[arch-general] Package are signed... but pacman doesn't like them...?

Giovanni 'ItachiSan' Santini itachi.sama.amaterasu at gmail.com
Sun Jul 3 21:12:54 UTC 2016

Il 03/07/2016 18:03, Jelle van der Waa ha scritto:
> On 07/03/16 at 02:45pm, Ilya Boka via arch-general wrote:
>> I don't know does it make sence, but you create signature with
>> "makepkg --sign" ?
> Nope,
> He is using OpenSuse's Build Service, which creates a private key per
> repository. This key is used to sign the packages and surprisingly also
> the repo database.
> I could reproduce the problem but I have no clue why pacman says the
> signature is invalid.

Additionally, the strangest thing is that:
- repository information are signed with the same key and their
signature work
- using "gpg --verify" over the package signature (to be clear, the file
named "$pkgname-$pkgver.pkg.tar.xz.sig") works properly, after importing
the key and locally signing it.
I tried to remove, re-add and re-sign locally the key but no success,
even changing the remoter keyserver for fetching the key.

Giovanni Santini
My blog: http://giovannisantini.tk
My code: https://github.com/ItachiSan
My code, again: https://gitlab.com/u/ItachiSan
My Twitter: https://twitter.com/santini__gio
My Facebook: https://www.facebook.com/giovanni.santini
My Google+: https://plus.google.com/+GiovanniSantini/

More information about the arch-general mailing list