I’ve installed several Python versions from AUR. I also have Python 3.8 with version 3.8.11-3 on my system and wanted to update it with the now available 3.8.12-1. The download succeeds but it fails by checking the PGP signature:
==> Verifying source file signatures with gpg...
Python-3.8.12.tar.xz ... cat: write error: Broken pipe
FAILED
==> ERROR: One or more PGP signatures could not be verified!
I tried to verify the tar.gz on my own under /var/cache/pamac/python38:
$ gpg --show-keys Python-3.8.12.tar.xz.asc
gpg: no valid OpenPGP data found.
$ gpg --with-fingerprint Python-3.8.12.tar.xz.asc
gpg: WARNING: no command supplied. Trying to guess what you mean ...
gpg: assuming signed data in 'Python-3.8.12.tar.xz'
gpg: Signature made Mo 30 Aug 2021 18:43:21 CEST
gpg: using RSA key E3FF2839C048B25C084DEBE9B26995E310250568
gpg: Good signature from "Łukasz Langa (GPG langa.pl) <lukasz@langa.pl>" [unknown]
gpg: aka "Łukasz Langa <lukasz@edgedb.com>" [unknown]
gpg: aka "Łukasz Langa <lukasz@python.org>" [unknown]
gpg: aka "Łukasz Langa (Work e-mail account) <ambv@fb.com>" [unknown]
gpg: aka "[jpeg image of size 24479]" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: E3FF 2839 C048 B25C 084D EBE9 B269 95E3 1025 0568
So, could it be, that the .asc file which is downloaded from python.org is invalid? From my point of view everything else on my system seems to be alright, since I was able to install other versions like 3.6 or 3.10 without any failure.
Any help appreciated, thanks in advance, regards, Thomas
thanks for the answer, but the error message is slightly different. The public key isn’t the problem, it says cat: write error: Broken pipe. Anyway, I try to head forward to Lukasz, maybe he might have an idea. I still guess that it has something to do with the .asc from the Python repo.
Building python38...
Running as unit: run-u714.service
Press ^] three times within 1s to disconnect TTY.
==> Making package: python38 3.8.12-1 (Do 30 Sep 2021 20:15:39 CEST)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
-> Downloading Python-3.8.12.tar.xz...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 17.5M 100 17.5M 0 0 4411k 0 0:00:04 0:00:04 --:--:-- 4412k
-> Downloading Python-3.8.12.tar.xz.asc...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 833 100 833 0 0 9815 0 --:--:-- --:--:-- --:--:-- 9916
-> Found mpdecimal-2.5.1.patch
==> Validating source files with sha256sums...
Python-3.8.12.tar.xz ... Passed
Python-3.8.12.tar.xz.asc ... Skipped
mpdecimal-2.5.1.patch ... Passed
==> Verifying source file signatures with gpg...
Python-3.8.12.tar.xz ... cat: write error: Broken pipe
FAILED
==> ERROR: One or more PGP signatures could not be verified!
Finished with result: exit-code
Main processes terminated with: code=exited/status=1
Service runtime: 8.485s
CPU time consumed: 5.908s
Error: Failed to build python38