Il 03/07/2016 18:03, Jelle van der Waa ha scritto:
On 07/03/16 at 02:45pm, Ilya Boka via arch-general wrote:
I don't know does it make sence, but you create signature with "makepkg --sign" ?
Nope,
He is using OpenSuse's Build Service, which creates a private key per repository. This key is used to sign the packages and surprisingly also the repo database.
I could reproduce the problem but I have no clue why pacman says the signature is invalid.
Exactly. Additionally, the strangest thing is that: - repository information are signed with the same key and their signature work - using "gpg --verify" over the package signature (to be clear, the file named "$pkgname-$pkgver.pkg.tar.xz.sig") works properly, after importing the key and locally signing it. I tried to remove, re-add and re-sign locally the key but no success, even changing the remoter keyserver for fetching the key. -- Giovanni Santini My blog: http://giovannisantini.tk My code: https://github.com/ItachiSan My code, again: https://gitlab.com/u/ItachiSan My Twitter: https://twitter.com/santini__gio My Facebook: https://www.facebook.com/giovanni.santini My Google+: https://plus.google.com/+GiovanniSantini/ My GPG: 2FADEBF5