[arch-general] Package are signed... but pacman doesn't like them...?
Giovanni 'ItachiSan' Santini
itachi.sama.amaterasu at gmail.com
Sun Jul 3 21:12:54 UTC 2016
Il 03/07/2016 18:03, Jelle van der Waa ha scritto:
> On 07/03/16 at 02:45pm, Ilya Boka via arch-general wrote:
>> I don't know does it make sence, but you create signature with
>> "makepkg --sign" ?
>
> Nope,
>
> He is using OpenSuse's Build Service, which creates a private key per
> repository. This key is used to sign the packages and surprisingly also
> the repo database.
>
> I could reproduce the problem but I have no clue why pacman says the
> signature is invalid.
>
Exactly.
Additionally, the strangest thing is that:
- repository information are signed with the same key and their
signature work
- using "gpg --verify" over the package signature (to be clear, the file
named "$pkgname-$pkgver.pkg.tar.xz.sig") works properly, after importing
the key and locally signing it.
I tried to remove, re-add and re-sign locally the key but no success,
even changing the remoter keyserver for fetching the key.
--
Giovanni Santini
My blog: http://giovannisantini.tk
My code: https://github.com/ItachiSan
My code, again: https://gitlab.com/u/ItachiSan
My Twitter: https://twitter.com/santini__gio
My Facebook: https://www.facebook.com/giovanni.santini
My Google+: https://plus.google.com/+GiovanniSantini/
My GPG: 2FADEBF5
More information about the arch-general
mailing list