Skipping pgp verification in pamac (cli)

Is there any flag or method to skip PGP verification in pamac (cli preferrably) for AUR packages? I am trying to install stellarium (no comparable package in manjaro repos) and it fails due to PGP signature not verified even after successfully importing the key. I have to use makepkg as mentioned in pinned comment on the page along with the --skippgpcheck flag to install it. A similar flag for pamac would be very convenient

How did you import it? Because I just tested it with yay and it works fine.

I tired both gpg -v --keyserver --recv-keys BF38D4D02A328DFF and gpg -v --keyserver --recv-keys 9380E47C0374E169. In both cases, the output was:

gpg: data source:
gpg: pub  rsa4096/BF38D4D02A328DFF 2012-04-07  
gpg: key BF38D4D02A328DFF: no user ID
gpg: Total number processed: 1

Huh? Neither of those are listed as pgp keys in PKGBUILD.

Please post the full output from:

pamac build stellarium

It’s recommended to add the default keyserver that gnupg uses to your ~/.gnupg/gpg.conf:

keyserver hkps://
keyserver-options timeout=10

Using yay is another option as mentioned:

sudo pacman -Syu --needed base-devel git yay
yay -S stellarium

PKGBUILDs contain the fingerprint, not the SHA1 hash. :wink:

See: Search results for '0xBF38D4D02A328DFF'

The first one is mentioned in the stellarium AUR page, in the pinned comment. the second one is what was displayed in pamac when it showed the error

I am away but will post as soon as possible

I just realized I submitted my reply too soon with incorrect information. I’ve just edited it.

Ugh, right. I plan to understand cryptography in the next 10 years, I swear. :stuck_out_tongue:

Here is my result with pamac update:

Synchronizing package databases...
Nothing to do.
Transaction successfully finished.

Well, I don’t mind with makepkg or yay, but would preferably not have another AUR helper. Even with yay, I ll probably have to add --nopgpfetch flag as mentioned in pinned comment on AUR page.

Should I create a pamac issue to allow an option to skip pgp verification?

Apparently you didn’t see the edit to my post above. Refresh the page, you may be looking at an old cached version.

No. We’re here to solve the issue, not avoid it.

1 Like

I tried with couple of key servers including the one you mentioned. Seem to make no difference when rebuilding the package