On Thu, 26 Jul 2018 23:45:32 +0200, Peter Nabbefeld wrote:
Am 26.07.2018 um 23:07 schrieb Morten Linderud via arch-general:
https://wiki.archlinux.org/index.php/Makepkg#Signature_checking
Thank You Morten! But I still have problems: From the wiki I understand, I should set "keyserver-options auto-key-retrieve" in ~/.gnupg/gpg.conf, which is set. IIUC, this should automate the magic to fetch the PGP key. But building still fails. With aura, I've the option to acceppt the package anyway, but I'd prefer to know the correct way.
I can't comment on the Wiki, since I didn't read it. Note, auto-key-retrieve means that any software automatically will retrieve new keys from the default keyserver. An excerpt from the gpg mangape, that belongs to auto-key-retrieve: $ man gpg | grep '\"web bug\" l' -A1 Note that this option makes a "web bug" like behavior possible. Keyserver or Web Key Directory operators can see which keys you request, so by sending you a message signed by a brand new key (which you naturally will not have on your local keyring), the operator can tell both your IP address and the time when you verified the signature. I'm using an alias to manually add new keys: $ grep gkey= .bashrc alias gkey='gpg --keyserver hkp://pgp.uni-mainz.de --recv-keys'