[HowTo] Automatically retrieve missing GPG keys during making packages|20201019

Issue

Some files are signed with developers GPG signature. Without validation of source tarballs, building packages fail. For automatically downloading and adding new keys to LOCAL GPG database, follow this guide.

Install GnuPG

sudo pacman -S gnupg --needed --noconfirm

Enable following services sockets as normal user:

systemctl --user enable --now gpg-agent.socket
systemctl --user enable --now dirmngr.socket

Create files with code:

$HOME/.gnupg/dirmngr.conf

keyserver hkps://pgp.mit.edu
keyserver hkps://hkps.pool.sks-keyservers.net
keyserver hkp://keyserver.ubuntu.com:80

$HOME/.gnupg/gpg.conf

keyserver hkps://pgp.mit.edu
keyserver hkps://hkps.pool.sks-keyservers.net
keyserver hkp://keyserver.ubuntu.com:80
keyserver-options auto-key-retrieve
require-cross-certification
keyring /etc/pacman.d/gnupg/pubring.gpg
use-agent

$HOME/.gnupg/gpg-agent.conf

default-cache-ttl 300
max-cache-ttl 999999

### Change to preferred pinentry program
pinentry-program /usr/bin/pinentry-curses

There are other pinentry programs that you can choose from - see pacman -Ql pinentry | grep /usr/bin/:

pinentry /usr/bin/pinentry-curses
pinentry /usr/bin/pinentry-emacs
pinentry /usr/bin/pinentry-gnome3
pinentry /usr/bin/pinentry-gtk-2
pinentry /usr/bin/pinentry-qt
pinentry /usr/bin/pinentry-tty

Kwallet integration for KDE
pinentry-kwallet is part of kwalletcliAUR . You need build and install (via pamac, yay, etc.) if you want to store passwords in kwallet.

Reload GPG Agent

gpg-connect-agent reloadagent /bye
8 Likes