You are not logged in.
Hi,
i have this. It tries to update gpgme-qt5
pikaur -Su
gpgme-1.23.2.tar.bz2 ... FAILED (Public Key Unknown E98E9B2D19C6C8BD)
I translated the error from french to english
I have already refresh keys
sudo pacman-key --init && sudo pacman-key --populate
Sincerely
Last edited by archqt (2024-05-25 19:55:42)
Offline
Hey you need to import the relevant gpg key so signature verification can be done:
gpg --recv-key E98E9B2D19C6C8BD
Offline
Hey you need to import the relevant gpg key so signature verification can be done:
gpg --recv-key E98E9B2D19C6C8BD
Yes i can do that, but how do i know it is not a bad package. The role of signing is to be sure it is a managed package.
And the role of AUR server is to be sure that i download something controlled.
Offline
I think we have some misconceptions to clear up here:
You are not downloading a package from the AUR, its a build recipe ("PKGBUILD"), the entire content of the AUR is unsupported user produced content (read: untrusted) as the big banner on top says:
DISCLAIMER: AUR packages are user produced content. Any use of the provided files is at your own risk.
The GPG key is required in order to verify the signature that the upstream project has put on the sourcecode not on the finished built package like it is the case for the repo packages.
See this part of the PKGBUILD: https://aur.archlinux.org/cgit/aur.git/ … me-qt5#n21
Offline
Thanks
Offline