On 07/03/16 at 02:45pm, Ilya Boka via arch-general wrote:
I don't know does it make sence, but you create signature with "makepkg --sign" ?
Nope, He is using OpenSuse's Build Service, which creates a private key per repository. This key is used to sign the packages and surprisingly also the repo database. I could reproduce the problem but I have no clue why pacman says the signature is invalid.
On Sun, Jul 3, 2016 at 10:09 AM, Giovanni 'ItachiSan' Santini via arch-general <arch-general@archlinux.org> wrote:
Good morning, some days ago I found a nice service called "Open Build Service", which allows all kind of packagers, including also Arch ones, to have different repos of their packages, having them built online. This is awesome for me, as some of them require heavy building time.
I fought a bit against the service, in order to make the GPG public key to be uploaded to a key server, in order to allow users to add it properly to pacman-key.
Now, I am facing a really strange issue: I've added the key to pacman keyring, using:
sudo pacman-key -r 05E0A765C649DE23 sudo pacman-key --lsign-key 05E0A765C649DE23
Database syncing works properely and the signature is verified... But for packages it is not. Every time it gives an error as this:
$pkgname-$pkgver $pkgsize $dw_speed 00:00 [--------------------] 100% (1/1) checking keys in keyring [--------------------] 100% error: $pkgname: unsupported signature format(0/1) checking package integrity (1/1) checking package integrity [--------------------] 100% error: GPGME error: No data
I tried to download the public key and adding to my personal GPG keyring. Verifying the packages signatures works perfectly. To try this, I fetched the .sig file online and used the GPG --verify command. Any hints?
Now, the needed data. My personal repo configuration for pacman
[home_ItachiSan_archlinux_Arch_Extra] Server = http://download.opensuse.org/repositories/home:/ItachiSan:/archlinux/Arch_Ex...
The public key mentioned above: http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x05E0A765C649DE23 or http://keyserver.ubuntu.com/pks/lookup?op=vindex&search=home%3AItachiSan&fingerprint=on
Sorry to be so verbose. :< Thanks in advance!
-- Giovanni Santini My blog: http://giovannisantini.tk My code: https://github.com/ItachiSan My code, again: https://gitlab.com/u/ItachiSan My Twitter: https://twitter.com/santini__gio My Facebook: https://www.facebook.com/giovanni.santini My Google+: https://plus.google.com/+GiovanniSantini/ My GPG: 2FADEBF5
-- Jelle van der Waa