[arch-general] aur/solr: Unknown PGP key
Ralf Mardorf
silver.bullet at zoho.com
Thu Jul 26 22:14:17 UTC 2018
On Thu, 26 Jul 2018 23:45:32 +0200, Peter Nabbefeld wrote:
>Am 26.07.2018 um 23:07 schrieb Morten Linderud via arch-general:
>> https://wiki.archlinux.org/index.php/Makepkg#Signature_checking
>>
>Thank You Morten! But I still have problems: From the wiki I
>understand, I should set "keyserver-options auto-key-retrieve" in
>~/.gnupg/gpg.conf, which is set. IIUC, this should automate the magic
>to fetch the PGP key. But building still fails. With aura, I've the
>option to acceppt the package anyway, but I'd prefer to know the
>correct way.
I can't comment on the Wiki, since I didn't read it. Note,
auto-key-retrieve means that any software automatically will
retrieve new keys from the default keyserver. An excerpt from the gpg
mangape, that belongs to auto-key-retrieve:
$ man gpg | grep '\"web bug\" l' -A1
Note that this option makes a "web bug" like behavior
possible. Keyserver or Web Key Directory operators can see which keys
you request, so by sending you a message signed by a brand new key
(which you naturally will not have on your local keyring), the operator
can tell both your IP address and the time when you verified the
signature.
I'm using an alias to manually add new keys:
$ grep gkey= .bashrc
alias gkey='gpg --keyserver hkp://pgp.uni-mainz.de --recv-keys'
More information about the arch-general
mailing list