AUR package fails to verify PGP/GPG key: "unknown public key", "One or more PGP signatures could not be verified!"

Summary

If you get

llvm-5.0.1.src.tar.xz … FAILED (unknown public key 8F0871F202119294)

then

gpg --recv-key 8F0871F202119294

and try again. Enter the key ID as appropriate.

Detail

Many AUR packages contain lines to enable validating downloaded packages though the use of a PGP key. This establishes a level of trust between the software author and anyone who downloads the software - if you trust the key, and the download validates against the key, then you can trust the download.

Pacman has its own keyring for system packages in the repos. This means pacman will trust Manjaro and Arch packager keys.

Your user starts with an empty keyring. That is, you trust noone's keys. When you run makepkg you run it as your normal user, so if the PKGBUILD file contains a PGP key validation will fail because you don't trust the key - you have to import the key into your keyring first.

This is easy. Open a terminal and type:

gpg --recv-key $KEYID

where $KEYID is the ID of the key you want to import.

Now when you run makepkg (directly or via your AUR helper) the downloaded file will be validated and all will be well.

If validation still fails then the file is invalid.

48 Likes
Update Phonon und kdebase-runtime
Ncurses5-compat-libs have some installation problems related to gpg public key
How to install VMware workstation pro 14.1.2?
Install error L2TP plugin network manager
Cannot Install Gatling - PGP unknown public key
Error: ... : signature from "..." is unknown trust
Can't Build Dropbox?
Having trouble updating Spotify?
Wine 4.12 doesn't work for me
Can't update anymore, PGP problems, no workaround helps
Missing PGP Keyfile issue with moka-icon-theme package
Puddletag is only available through AUR, however qt4 is now deprecated. Building requires GPG-key import, what do?
Spotify (AUR) will build on Gnome Edition, but it won't on KDE Edition
Libevent-compat cannot be installed because of gpg failure
[Stable Update] 2018-06-01 - Kernels, Pamac, Pacman 5.1, QT 5.11, Deepin, Browsers
AUR update incomplete - PGP signature incorrect
Having trouble with Discord under Trizen
Install aurman with error output
[Testing Update] 2018-09-23 - Kernels, Gnome 3.30, Cinnamon, Deepin, LibreOffice
What it is this error? ICA-CLIENT
Unable to install Tor Browser - PGP signatures could not be verified
Unable to install Dropbox client
Pyqt4-common and python2-pyqt4 update 24-10-2018
Unable to connect to any device via bluetooth, Manjaro 18 XFCE
Runescape NXT Client
Missing PGP Keys into Discord installation
Can't install tomcat9
Amarok - problem with database
Cannot upgrade dropbox, key issue
ERROR: One or more PGP signatures could not be verified!
GPG Problem in Pamac
Unable to update manjaro due to corrupt or PGP trust issues
Dropbox instalation failure
Help installing Guix (Error Missing OpenPGP key)
[SOLVED] Cannot install Dropbox
[SOLVED] ffmpeg2.8 Installation ERROR (PGP signatures could not be verified!)
Trying to install GCC for ARM/Raspberry Pi
Tag: [POWERPILL] - Launching error
Unable to install Spotify AUR package
Ausweisapp2 Build is comes up with error
GPG Error: gpg --recv-key xxx | gpg: keyserver receive failed: General error
can't install Liquorix kernel aur package
installeren met yaourt lukt niet
libc++abi failing to verify PGP signature
[SOLVED] pacman -Sy gnupg archlinux-keyring manjaro-keyring fails
Unable to update packages - signature invalid
[SOLVED] Cant install application from aur because 'pgp key could not be verified' how can i install
Latest testing iso [Solved]
(SOLVED) ==> ERROR: One or more PGP signatures could not be verified!
Can't install Tor Browser on Manjaro
JavaFX MediaPlayer Codecs

Hi and many many many thanks for your help! Solved!!!

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by