Can't upgrade tuba due a gpg key error

I can’t upgrade tuba (mastodon client) due an error importing a gpg key. This is the error reported trying pamac update:

pamac install tuba
Warning: tuba is only available from AUR
Cloning tuba build files...
Generating tuba information...
Checking tuba dependencies...
Resolving dependencies...
Checking inter-conflicts...

To build (1):
  tuba  0.4.1-0.1  (0.4.0-0.1)  AUR

Edit build files : [e] 
Apply transaction ? [e/y/N] y

==== AUTHENTICATING FOR org.manjaro.pamac.commit ====
Authentication is required to install, update, or remove packages
Multiple identities can be used for authentication:
 1.  Leandro (leandro)
 2.  Leandro (leandro)
Choose identity to authenticate as (1-2): 1

Building tuba...
==> Making package: tuba 0.4.1-0.1 (mer 9 ago 2023, 10:37:47)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Updating Tuba git repo...
==> Validating source files with sha256sums...
    Tuba ... Skipped
==> Verifying source file signatures with gpg...
    Tuba git repo ... FAILED (unknown public key 4AEE18F83AFDEB23)
==> ERROR: One or more PGP signatures could not be verified!
Error: Failed to build tuba

Manjaro stable regularly updated on amd64.

As you can read in the output, tuba is an AUR package, and therefore Manjaro cannot be held responsible for the integrity of the uploader’s signature. However, if you explicitly trust the uploader, you can import their key.

gpg --import 4AEE18F83AFDEB23

Use at your own risk! :man_shrugging:

That seems to be a default github key (github signs for the developer). Which means if you import it you will automatically trust maaaany developers.

1 Like

In that case…

Please read the pinned comment on the tuba AUR page:

GPG Error

Import the gpg-key with:

curl -sS | gpg --import -
curl -sS | gpg --import -

See also the pinned tutorial here in the AUR section:

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.