AUR update incomplete - PGP signature incorrect


#1

Got a big update today. All went through except those 2 packages which will not install complaining about PGP signatures unverified.
phonon-qt4
kdebase-runtime

Construction de phonon-qt4...
Clonage dans 'phonon-qt4'...
remote: Enumerating objects: 11, done.        
remote: Counting objects: 100% (11/11), done.        
remote: Compressing objects: 100% (10/10), done.        
remote: Total 11 (delta 1), reused 11 (delta 1)        
Dépaquetage des objets: 100% (11/11), fait.
==> Création du paquet phonon-qt4 4.10.1-2 (dim 26 aoû 2018 11:48:09 EDT)
==> Vérification des dépendances pour l’exécution…
==> Vérification des dépendances pour la compilation…
==> Récupération des sources…
  -> Téléchargement de phonon-4.10.1.tar.xz…
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   356  100   356    0     0    915      0 --:--:-- --:--:-- --:--:--   912
100   346  100   346    0     0    364      0 --:--:-- --:--:-- --:--:--   364
100  314k  100  314k    0     0   114k      0  0:00:02  0:00:02 --:--:--  186k
  -> Téléchargement de phonon-4.10.1.tar.xz.sig…
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   360  100   360    0     0   1389      0 --:--:-- --:--:-- --:--:--  1389
100   819  100   819    0     0   1003      0 --:--:-- --:--:-- --:--:--  1481
==> Validation des fichiers source avec sha256sums…
    phonon-4.10.1.tar.xz ... Réussite
    phonon-4.10.1.tar.xz.sig ... Ignoré
==> Vérification des signatures des fichiers sources grâce à gpg…
    phonon-4.10.1.tar.xz ... ÉCHEC (Clé publique inconnue B92A5F04EC949121)
==> ERREUR : Une ou plusieurs signatures PGP n’ont pas pu être vérifiées.

Problem while updating from AUR
#2
sudo pacman-key --refresh-key

Should do the job


#3

#4

Ok the key refresh didn’t work but I remove phonon-qt4 as suggested by Signalrunner. It took away the other package with it. Hopefully it will have no effect. Strange though that it still push updates for it.
The updater is happy now.

Thanks !


#5

The combined two above will get you where you need to go (either add the signature or remove the package).
To check if anything needs it look at the ‘required by’ line from
pacman -Qi phonon-qt4

Edit- oops seconds too late :wink:


#6

Oops seconds too late too. I cannot check what use phonon-qt4 since I remove it and it won’t re-install just to use your command and see what use it.


#7

#8

Well… It’s not that it pushes updates for it. Since it isn’t in Manjaro repos anymore, it can’t be updated…

But, if you use an AUR helper, or the graphical package managers with AUR support, in order to look for updates and the package formerly at Manjaro repos it is relegated now to the AUR… Well, updates will be found.

A good old “pacman -Syu” wouldn’t had found updates, I believe. This in one of those things, where the AUR is involved, which isn’t officially supported and… well. You know, it is what it is.


#9

And PGP is doing what it should.
You should look up the key and verify you trust the owner, etc. Only then do you import the key. From then on you trust that key as a source for software.


#10

I know, I know. I’m just pointing to the “fault” of using helpers indiscriminately in order to proceed with updates, instead of doing it by “stages”.

I mean, a “pacman -Syu” first and then and just then, a “yaourt -Syua” or “yay whatever”. Instead of just calling the helper beforehand and just doing the updates with a yay or whatever. I’m sorry, I know I explain myself badly and my english sucks.


#11

You’re fine, I was just adding :wink:


#12

I have a question. Since it let me uninstall the package without any warnings, does that mean that nothing needs it ?

Consulting the history, removing phonon-qt4, remove those 4 packages. (My other Manjaro Xfce machine doesn’t have those installed so must be something I have install on this one)

2018-08-26 12:05] [ALPM] removed phonon-qt4-gstreamer (4.9.0-4)
[2018-08-26 12:05] [ALPM] removed phonon-qt4 (4.10.1-1)
[2018-08-26 12:05] [ALPM] removed kdelibs (4.14.38-4)
[2018-08-26 12:05] [ALPM] removed kdebase-runtime (17.08.3-3)
[2018-08-26 12:05] [ALPM] transaction started


#13

Probably.

You can check a package’s dependents via pacman -Qi packagename. If it has no dependents then it can be freely removed.


#14

Manjaro-XFCE (turn Compiz on and off).

Know I got the kdebase-runtime and phonon-qt4 because there are some old games I really like.

Was going to remove those 2 files just to see what game(s) broke. (Probably all of them?)
but can’t from AUR. Terminal would be? Sudo pacman -R package??

I would prefer to keep as I love the games so like the import key idea but am not sure how to find and import properly.


#15

Yup, you got it. Small “s”.


#16

Thanks LOL yea meant small s.


#17

A proper sentence begins with capitalization, neh? :smiley:


closed #18

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.