[HowTo] Automatically retrieve missing GPG keys during making packages|20180218

Issue

Some files are signed with developers GPG sign. Without validation of source tarbals, build package fails. For automatically downloading and adding new keys to LOCAL GPG database follow once this guide.

Install GnuPG

sudo pacman -S gnupg pinentry --needed --noconfirm

Enable following services sockets:

systemctl --user enable gpg-agent.socket
systemctl --user start gpg-agent.socket
systemctl --user enable dirmngr.socket
systemctl --user start dirmngr.socket

Create files with code:

$HOME/.gnupg/dirmngr.conf

keyserver hkps://pgp.mit.edu
keyserver hkps://hkps.pool.sks-keyservers.net

$HOME/.gnupg/gpg.conf

keyserver hkps://pgp.mit.edu
keyserver hkps://hkps.pool.sks-keyservers.net
keyserver-options auto-key-retrieve
require-cross-certification
keyring /etc/pacman.d/gnupg/pubring.gpg
use-agent

$HOME/.gnupg/gpg-agent.conf

If You are in NON-KDE use pinentry-qt or pinentry-gtk-2 .

default-cache-ttl 300
max-cache-ttl 999999
pinentry-program /usr/bin/pinentry-qt

### uncomment GTK2 or kwallet variant instead of QT if you needed.
# pinentry-program /usr/bin/pinentry-gtk-2
# pinentry-program /usr/bin/pinentry-kwallet

pinentry-kwallet is part of kwalletcli from AUR You need build and install (via yay/pacaur tool) if you want store passwords in kwallet.

Reload GPG Agent

gpg-connect-agent reloadagent /bye
13 Likes

Are there packages that need to be installed? As if I issue the systemctl commands the error returned indicates that "File or directory" isn't found.

Yep, I forgot mention about installing gnupg package :wink: Fixed. Thanks for hint :slight_smile:

1 Like

Well I installed gnupg why I hadn't already is another storry -.-

But - still I get the Failed to connect to bus: File or Directory not found error; Am I still missing some package(s)?

Did you followed all guide?

almost I just noticed

:expressionless: please add for people like me to - NOT - run them as root.

Thanks for your patience and the guide!

WHERE you have mention about SUDO or ROOT in GUIDE???? :scream:

My fault - I somehow see systemctl and my mind adds sudo :expressionless: the blame is completely on me. :disappointed_relieved:

1 Like

Can I suggest hkps:// for secure communication?

2 Likes

ipv4.pool.sks-keyservers.net
Don't have SSL Maybe another servers have it.

1 Like

EDIT:
Switch from HKP to HKPS

keyserver hkps://pgp.mit.edu

Working like a charm.

@jonathon

1 Like

i think it is worth mentioning at least some information below in your opening post:

as you have correctly marked, this method automatically retrieves keys to your local (=gpg) keyring. this keyring is used e.g. when installing packages manually or from the AUR.

it does not automatically retrieve any keys for pacman's keyring. this keyring is separate and used for installing packages from the manjaro repositories. it contains keys of arch linux and manjaro developers.

there is a command, which copies all pacman keys to your gpg keyring. this solves many (but not all) missing key problems when installing AUR packages:

echo 'keyring /etc/pacman.d/gnupg/pubring.gpg' >> $HOME/.gnupg/gpg.conf

the method presented in this tutorial solves ALL missing key problems when installing AUR packages while increasing the risk of (re)installing packages from unknown and untrusted sources.

2 Likes

Added to guide. :slight_smile:
Thanks

Have anyone configured GnuPG to get the key when the network is behind of a proxy?

See https://bbs.archlinux.org/viewtopic.php?pid=1264569#p1264569

@FadeMind Thank you. Have tried, but I have never got it working in this corporate network. Even using a different GPG server serving in 443 or 80 ports. Will continue trying...

2 posts were split to a new topic: Gpg setup issues

7 posts were merged into an existing topic: Gpg setup issues

I hate to be the crumudgeon on this, but I really wouldnt recommend auto-key-adoption in general.

1 Like

It should at least have an option to enable auto-key via conf without haivng so much side configuration.

But, the guide works well, thanks much!

Forum kindly sponsored by