ERROR: One or more PGP signatures could not be verified!

Hi everyone, yeah I know this topic has been brought up many times...
I am trying to install the xord bug 865 fix and i receive this message:

Verifying source file signatures with gpg...
    xorg-server-1.20.4.tar.bz2 ... FAILED (unknown public key 4C09DD83CAAA50B2)

However i did the

gpg --recv-key 4C09DD83CAAA50B2

and it didn't help.

Any suggestions?

1 Like

System is up to date.
I have done all of the operations with the keyring update - no luck.
Cleaned the cache of pacman and redownloaded the AUR package 5-6 times - no luck.

I really don't want to turn off the PGP verification, as in one of your posts you wrote

If validation still fails then the file is invalid.

And i am afraid that the corrupted package can mess things up.
On the other hand - i hadn't found any similar issues with this patch, so i'm inclined towards thinking this is a local problem.

Should i disable the PGP check? (IDK what is the probability of messing up the system in this case)

If you provide the full set of steps you're using I'll try and replicate the issue.

1 Like

I've installed the pacaur package to use AUR in octopi.
Then i tried installing the xorg-server-bug865 fix.
I received the aforementioned error message (in the 1st message)
I then added the key from the error message with

gpg --recv-key 4C09DD83CAAA50B2

That did not help.
After that I tried cleaning the pacman cache from /home/{user}/.cache/pacaur and tried to download and install again (with cleaning the cache in between) several times - that also did not help.

Then I executed all 4 commands from here. However the last one didn't do anything since my system was already up to date.
After executing that - I again cleaned the cache and tried to install it again - still no luck.

Are these steps sufficient? If not - please tell me where to give more details

1 Like

I don't see the issue if I build "normally" without a helper:

cd $(mktemp -d)
git clone https://aur.archlinux.org/xorg-server-bug865.git
cd xorg-server-bug865
makepkg -sri

It might be a pacaur or Octopi "bug". If you want to narrow it down you could try pacaur -S xorg-server-bug865 in a terminal and see if it works. If it does, it's Octopi at fault. If not, it's pacaur (or something in a package/source cache).

1 Like

tried it with pacaur -S xorg-server-bug865 - same thing
Then tried it with your "normal" package building script - same thing

==> Verifying source file signatures with gpg...
    xorg-server-1.20.4.tar.bz2 ... FAILED (unknown public key 4C09DD83CAAA50B2)
==> ERROR: One or more PGP signatures could not be verified!
==> Removing installed dependencies...

Whoops, I already have that key in my keyring. That would probably be why the verification succeeded. :sweat_smile:

So, the next question is why

isn't helping you.

What do you get with

$ gpg --search 4C09DD83CAAA50B2
gpg: data source: https://51.38.91.189:443
(1)	Adam Jackson <ajax@nwnk.net>
	  3072 bit RSA key 4C09DD83CAAA50B2, created: 2017-10-04
Enter number(s), N)ext, or Q)uit >

and

$ gpg --list-keys 4C09DD83CAAA50B2
pub   rsa3072 2017-10-04 [SC]
      995ED5C8A6138EB0961F18474C09DD83CAAA50B2
uid           [ unknown] Adam Jackson <ajax@nwnk.net>
sub   rsa3072 2017-10-04 [E]

?

1 Like

For the first one:

$ gpg --search 4C09DD83CAAA50B2
gpg: data source: https://192.146.137.99:443
(1)     Adam Jackson <ajax@nwnk.net>
          3072 bit RSA key 4C09DD83CAAA50B2, created: 2017-10-04
Keys 1-1 of 1 for "4C09DD83CAAA50B2".

For the second one:

$ gpg --list-keys 4C09DD83CAAA50B2
gpg: error reading key: No public key

Ok seems like something is wrong in the second one.

OK, so let's try

gpg -v --recv-key 4C09DD83CAAA50B2

and see what it says. I wonder whether your user's keyring is broken/corrupt or you've used sudo at some point and messed up its permissions, so also check

ls -l $HOME/.gnupg
2 Likes

It started the installation after the

gpg -v --recv-key 4C09DD83CAAA50B2

Result of the first one:

$ gpg -v --recv-key 4C09DD83CAAA50B2
gpg: data source: https://192.146.137.99:443
gpg: armor header: Version: SKS 1.1.6
gpg: armor header: Comment: Hostname: pgpkeys.co.uk
gpg: pub  rsa3072/4C09DD83CAAA50B2 2017-10-04  Adam Jackson <ajax@nwnk.net>
gpg: using pgp trust model
gpg: key 4C09DD83CAAA50B2: public key "Adam Jackson <ajax@nwnk.net>" imported
gpg: Total number processed: 1
gpg:               imported: 1

I really don't understand why it didn't work before. As i added this key multiple times before...

Here is the result of the second command:

ls -l $HOME/.gnupg
total 20
drwx------ 2 drimskii drimskii 4096 May 26 12:57 crls.d
drwx------ 2 drimskii drimskii 4096 May 26 13:02 private-keys-v1.d
-rw-r--r-- 1 drimskii drimskii 1958 May 26 13:02 pubring.kbx
-rw------- 1 drimskii drimskii   32 May 25 16:33 pubring.kbx~
-rw------- 1 drimskii drimskii 1200 May 26 12:58 trustdb.gpg

Did i mess something up? (As far as i remember i may have used sudo for gpg key addition. Is that a bad thing? Sorry if the question is dumb)

P.S. Maybe i needed to add the key again after executing the 4 commands that updated the keychain?

No idea. Possibly the key server from the key server pool that gpg used yesterday didn't have the key but the one it used today did?

Nope. :slight_smile:

The commands from the thread above shouldn't alter your user's keyring, only the keyring used by pacman.

I don't really know what went wrong, it was probably just "one of those things"...

1 Like

Probably... Nevertheless thank you for your help!

Offtopic

My journey goes onward to make Hardware Acceleration working in Chromium. (however i'm really dependent on Google Sync, that only works in Chrome as far as i read, so IDK how it will work out)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by