PGP Signature could not be verified after every cryptomator update

thwright · 1 March 2023 21:59

For the past several updates of cryptomator or cryptomator-bin, each time my install goes to build it, it errors with the following:

Building cryptomator-bin...
Running as unit: run-u433.service
Press ^] three times within 1s to disconnect TTY.
==> Making package: cryptomator-bin 1.7.0-1 (Wed 01 Mar 2023 04:55:02 PM EST)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Downloading cryptomator-1.7.0-1-x86_64.AppImage...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100 48.5M  100 48.5M    0     0  2362k      0  0:00:21  0:00:21 --:--:-- 3974k
  -> Downloading cryptomator-1.7.0-1-x86_64.AppImage.asc...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   833  100   833    0     0    900      0 --:--:-- --:--:-- --:--:--   900
  -> Found org.cryptomator.Cryptomator.desktop
  -> Found org.cryptomator.Cryptomator.png
  -> Found org.cryptomator.Cryptomator.svg
  -> Found cryptomator-vault.xml
==> Validating source files with sha256sums...
    cryptomator-1.7.0-1-x86_64.AppImage ... Passed
    cryptomator-1.7.0-1-x86_64.AppImage.asc ... Skipped
    org.cryptomator.Cryptomator.desktop ... Passed
    org.cryptomator.Cryptomator.png ... Passed
    org.cryptomator.Cryptomator.svg ... Passed
    cryptomator-vault.xml ... Passed
==> Verifying source file signatures with gpg...
    cryptomator-1.7.0-1-x86_64.AppImage ... cat: write error: Broken pipe
FAILED
==> ERROR: One or more PGP signatures could not be verified!
Finished with result: exit-code
Main processes terminated with: code=exited/status=1
Service runtime: 23.507s
CPU time consumed: 3.613s
Error: Failed to build cryptomator-bin

It seems to be hit or miss whether fixing the keys works or not. I have used the following with little to no help:

sudo rm -r /etc/pacman.d/gnupg;
sudo pacman-key --init;
mkdir -pv $HOME/.cache/pkg/ && sudo pacman -Syw archlinux-keyring manjaro-keyring --cachedir $HOME/.cache/pkg/;
rm -f $HOME/.cache/pkg/*.sig;
sudo pacman -U $HOME/.cache/pkg/*.tar.zst;
sudo pacman -U $HOME/.cache/pkg/*.tar.xz;

I already have the key:

sudo gpg --recv-key 58117AFA1F85B3EEC154677D615D449FE6E6A235
gpg: key 615D449FE6E6A235: "Cryptobot <releases@cryptomator.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

Any other suggestions for how to get cryptomator updating properly?

Yochanan · 1 March 2023 22:03

With what? Add/Remove Software (aka Pamac) or another AUR helper?

Don’t do that.

PGP keys for AUR packages should be in your user keyring, not the system keyring.

See this tutorial pinned right at the top of AUR

jrichard326 · 1 March 2023 23:30

All this PKGBUILD script does, is download an appimage. copy to a directory and create a launcher. It doesn’t even extract the appimage file. You might as well download the appimage from the developer’s website, make it executable and create a launcher if you need such a thing.

The only downside is that you would have to keep an eye open for any updates via the developer’s website rather than have the AUR package indexed in pamac and have pamac inform you of an update. Of course, that is also dependent on the AUR package maintainer updating the PKGBUILD in a timely manner.

thwright · 2 March 2023 22:24

Using pamac, either the GUI or the CLI.

So the wiki info is wrong? Or are you just pointing out the system/user distinction?

I already have the key:

gpg --recv-key 58117AFA1F85B3EEC154677D615D449FE6E6A235
gpg: key 615D449FE6E6A235: "Cryptobot <releases@cryptomator.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

That’s what I tried doing. Should I try the --keyserver flag then?

My understanding was this was not a missing key issue (since I have it already) but something else.

thwright · 2 March 2023 22:27

A fair point. Automatic updates are nice to be alerted about! Perhaps the Github RSS would suffice…

Yochanan · 2 March 2023 22:31

That wiki article is not related.

Do or do not. There is no try.

Tip: There is no need to use the --keyserver flag if you add the default one to your ~/.gnupg/gpg.conf:

keyserver hkps://keyserver.ubuntu.com
keyserver-options timeout=10
with-fingerprint