PGP verification fails even after disabling PGP verification

Hello! I'm attempting to install ecryptfs-simple from AUR using yaourt. It fails like this:

==> Verifying source file signatures with gpg...
    ecryptfs-simple-2016.12.tar.xz ... FAILED (unknown public key 1D1F0DC78F173680)
==> ERROR: One or more PGP signatures could not be verified!
==> ERROR: Makepkg was unable to build ecryptfs-simple.

I've tried a few things to remedy this. First, I've added the unknown key to the trusted database, following the procedure described here. When that failed, I tried disabling verification all together in /etc/pacman.conf. Here is the relevant part:

#SigLevel    = Required DatabaseOptional
SigLevel = Never
#LocalFileSigLevel = Optional
LocalFileSigLevel = Never
#RemoteFileSigLevel = Required

Then I've tried renewing the whole key database as described here. I've also deleted all signature files from /var/lib/pacman/sync/ and the ecryptfs-simple package from /var/cache/pacman/pkg/.

The closest thing to an explanation I can think of is that I have recently switched to using KDE, so maybe kwallet or Kleopatra or Kgpg are somehow interfering? I have messed with all three recently, and I have broken my personal gnupg config files (and subsequently fixed them), but that shouldn't matter since pacman has it's own gnupg configuration.

I have updated the system and some other packages from AUR without any issues. Upgrading another AUR package, I saw no mention of PGP, but I don't think it gets mentioned unless something goes awry. There are these lines, however:

(1/1) checking keys in keyring                                              [##########################################] 100%
(1/1) checking package integrity                                            [##########################################] 100%

So pacman (yaourt) might be ignoring the .conf for all packages and checking validity anyway.

Pacman and pacman keyring are not involved in AUR source checking.. when a PKGBUILD file want to check PGP signature of a source. You need to add the key in your user keyring database.

3 Likes

Thanks! The check passed after the following (for future reference):

gpg --recv-keys 1D1F0DC78F173680

1D1F0DC78F173680 should be replaced with the unknown key's id.

1 Like

if some people read this and are looking for an alternative fix, try PacUI.
it has a "fix pacman errors" option, which fixes this problem permanently using the following code:

This will not help in this case here, because here the user is supposed to import the key, not pacman.
gpg --recv-keys FINGERPRINT
or
gpg --search-keys FINGERPRINT
command must run by the user, because yaourt checks the "ingredients" for PKGBUILD with user privileges.

i am sorry. you are right.

pacui only helps with importing all arch linux and manjaro developer's key to the gpg keyring.
it does not help when the key is unknown to pacman's keyring.

This, too.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Forum kindly sponsored by