trying to follow some guide basically instructing to run the command “pamac build spotify” which seemed simple enough, then I ran in the same error anyone else apparently:
==> Validating source files with sha512sums...
spotify.protocol ... Passed
LICENSE ... Passed
spotify-22.214.171.1249-x86_64.deb ... Passed
spotify-126.96.36.1999-3-Release ... Skipped
spotify-188.8.131.529-3-Release.sig ... Skipped
spotify-184.108.40.2069-3-x86_64-Packages ... Skipped
==> Verifying source file signatures with gpg...
spotify-220.127.116.119-3-Release ... FAILED
==> ERROR: One or more PGP signatures could not be verified!
Finished with result: exit-code
Main processes terminated with: code=exited/status=1
Service runtime: 14.824s
CPU time consumed: 3.030s
Error: Failed to build spotify
Googling I found the AUR page with the pinned comment of importing some key, sadly the forum doesn’t allow me to paste the command for some weird reason so it’s your guess what it was.
but it did not help.
Also there was a topic here a few days ago but strangely the fix doesn’t work for me as I don’t have any such cache folder under /var/tmp so basically after trying for a half hour I got stuck finally.
Any further ideas?
A small note on the mechanism, it doesn’t sound too good, I would appreciate if it would ask me like ssh does, this and this is going on, do you want to trust this key, maybe offer a way to double check and then allow to accept and just do the thing instead of having to find a command on web to install keys manually (which is even less secure).
I tried to paste the command here to save this round but the forum didn’t let me. I will try to describe the url without pasting it.
It’s on the site aur archlinux org and points to spotify package. It has a pinned comment running a curl command to import a key that ends in 643.
This didn’t help.
Then I also found a different command on manjaro wiki under spotify article. That key ends in D58.
Also didn’t help.
From the other topic that was closed 6 days ago I found that I may need to clear the pamac cache but somehow the instruction is already not working. I don’t have the files mentioned under my /var/tmp.
In the mean time I found gpg man page and managed to list keys. Either the manpage is wrong to indicate installation of an expired key, or I interpret the output wrong. I’m not sure if this matters as long as I have the valid key.
p.s. I believe the urls I used are the same you posted. I know I look like an idiot posting after the same thing was just closed a few days ago but I guess just didn’t work for me.
Edit. I just tried again with the recommended (not expired) key. I was not sure if I should import that with my user or with root, since command is shown without sudo but I figured if root is installing they should have it, but it doesn’t work either way. I have the key imported according to gpg -k and it should be the right key it just doesn’t work.
I managed to figure this out.
I was running pamac command as root. I believe I tried ‘properly’ with ‘sudo pamac…’ , and also after a simple and lazy sudo bash command - you need root to install software, right? (I mean generally… with package managers… if they install to system directories)
For some reason it kept failing with the GPG check even though I had the key imported (I was confused and the instructions weren’t clear so I imported it manually for both my user and root but it didn’t help).
Running pamac as non root actually gave me a GUI popup for my password, and at the end of the successful install I have spotify in /usr/bin so that would imply it did a sudo (without me explicitly using sudo in the command).
If it is not meant to work with root I wish it would be made clear. There is a message “Warning: Building packages as root” but I took it as, well, a warning that the command will make system wide changes, which I intended to. I’m not sure whether that warning should also be taken like ‘hey this may not work’ or ‘you’re not supposed to use pamac this way’ but I didn’t think it did.
Apparently I missed the whole ‘top 3 things if you use pamac’ leaflet with the warning “Don’t use pamac as root it won’t work”. If that’s a commonly known thing and I missed it, or I found some uncommon circumstances and in most cases it should also work with sudo I’m not sure.
I am quite newbie at Linux as I get most things done via internet searches or common sense guesses based on previous experience instead of specific knowledge, but I used things like up2date / yum / zypper / apt / slackpkg before and they just all require root as far as I remember, also pacman seems to be the same so that’s why I didn’t even try without root before. Not sure why I did now.
I wonder how it would work if I didn’t have a GUI (no graphical popup for password) but that’s for a different scenario to figure out.