PGP signature for mit-scheme package

sicro · 31 July 2021 21:09

I have this problem with the mit-scheme package on the AUR.
When i run pamac build mit-scheme I get this:
==> Verifying source file signatures with gpg... mit-scheme-11.2-x86-64.tar.gz ... FAILED (invalid public key 8F664EF430167B808170D35AC9E40BAAFD0CB132) ==> ERROR: One or more PGP signatures could not be verified! Error: Failed to build mit-scheme
I already tried doing gpg --recv-key 8F664EF430167B808170D35AC9E40BAAFD0CB132 and I get this result
gpg: key C9E40BAAFD0CB132: "Chris Hanson <cph@chris-hanson.org>" not changed gpg: Total number processed: 1 gpg: unchanged: 1
Anyway it doesn’t change the problem with pamac.
Anybody can point me to the right path please?
Thanks for your time!

Yochanan · 31 July 2021 22:24

When encountering issues with AUR packages, always check the latest comments on the package’s AUR page.

sicro · 2 August 2021 01:23

I actually tried it, but it didn’t change the result:

[sicro@sicro ~]$ gpg --keyserver hkps://keys.openpgp.org/ --recv-keys 8F664EF430167B808170D35AC9E40BAAFD0CB132
gpg: key C9E40BAAFD0CB132: "Chris Hanson <cph@chris-hanson.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
[sicro@sicro ~]$ pamac build mit-scheme
Preparing...
Cloning mit-scheme build files...
Checking mit-scheme dependencies...
Resolving dependencies...
Checking inter-conflicts...

To build (1):
  mit-scheme  11.2-2    AUR


Edit build files : [e] 
Apply transaction ? [e/y/N] y


Building mit-scheme...
==> Making package: mit-scheme 11.2-2 (Sun 01 Aug 2021 10:22:24 PM -03)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Found mit-scheme-11.2-x86-64.tar.gz
  -> Found mit-scheme-11.2-x86-64.tar.gz.sig
==> Validating source files with sha256sums...
    mit-scheme-11.2-x86-64.tar.gz ... Passed
    mit-scheme-11.2-x86-64.tar.gz.sig ... Skipped
==> Verifying source file signatures with gpg...
    mit-scheme-11.2-x86-64.tar.gz ... FAILED (invalid public key 8F664EF430167B808170D35AC9E40BAAFD0CB132)
==> ERROR: One or more PGP signatures could not be verified!
Error: Failed to build mit-scheme

Yochanan · 2 August 2021 02:43

What’s the contents of your gpg.conf?

cat ~/.gnupg/gpg.conf

You might have an old server in there. I recommend adding the following server:

keyserver hkps://keyserver.ubuntu.com

sicro · 2 August 2021 11:36

I actually can’t find that file:

[sicro@sicro ~]$ ls ~/.gnupg/            
crls.d  private-keys-v1.d  pubring.kbx  pubring.kbx~  trustdb.gpg

Is it normal?

Yochanan · 2 August 2021 14:48

Yes, it’s not created by default.

sicro · 2 August 2021 21:23

I just created the file and added that keyserver you suggested, but the result it’s still negative with pamac

Yochanan · 2 August 2021 22:02

It works for me after manually importing the key, not sure what else to try.

❯ pamac build mit-scheme
Preparing...
Checking mit-scheme dependencies...
Resolving dependencies...
Checking inter-conflicts...

To build (1):
  mit-scheme  11.2-2    AUR


Edit build files : [e] 
Apply transaction ? [e/y/N] y

Cloning mit-scheme build files...

Building mit-scheme...
==> Making package: mit-scheme 11.2-2 (Mon 02 Aug 2021 04:00:06 PM MDT)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Downloading mit-scheme-11.2-x86-64.tar.gz...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 76.5M  100 76.5M    0     0  6514k      0  0:00:12  0:00:12 --:--:-- 6880k
  -> Downloading mit-scheme-11.2-x86-64.tar.gz.sig...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   566  100   566    0     0   2247      0 --:--:-- --:--:-- --:--:--  2246
==> Validating source files with sha256sums...
    mit-scheme-11.2-x86-64.tar.gz ... Passed
    mit-scheme-11.2-x86-64.tar.gz.sig ... Skipped
==> Verifying source file signatures with gpg...
    mit-scheme-11.2-x86-64.tar.gz ... FAILED (unknown public key C9E40BAAFD0CB132)
==> ERROR: One or more PGP signatures could not be verified!
Error: Failed to build mit-scheme
❯ gpg --recv-keys C9E40BAAFD0CB132
gpg: key C9E40BAAFD0CB132: public key "Chris Hanson <cph@chris-hanson.org>" imported
gpg: Total number processed: 1
gpg:               imported: 1
❯ pamac build mit-scheme
Preparing...
Cloning mit-scheme build files...
Checking mit-scheme dependencies...
Resolving dependencies...
Checking inter-conflicts...

To build (1):
  mit-scheme  11.2-2    AUR


Edit build files : [e] 
Apply transaction ? [e/y/N] y


Building mit-scheme...

sicro · 8 August 2021 04:01

Could it be a keyring issue? Maybe I should reinstall manjaro-keyring or arch-keyring

Yochanan · 8 August 2021 15:02

Your personal keyring is not related to the system keyring.

Since then, have you done:

gpg --recv-keys 8F664EF430167B808170D35AC9E40BAAFD0CB132

sicro · 9 August 2021 01:14

Yes, I tried it a couple of times, with no luck. The stange thing is that a month ago I was able to install the package

linux-aarhus · 9 February 2022 17:18