I cannot upgrade an AUR package libkipi. I receive the errors below.
Building libkipi...
==> Making package: libkipi 22.04.0-1 (Vi 13 mai 2022 14:19:07 +0300)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
-> Found libkipi-22.04.0.tar.xz
-> Found libkipi-22.04.0.tar.xz.sig
==> Validating source files with sha256sums...
libkipi-22.04.0.tar.xz ... Passed
libkipi-22.04.0.tar.xz.sig ... Skipped
==> Verifying source file signatures with gpg...
libkipi-22.04.0.tar.xz ... FAILED (unknown public key BB463350D6EF31EF)
==> ERROR: One or more PGP signatures could not be verified!
Error: Failed to build libkipi
I weird because this was happened after this upgrade, and I don’t remember to install myself this package.
I try how much is possible to avoid AUR packages. Using your command seems it is not used by anything…
pacman -Qi libkipi  ✔
Name : libkipi
Version : 22.04.0-1
Description : An interface to use kipi-plugins from a KDE application
Architecture : x86_64
URL : https://www.kde.org/
Licenses : GPL LGPL FDL
Groups : None
Provides : None
Depends On : kxmlgui kservice hicolor-icon-theme
Optional Deps : None
Required By : None
Optional For : None
Conflicts With : None
Replaces : None
Installed Size : 289,99 KiB
Packager : Unknown Packager
Build Date : Vi 13 mai 2022 14:36:30 +0300
Install Date : Vi 13 mai 2022 14:36:42 +0300
Install Reason : Installed as a dependency for another package
Install Script : No
Validated By : None
libkipi (AUR) can’t be updated. WTF is this, i never installed it.
Der PGP-Schlüssel XXXXXXXXXXXXXX wird benötigt, um libkipi Quellcode-Dateien zu verifizieren.
Vertraue Albert Astals Cid <aacid@kde.org> und importiere den PGP-SchlĂĽssel ?
It likely is a former (?) dependency of a package which used to be in the main repositories. Following a clean of upstream repositories, the package and its dependencies unused by other other packages have been moved to AUR.
If no installed package depends on it, or if you don’t use AUR packages depending on it, you can safely remove those packages.
kxmlgui, kservice, hicolor and extra-cmake are in the extra repo and not aur
[nls@lap ~]$ sudo pacman -Qi libkipi
[sudo] Mot de passe de nls�:
Name : libkipi
Version : 21.12.3-1
Description : An interface to use kipi-plugins from a KDE application
Architecture : x86_64
URL : https://www.kde.org/
Licenses : GPL LGPL FDL
Groups : None
Provides : None
Depends On : kxmlgui kservice hicolor-icon-theme
Optional Deps : None
Required By : None
Optional For : None
Conflicts With : None
Replaces : None
Installed Size : 273,86 KiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : mar. 01 mars 2022 09:56:04
Install Date : lun. 14 mars 2022 19:27:18
Install Reason : Installed as a dependency for another package
Install Script : No
Validated By : Signature
[nls@lap ~]$
libkipi was, until recently, a dependency of gwenview and spectacle. Those dependencies are no longer necessary.
Here is the commit that removed libkipi as a dependency of gwenview (notice line #13), and here is the commit that removed it as a dependency of spectacle (line #10).
The package was kept available by moving it to the AUR because it is still required by 2 AUR packages (spectacle-light and kipi-plugins, which require either libkipi or libkipi-git).
Now that i look more closely, the version spotted in manjaro-compare is misleading since the package is there part of the kde-unstable repository, which is not enabled by default.
pacman -Qi libkipi  ✔
Name : libkipi
Version : 21.12.3-1
Description : An interface to use kipi-plugins from a KDE application
Architecture : x86_64
URL : https://www.kde.org/
Licenses : GPL LGPL FDL
Groups : None
Provides : None
Depends On : kxmlgui kservice hicolor-icon-theme
Optional Deps : None
Required By : gwenview spectacle
Optional For : None
Conflicts With : None
Replaces : None
Installed Size : 273.86 KiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Tue 01 Mar 2022 10:56:04
Install Date : Mon 14 Mar 2022 18:10:24
Install Reason : Installed as a dependency for another package
Install Script : No
Validated By : Signature
As stated already, multiple packages can sometimes become orphans after an update, they are not needed anymore.
You can update with Pacman with no issue. If you have AUR enabled and try to update with something supporting the AUR like Pamac, and this package exists in the AUR, then it will try to update it through the AUR (which is the case here). You can remove your orphans in theory without issue.