Makepkg give pgp error

, ,

Hi,

I am the maintainer of Keepass on the CCR and I just found I have not update it since a long time. Sorry about that.

Since it is been some time, I decided to restart from the Arch packages. Anyway my changes were really minor. So I do as they say in the tutorial to import from arch. Got all the files and try makepkg -si. This is the output I got:

    ==> Making package: keepass 2.37-1 (Fri Nov  3 20:33:42 EDT 2017)
    ==> Checking runtime dependencies...
    ==> Checking buildtime dependencies...
    ==> Retrieving sources...
      -> Found KeePass-2.37-Source.zip
      -> Found KeePass-2.37-Source.zip.asc
      -> Found keepass
      -> Found keepass.1
      -> Found keepass.desktop
      -> Found keepass.xml
    ==> Validating source files with md5sums...
        KeePass-2.37-Source.zip ... Passed
        KeePass-2.37-Source.zip.asc ... Skipped
        keepass ... Passed
        keepass.1 ... Passed
        keepass.desktop ... Passed
        keepass.xml ... Passed
    ==> Validating source files with sha1sums...
        KeePass-2.37-Source.zip ... Passed
        KeePass-2.37-Source.zip.asc ... Skipped
        keepass ... Passed
        keepass.1 ... Passed
        keepass.desktop ... Passed
        keepass.xml ... Passed
    ==> Validating source files with sha256sums...
        KeePass-2.37-Source.zip ... Passed
        KeePass-2.37-Source.zip.asc ... Skipped
        keepass ... Passed
        keepass.1 ... Passed
        keepass.desktop ... Passed
        keepass.xml ... Passed
    ==> Verifying source file signatures with gpg...
        KeePass-2.37-Source.zip ... FAILED (unknown public key A4F762DC58C6F98E)
    ==> ERROR: One or more PGP signatures could not be verified!

What can I do?
Thanks.

Hey,

There are 2 things you can do here:

  1. Import the key locally using gpg

Search the key with:

$ gpg --search-keys A4F762DC58C6F98E
gpg: data source: https://18.9.60.141:443
(1)     Dominik Reichl <dominik.reichl@gmx.de>
4096 bit RSA key A4F762DC58C6F98E, created: 2016-06-08

As you can see it is the same as the one listed on keepass website. You can now import it with:

$gpg --receive-keys A4F762DC58C6F98E

  1. Remove the keys from the PKGBUILD

If you want to ignore the key, you can remove the related references. Using Arch’s PKGBUILD as example, lines 20, 39 and 44 should be removed.

On another topic, here you will also notice several types of checksums listed (md5sum, sha1sum, sha256sum). I would remove the lines related to md5sum and sha1sum, as they are not really needed if you are using sha256sum.

PS: When posting, use the </> icon to wrap output text into a format like this one. :wink:

1 Like

Thanks.

I try installing the key, and it failed. So I decided to simply remove it from the PKGBUILD. I assume this would also help others trying to install it since they won’t need to do the receive-keys.

I also remove the unnecessary checksum before creating the .src. Don’t know why they are in the Arch.

This topic was automatically closed 60 minutes after the last reply. New replies are no longer allowed.

I think this post worth an FAQ <3