rt PKGBUILD with $editor? [Y/n] n
gpg: refreshing 5 keys from hkps://hkps.pool.sks-keyservers.net
gpg: key 109F098506FF0B14: 118 signatures not checked due to missing keys
gpg: key 109F098506FF0B14: "Thomas Gleixner <tglx@linutronix.de>" not changed
gpg: key EBC26CDB5A56DE73: 71 signatures not checked due to missing keys
gpg: key EBC26CDB5A56DE73: "Steven Rostedt (Der Hacker) <rostedt@goodmis.org>" not changed
gpg: key 7B96E8162A8CF5D1: 95 signatures not checked due to missing keys
gpg: key 7B96E8162A8CF5D1: "Sebastian Andrzej Siewior" not changed
gpg: key 38DBBDC86092693E: 1 duplicate signature removed
gpg: key 38DBBDC86092693E: 126 signatures not checked due to missing keys
gpg: key 38DBBDC86092693E: "Greg Kroah-Hartman <gregkh@linuxfoundation.org>" not changed
gpg: key 79BE3E4300411886: 1 duplicate signature removed
gpg: key 79BE3E4300411886: 142 signatures not checked due to missing keys
gpg: key 79BE3E4300411886: "Linus Torvalds <torvalds@kernel.org>" not changed
gpg: Total number processed: 5
gpg: unchanged: 5
==> Making package: linux-rt 4.11.12_rt14-1 (Fri Dec 1 14:04:16 EST 2017)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
-> Downloading linux-4.11.tar.xz...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 91.0M 100 91.0M 0 0 1479k 0 0:01:03 0:01:03 --:--:-- 929k
-> Downloading linux-4.11.tar.sign...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 455 100 455 0 0 455 0 0:00:01 --:--:-- 0:00:01 2826
-> Downloading patch-4.11.12.xz...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 291k 100 291k 0 0 291k 0 0:00:01 --:--:-- 0:00:01 696k
-> Downloading patch-4.11.12.sign...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 833 100 833 0 0 833 0 0:00:01 --:--:-- 0:00:01 5238
-> Downloading patch-4.11.12-rt14.patch.xz...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 224k 100 224k 0 0 224k 0 0:00:01 --:--:-- 0:00:01 579k
-> Downloading patch-4.11.12-rt14.patch.sign...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 566 100 566 0 0 566 0 0:00:01 --:--:-- 0:00:01 3430
-> Found config.i686
-> Found config.x86_64
-> Found 90-linux-rt.hook
-> Found linux-rt.preset
-> Found fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT-160319.patch
==> Validating source files with sha256sums...
linux-4.11.tar.xz ... Passed
linux-4.11.tar.sign ... Skipped
patch-4.11.12.xz ... Passed
patch-4.11.12.sign ... Skipped
patch-4.11.12-rt14.patch.xz ... Passed
patch-4.11.12-rt14.patch.sign ... Skipped
config.i686 ... Passed
config.x86_64 ... Passed
90-linux-rt.hook ... Passed
linux-rt.preset ... Passed
fix-race-in-PRT-wait-for-completion-simple-wait-code_Nvidia-RT-160319.patch ... Passed
==> Verifying source file signatures with gpg...
linux-4.11.tar ... Passed
patch-4.11.12 ... Passed
patch-4.11.12-rt14.patch ... FAILED (error during signature verification)
==> ERROR: One or more PGP signatures could not be verified!
==> ERROR: the build failed
-> Status
failed (1): linux-rtOffline
#2 2017-12-03 18:58:24
- eschwartz
- Fellow
- Registered: 2014-08-08
- Posts: 4,097
Re: Running into strange? signature verification issue with linux-rt
Try using `gpg --verify --quiet --status-file /dev/stdout patch-4.11.12-rt14.patch.asc patch-4.11.12-rt14.patch 2>/dev/null` and see what is the exact error that gpg's raw status is telling you about.
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline
#3 2017-12-03 23:45:58
- brachyonic
- Member
- Registered: 2013-02-13
- Posts: 6
Re: Running into strange? signature verification issue with linux-rt
Try using `gpg --verify --quiet --status-file /dev/stdout patch-4.11.12-rt14.patch.asc patch-4.11.12-rt14.patch 2>/dev/null` and see what is the exact error that gpg's raw status is telling you about.
I've managed to fix it!
I ran the command (modified a bit) and got
gpg --verify --status-file /dev/stdout patch-4.11.12-rt14.patch.sign patch-4.11.12-rt14.patch.xz
[GNUPG:] NEWSIG
gpg: Signature made Fri 22 Sep 2017 05:27:49 AM EDT
gpg: using RSA key AC7BD081059951BD51ADE8004FE5E3262872E4CC
[GNUPG:] KEYEXPIRED 1452521871
[GNUPG:] KEYEXPIRED 1452522035
[GNUPG:] KEYEXPIRED 1452521871
[GNUPG:] KEYEXPIRED 1452526316
[GNUPG:] KEY_CONSIDERED A490D0F4D311A4153E2BB7CADBB802B258ACD84F 0
[GNUPG:] ERRSIG 4FE5E3262872E4CC 1 10 00 1506072469 6
gpg: Can't check signature: Bad public keywhich didnt mean anything to me at the time.
Later on a whim i ran gpg --update-trustdb, remembering that the pacman and user keyrings were different, and that seems to have resolved the issue?
My question now is, is gpg --update-trustdb something i should be running myself? is there something that should be doing this on my behalf?
Offline