You are not logged in.
$ makepkg --verifysource
==> Making package: python-pyusb 1.2.1-4 (Tue 12 Mar 2024 15:45:47 UTC)
==> Retrieving sources...
-> Updating pyusb git repo...
==> Validating source files with sha512sums...
pyusb ... Skipped
==> Verifying source file signatures with gpg...
pyusb git repo ... %s is unable to verify the signature.
git
==> ERROR: One or more PGP signatures could not be verified!
$ makepkg -Codd --skippgpcheck
==> Making package: python-pyusb 1.2.1-4 (Tue 12 Mar 2024 15:47:12 UTC)
==> WARNING: Skipping dependency checks.
==> Retrieving sources...
-> Updating pyusb git repo...
==> WARNING: Skipping verification of source file PGP signatures.
==> Validating source files with sha512sums...
pyusb ... Skipped
==> Removing existing $srcdir/ directory...
==> Extracting sources...
-> Creating working copy of pyusb git repo...
Cloning into 'pyusb'...
done.
Switched to a new branch 'makepkg'
==> Sources are ready.
$ cd src/pyusb/
$ git tag -v v1.2.1
object 7f3638b7c296ac8153bbff369f8a7c0e28907153
type commit
tag v1.2.1
tagger Jonas Malaco <jonas@protocubo.io> 1625799410 -0300
Version 1.2.1
gpg: Signature made Fri 09 Jul 2021 03:56:50 BST
gpg: using RSA key E85FE39F6A144827869F9A7745F0AD783D788A6D
gpg: Good signature from "Jonas Tadeu Silva Malaco Filho <jonas@jonasmalaco.com>" [unknown]
gpg: aka "Jonas Tadeu Silva Malaco Filho <jonasmalacofilho@usp.br>" [unknown]
gpg: aka "Jonas Tadeu Silva Malaco Filho <jonas@elebeta.com.br>" [unknown]
gpg: aka "Jonas Tadeu Silva Malaco Filho <jonasmalacofilho@gmail.com>" [unknown]
gpg: aka "Jonas Tadeu Silva Malaco Filho <jonas@protocubo.io>" [unknown]
gpg: Note: This key has expired!
Primary key fingerprint: 23F3 35ED 4E82 9797 734B 22F6 5841 AF74 06AF 7AD0
Subkey fingerprint: E85F E39F 6A14 4827 869F 9A77 45F0 AD78 3D78 8A6D
Last edited by loqs (2024-03-12 17:40:03)
Offline
That expired key would probably do it
Offline
That expired key would probably do it
$ gpg --list-keys -v 45F0AD783D788A6D
gpg: enabled compatibility flags:
gpg: using pgp trust model
gpg: Note: signature key 45F0AD783D788A6D expired 2021-09-13 16:25:20
pub rsa4096 2013-11-29 [SC]
23F335ED4E829797734B22F65841AF7406AF7AD0
uid [ unknown] Jonas Tadeu Silva Malaco Filho <jonas@jonasmalaco.com>
uid [ unknown] Jonas Tadeu Silva Malaco Filho <jonasmalacofilho@usp.br>
uid [ unknown] Jonas Tadeu Silva Malaco Filho <jonas@elebeta.com.br>
uid [ unknown] Jonas Tadeu Silva Malaco Filho <jonasmalacofilho@gmail.com>
uid [ unknown] Jonas Tadeu Silva Malaco Filho <jonas@protocubo.io>
sub rsa3072 2013-11-29 [S] [expired: 2021-09-13]
sub rsa3072 2013-11-29 [E] [expired: 2021-09-13]
Sure enough setting the system time back to "2021-09-01 16:25:20" and ` makepkg --verifysource` passes.
Edit:
https://gitlab.archlinux.org/archlinux/ … -/issues/1
Last edited by loqs (2024-03-12 17:41:14)
Offline
What version of pacman are you using? I reverted stuff so expired keys should not do that with the 6.1 release, and fixed the error message...\
Edit: I assume this is the 6.0.x version from Arch which has a ridiculous backport still for a patch that was partially reverted...
Offline
$ pacman -Q pacman
pacman 6.0.2-9
Offline