You are not logged in.
- Topics: Active | Unanswered
#1 2021-05-10 15:08:53
- 6rJ27GKfu
- Member
- Registered: 2020-06-17
- Posts: 13
[SOLVED] Couldn't verify signature for go with gnupg 2.3.1-1
I couldn't update go and got the following error:
Error: go: signature from "Morten Linderud <morten@linderud.pw>" is marginal trust
:: File /var/cache/pacman/pkg/go-2:1.16.4-1-x86_64.pkg.tar.zst is corrupted (Invalid or damaged package (PGP-Signature)).
Pacman also reported the following:
Warning: gnupg: local version (2.3.1-1) is newer than core (2.2.27-1)
Rolling back to [stable] fixed the problem and I could update go, after moving back to [testing] both errors didn't appear again.
I have no clue what that was, but just wanted to let you know, in case anybody else experiences the same thing. Apologies if this was unnecessary, I'm fairly new to [testing].
Last edited by 6rJ27GKfu (2021-05-11 10:25:59)
Offline
#2 2021-05-10 16:22:23
- arojas
- Developer
- From: Spain
- Registered: 2011-10-09
- Posts: 2,150
Re: [SOLVED] Couldn't verify signature for go with gnupg 2.3.1-1
Yes, gnupg was pulled from testing because of this (among other issues). Generally, there should have been an announcement in the arch-dev-public mailing list about this.
Offline
#3 2021-05-11 10:25:29
- 6rJ27GKfu
- Member
- Registered: 2020-06-17
- Posts: 13
Re: [SOLVED] Couldn't verify signature for go with gnupg 2.3.1-1
Thanks, Morten Linderud just wrote an e-mail regarding this on the arch-dev-public mailing list.
Offline
#4 2022-03-01 10:56:06
- Coelacanthus
- Member
- Registered: 2022-03-01
- Posts: 2
- Website
Re: [SOLVED] Couldn't verify signature for go with gnupg 2.3.1-1
Yes, gnupg was pulled from testing because of this (among other issues). Generally, there should have been an announcement in the arch-dev-public mailing list about this.
Hello, arojas,
It's been ten months, any progress? Is it a bug of GnuPG, or a feature of them? Is it a problem upstream or the way we use it?
I sincerely hope that this issue will be resolved and GnuPG 2.3 will be available in the Arch repositories.
Because as a Yubikey user, 2.3 solved a major pain point that I have been using, that is, gpg will only record a smart card for a public key, so I have to manually clear the old pointer every time I use Yubikey and store it in a different place; and 2.3 solves the problem fixed this issue, it now automatically recognizes the new card and uses the new one.
Offline