You are not logged in.

#1 2021-05-10 15:08:53

6rJ27GKfu
Member
Registered: 2020-06-17
Posts: 13

[SOLVED] Couldn't verify signature for go with gnupg 2.3.1-1

I couldn't update go and got the following error:

Error: go: signature from "Morten Linderud <morten@linderud.pw>" is marginal trust
:: File /var/cache/pacman/pkg/go-2:1.16.4-1-x86_64.pkg.tar.zst is corrupted (Invalid or damaged package (PGP-Signature)).

Pacman also reported the following:

Warning: gnupg: local version (2.3.1-1) is newer than core (2.2.27-1)

Rolling back to [stable] fixed the problem and I could update go, after moving back to [testing] both errors didn't appear again.
I have no clue what that was, but just wanted to let you know, in case anybody else experiences the same thing. Apologies if this was unnecessary, I'm fairly new to [testing].

Last edited by 6rJ27GKfu (2021-05-11 10:25:59)

Offline

#2 2021-05-10 16:22:23

arojas
Developer
From: Spain
Registered: 2011-10-09
Posts: 2,150

Re: [SOLVED] Couldn't verify signature for go with gnupg 2.3.1-1

Yes, gnupg was pulled from testing because of this (among other issues). Generally, there should have been an announcement in the arch-dev-public mailing list about this.

Offline

#3 2021-05-11 10:25:29

6rJ27GKfu
Member
Registered: 2020-06-17
Posts: 13

Re: [SOLVED] Couldn't verify signature for go with gnupg 2.3.1-1

Thanks, Morten Linderud just wrote an e-mail regarding this on the arch-dev-public mailing list.

Offline

#4 2022-03-01 10:56:06

Coelacanthus
Member
Registered: 2022-03-01
Posts: 2
Website

Re: [SOLVED] Couldn't verify signature for go with gnupg 2.3.1-1

arojas wrote:

Yes, gnupg was pulled from testing because of this (among other issues). Generally, there should have been an announcement in the arch-dev-public mailing list about this.

Hello, arojas,
It's been ten months, any progress? Is it a bug of GnuPG, or a feature of them? Is it a problem upstream or the way we use it?
I sincerely hope that this issue will be resolved and GnuPG 2.3 will be available in the Arch repositories.
Because as a Yubikey user, 2.3 solved a major pain point that I have been using, that is, gpg will only record a smart card for a public key, so I have to manually clear the old pointer every time I use Yubikey and store it in a different place; and 2.3 solves the problem fixed this issue, it now automatically recognizes the new card and uses the new one.

Offline

Board footer

Powered by FluxBB