[arch-general] Package are signed... but pacman doesn't like them...?

Giovanni 'ItachiSan' Santini itachi.sama.amaterasu at gmail.com
Mon Jul 4 07:20:17 UTC 2016

Il 03/07/2016 23:50, Christian Hesse ha scritto:
> Looks like the build service produces invalid db files,
> home_ItachiSan_archlinux_Arch_Extra.db in your case.
> The db file is just a simple tar archive, compressed with gzip. Unzip it and
> you will find a directory for every package. Every directory contains the
> file 'desc' at least. Within the file you should find a line '%PGPSIG%',
> followed by a single line containing the signature.
> Looks like the build service breaks this line, which confuses pacman.
> To verify you can extract the db file, make your changes and create a new
> one. Do not forget to remove the db signature (or resign).
> BTW, It's pretty simple why the db signature is valid: It is used as-is. The
> package signatures in your repository are useless, though. The signatures are
> stored withing the db file, as seen above.

I just checked it, you're totally right.
I will report this to the Open Build Service team.
I hope they will get it fixed soon :-)
Thanks a lot! Will report any update here.

Giovanni Santini
My blog: http://giovannisantini.tk
My code: https://github.com/ItachiSan
My code, again: https://gitlab.com/u/ItachiSan
My Twitter: https://twitter.com/santini__gio
My Facebook: https://www.facebook.com/giovanni.santini
My Google+: https://plus.google.com/+GiovanniSantini/

More information about the arch-general mailing list