How to build the spotify aur package? I have cloned it and I am trying to build with chrootbuild -b stable -p spotify. However, I get
==> Verifying source file signatures with gpg... spotify-1.2.74.477-3-Release ... FAILED (unknown public key 5384CE82BA52C83A) ==> ERROR: One or more PGP signatures could not be verified!
The aur repo contains instructions about how to get the key and the need to build in a clean chroot. However those instructions are for arch and pkgctl, not for manjaro and chrootbuild.
The easiest way to build it would be by way of pamac or yay. However, you deliberately chose to do it differently, which means that you most likely want to learn how to do it that way and not by way of an AUR helper.
That, then, begs the question as to why you are asking us to tell you? What’s the point of the exercise if you’re going to cheat?
… and that subsequently you always must build in a clean chroot. However, at this point, it is the arch way of using a chroot that is proposed, with pkgctl. The latter apparently succeeds in passing the just imported gpg key to the chroot.
Yes, it is a pre-built deb. But in this case, part of the deb package is signed with a spotify key. And makepkg will not use it unless it can verify the signature. And it can’t, because it is unclear where the key is being searched for.
I understand you should not use arch tools to build packages in chroots, but Manjaro ones if you are on manjaro, because you need a manjaro system inside the chroot, not an arch one. Specifically, chrootbuild -b stable should give you a manjaro stable basis to build against. Maybe in this case it might not matter that much, but in general it should.
Spotify do not release an official AppImage package, however several unofficial projects exist; It seems (to me) that one of these options would solve your stated goal, to use the same package on many machines.
After all, that’s what AppImage is designed for.
If you’re unfamiliar with AppImage, they work similarly to Flatpak, in that dependencies are contained within the .appimage file.
No building required, just download and run.
Use GearLever to integrate the AppImage into system menus, etc:
Seems to me that the problem is that the build uses the keyring in /var/lib/chrootbuild/build/.gnupg/. However, even if I try to inject a key there, it does not seem to work. I wonder if the problem can be with the key trust. I have noticed that it gets reset whenever the build process is started.
I have an alternative that is using the flatpak. I also see, by the spotify counterexample, that not all the aur packages can be used with Manjaro’s tooling with makes me a bit unhappy, as I do not understand why (yet). Hoped that the author(s) of chrootbuild could offer some hint.
As for the alternative, spotify-qt is another beer altogether and is not point and click so forget it if the purpose is redistribution.
I still don’t get the purpose. Since it’s not like building from source… it’s unzipping some files. Just use Yay, copy the package from cache. On the next machine, import the key with gpg and then install and that is it, i suppose.
no idea whether such documentation exists for Manjaro.
If you use the suggested AUR helpers, they will assist in providing the dependencies listed in the PKGBUILD.
If you use makepkg these have to be there, provided by you.
It is not an isolated environment as in chroot - some dependency could not be listed but still be present in the host system, causing the build to succeed but the package would not work on a system where that unknown precondition would not exist.
In your profile you put RPI4 and ARM64 - is this about that?
There I’m completely clueless.
Thanks for you help anyway. I’ll try to find out and if I succeed, I’ll share the info. Being able to build all of the aur in chroot can be useful.
It would be nice of course, but it is the harder way to go. I just updated Spotify with yay, it even prompted me to automatically import the changed key:
key 5384CE82BA52C83A: public key "Spotify Public Repository Signing Key <tux@spotify.com>" imported
yay log
yay -Sua
:: Searching AUR for updates...
:: 1 package to upgrade/install.
1 aur/spotify 1:1.2.74.477-2 -> 1:1.2.74.477-3
==> Packages to exclude: (eg: "1 2 3", "1-3", "^4" or repo name)
-> Excluding packages may cause partial upgrades and break systems
==>
AUR Explicit (1): spotify-1:1.2.74.477-3
:: (1/1) Downloaded PKGBUILD: spotify
1 spotify (Installed) (Build Files Exist)
==> Packages to cleanBuild?
==> [N]one [A]ll [Ab]ort [I]nstalled [No]tInstalled or (1 2 3, 1-3, ^4)
==>
1 spotify (Installed) (Build Files Exist)
==> Diffs to show?
==> [N]one [A]ll [Ab]ort [I]nstalled [No]tInstalled or (1 2 3, 1-3, ^4)
==>
==> Making package: spotify 1:1.2.74.477-3 (Mo 24 Nov 2025 13:33:01 CET)
==> Retrieving sources...
