[arch-general] Problem automatically importing key for signed package.
Myra Nelson
myra.nelson at hughes.net
Sat Nov 5 20:01:59 EDT 2011
On Sat, Nov 5, 2011 at 18:40, Peter Lewis <plewis at aur.archlinux.org> wrote:
> Hi,
>
> I've been trying to get to grips with the package signing stuff, and have
> just
> added my first signed package (choqok) to [community], but am having a
> problem
> installing it from the repo, when pacman doesn't already know about my
> key. I'm
> probably missing a step somewhere, or maybe I've found a bug, not sure.
>
> I followed the instructions on the wiki, with the slight difference that I
> already had a key, so just used that one.
>
> Here's the problem. After successfully building in a chroot and submitting
> and
> signing the package, all using devtools, I get this:
>
> % sudo pacman -S choqok
>
> ...
>
> error: choqok: key "22AD5874F39D989F" is unknown
> error: failed to commit transaction (invalid or corrupted package (PGP
> signature))
> Errors occurred, no packages were upgraded.
>
> I tried the obvious cache clearing and -Syy'ing, just to be sure, but that
> didn't fix it.
>
> For other people's packages, after the "key XXX unknown" message, I get the
> option to get it from the keyserver and add it to pacman's keyring. But I
> don't
> get that option for my own key.
>
> But:
>
> % gpg --homedir gpg-temp --keyserver pgp.mit.edu --recv-keys
> 22AD5874F39D989F
> gpg: requesting key F39D989F from hkp server pgp.mit.edu
> gpg: key E19DAA50: public key "Peter Richard Lewis <pete at muddygoat.org>"
> imported
> gpg: no ultimately trusted keys found
> gpg: Total number processed: 1
> gpg: imported: 1
>
> And just to be sure, in my build directory:
>
> % gpg --verify choqok-1.2-2-x86_64.pkg.tar.xz.sig
> gpg: Signature made Sat 05 Nov 2011 05:27:56 PM GMT using RSA key ID
> F39D989F
> gpg: Good signature from "Peter Richard Lewis <pete at muddygoat.org>"
> gpg: aka "Peter Richard Lewis <prlewis at letterboxes.org>"
> gpg: aka "Peter Richard Lewis <p.r.lewis at cs.bham.ac.uk>"
> gpg: aka "Peter Richard Lewis <plewis at aur.archlinux.org>"
>
>
> At first I thought that maybe pacman wouldn't support multiple UIDs, but
> then
> pacman-key -l shows up that several devs and TUs have this.
>
> Did I miss something that I should have done?
>
> Thanks,
>
> Pete.
>
Pete:
You need to import your key into the pacman-key database with sudo
pacman-key --keysever pgp.mit.edu -r 22AD5874F39D989F, then everything
shoud work fine.
You can also put keyserver hkp://pgp.mit.edu in
/etc/pacman.d/gnupg/gnupg.conf and pacman-key will use pgp.mit.eduautomatically.
Myra
--
Life's fun when your sick and psychotic!
More information about the arch-general
mailing list