Solving “ERROR: One or more PGP signatures could not be verified!” (Arch LINUX)

Arch linux adding PGP verification some years ago was a really good thing after realizing that perhaps, just downloading from any repository without any kind of verification was a bad idea.

The process for signing and managing keys for the official repos is pretty straightforward and automated, however, with AUR, this is quite different.

Sometimes, you can run into signature errors such as the following:

==> Validating source files with md5sums…
cower-16.tar.gz … Passed
cower-16.tar.gz.sig … Skipped
==> Verifying source file signatures with gpg…
cower-16.tar.gz … FAILED (error during signature verification)
==> ERROR: One or more PGP signatures could not be verified!
==> ERROR: Makepkg was unable to build cower.
==> Restart building cower ? [y/N]

This happens because your keys repository is lacking a certain key needed to authenticate a package authenticity.

If you edit the PKGBUILD, you might see (if the author followed the convetions) the needed key and the owner of such key.

For this example package (cower), the PKGBUILD had a line telling us the needed key corresponded to a maintainer called “Dave Reisner”.

After googling a bit, you can find a reference to this person’s pgp key here

In this page you can find the public key ID, which is “F56C0C53”

All you have to do is add this public key to your keys repository, and you’ll be good to go. No more PGP errors for packages maintained by this particular maintainer:

gpg –recv-keys F56C0C53

you can learn more about package signing on Arch’s magnificent wiki

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s