-> Downloading spotify-1.2.74.477-g3be53afe-x86_64.deb...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 147M 100 147M 0 0 10.4M 0 0:00:14 0:00:14 --:--:-- 10.2M
-> Found spotify.sh
-> Found spotify.protocol
-> Found LICENSE
-> Downloading spotify-1.2.74.477-3-Release...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 2447 100 2447 0 0 12198 0 --:--:-- --:--:-- --:--:-- 12198
-> Downloading spotify-1.2.74.477-3-Release.sig...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 1601 100 1601 0 0 7638 0 --:--:-- --:--:-- --:--:-- 7638
-> Downloading spotify-1.2.74.477-3-x86_64-Packages...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 1132 100 1132 0 0 6247 0 --:--:-- --:--:-- --:--:-- 6247
==> WARNING: Skipping verification of source file PGP signatures.
==> Validating source files with sha512sums...
spotify-1.2.74.477-g3be53afe-x86_64.deb ... Passed
spotify.sh ... Passed
spotify.protocol ... Passed
LICENSE ... Passed
spotify-1.2.74.477-3-Release ... Skipped
spotify-1.2.74.477-3-Release.sig ... Skipped
spotify-1.2.74.477-3-x86_64-Packages ... Skipped
:: (1/1) Parsing SRCINFO: spotify
gpg: error reading key: No public key
:: PGP keys need importing:
-> E1096BCBFF6D418796DE78515384CE82BA52C83A, required by: spotify
:: Import? [Y/n]
:: Importing keys with gpg...
gpg: key 5384CE82BA52C83A: public key "Spotify Public Repository Signing Key <tux@spotify.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
==> Making package: spotify 1:1.2.74.477-3 (Mo 24 Nov 2025 13:33:43 CET)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
-> Found spotify-1.2.74.477-g3be53afe-x86_64.deb
-> Found spotify.sh
-> Found spotify.protocol
-> Found LICENSE
-> Found spotify-1.2.74.477-3-Release
-> Found spotify-1.2.74.477-3-Release.sig
-> Found spotify-1.2.74.477-3-x86_64-Packages
==> Validating source files with sha512sums...
spotify-1.2.74.477-g3be53afe-x86_64.deb ... Passed
spotify.sh ... Passed
spotify.protocol ... Passed
LICENSE ... Passed
spotify-1.2.74.477-3-Release ... Skipped
spotify-1.2.74.477-3-Release.sig ... Skipped
spotify-1.2.74.477-3-x86_64-Packages ... Skipped
==> Verifying source file signatures with gpg...
spotify-1.2.74.477-3-Release ... Passed
==> Removing existing $srcdir/ directory...
==> Extracting sources...
-> Extracting spotify-1.2.74.477-g3be53afe-x86_64.deb with bsdtar
==> Starting prepare()...
spotify-1.2.74.477-3-x86_64-Packages: OK
spotify-1.2.74.477-g3be53afe-x86_64.deb: OK
==> Sources are ready.
==> Making package: spotify 1:1.2.74.477-3 (Mo 24 Nov 2025 13:33:46 CET)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> WARNING: Using existing $srcdir/ tree
==> Entering fakeroot environment...
==> Starting package()...
==> Tidying install...
-> Removing libtool files...
-> Purging unwanted files...
-> Removing static library files...
-> Compressing man and info pages...
==> Checking for packaging issues...
==> Creating package "spotify"...
-> Generating .PKGINFO file...
-> Generating .BUILDINFO file...
-> Generating .MTREE file...
-> Compressing package...
==> Leaving fakeroot environment.
==> Finished making: spotify 1:1.2.74.477-3 (Mo 24 Nov 2025 13:33:54 CET)
==> Cleaning up...
loading packages...
resolving dependencies...
looking for conflicting packages...
Packages (1) spotify-1:1.2.74.477-3
Total Installed Size: 344,11 MiB
Net Upgrade Size: 0,00 MiB
:: Proceed with installation? [Y/n]
(1/1) checking keys in keyring [########################################] 100%
(1/1) checking package integrity [########################################] 100%
(1/1) loading package files [########################################] 100%
(1/1) checking for file conflicts [########################################] 100%
(1/1) checking available disk space [########################################] 100%
:: Running pre-transaction hooks...
(1/1) Creating Timeshift snapshot before upgrade...
==> skipping timeshift-autosnap due skipRsyncAutosnap in /etc/timeshift-autosnap.conf set to TRUE.
:: Processing package changes...
(1/1) upgrading spotify [########################################] 100%
:: Running post-transaction hooks...
(1/4) Arming ConditionNeedsUpdate...
(2/4) Updating icon theme caches...
(3/4) Checking which packages need to be rebuilt
(4/4) Updating the desktop file MIME type cache...
Using a pre-built .deb package and insisting on trying to “build” it in a clean chroot
doesn’t make much sense to me.
Note the “to me” qualifier …
Importing the key would be done from within the chroot, not by somehow inserting it from the outside,
is what I think.
In reality:
we have no idea how OP did things and where and why the approach might have failed.
