[arch-general] AUR and missing/unidentifiable GPG keys
Hey hey, it has happened a couple of times now, that AUR packages' GPG keys can't be verified using aurget. Here's one example from installing the Linux realtime kernel: aurget -Sy linux-rt-bfq [copious output] patch-4.14.3-rt5.patch ... FAILED (unknown public key 4FE5E3262872E4CC) ERROR: One or more PGP signatures could not be verified! aurget is up to date, as pulled from the Github repo. I know this can be circumvented by editing the pkgbuild file and removing the verification option, but that feels wrong. Is there a systematic way to update the relevant keys? As for other packages that did - or still do - suffer from this issue, there's certainly wine. Best wishes and TIA, Jeanette -------- * website: http://juliencoder.de - for summer is a state of sound * SoundCloud: https://soundcloud.com/jeanette_c Open my eyes, I look deep inside, I run away... <3 (Britney Spears)
I know this can be circumvented by editing the pkgbuild file and removing the verification option, but that feels wrong. Is there a systematic way to update the relevant keys?
You are supposed to manually download the keys, ideally from a trusted source. Another option would be to configure gpg to automatically download missing keys from a key server. Cheers, Bennett -- GPG fingerprint: 871F 1047 7DB3 DDED 5FC4 47B2 26C7 E577 EF96 7808
Dec 8 2017, Bennett Piater has written: ... Thanks Bennett.
Another option would be to configure gpg to automatically download missing keys from a key server. ... Quick tip or link of a howto? It's been ages since I set anything up with GPG and co.
Best wishes, Jeanette -------- * website: http://juliencoder.de - for summer is a state of sound * SoundCloud: https://soundcloud.com/jeanette_c Open my eyes, I look deep inside, I run away... <3 (Britney Spears)
Quick tip or link of a howto? It's been ages since I set anything up with GPG and co.
cat ~/.gnupg/gpg.conf: [...] # auto-key-retrieve : automatically fetch keys as needed from the keyserver when verifying signatures or when importing keys that have been revoked by a revocation key that is not present on the keyring. So, add keyserver-options auto-key-retrieve Cheers, Bennett -- GPG fingerprint: 871F 1047 7DB3 DDED 5FC4 47B2 26C7 E577 EF96 7808
Dec 8 2017, Bennett Piater has written: ...
So, add keyserver-options auto-key-retrieve ... Thank you very much! (and I just considered leaving the list the other day... :) )
Best wishes, Jeanette -------- * website: http://juliencoder.de - for summer is a state of sound * SoundCloud: https://soundcloud.com/jeanette_c Open my eyes, I look deep inside, I run away... <3 (Britney Spears)
participants (2)
-
Bennett Piater
-
Jeanette C.