Unsafe permissions on homedir

Hello support team. I’m trying to import an AUR key for system76-driver and I get the following error. Any help / advice is appreciated.

alago% pamac update system76-driver
Preparing...
Cloning system76-driver build files...
Generating system76-driver information...
Checking system76-driver dependencies...
Synchronizing package databases...
Resolving dependencies...
Checking inter-conflicts...

To build (1):
  system76-driver  20.04.47-1  (20.04.46-1)  AUR


Edit build files : [e] 
Apply transaction ? [e/y/N] y


Building system76-driver...
==> Making package: system76-driver 20.04.47-1 (Mon 10 Jan 2022 07:41:37 PM EST)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Updating system76-driver git repo...
Fetching origin
  -> Found cli.patch
  -> Found wayland.patch
  -> Found actions.patch
==> Validating source files with sha256sums...
    system76-driver ... Skipped
    cli.patch ... Passed
    wayland.patch ... Passed
    actions.patch ... Passed
==> Verifying source file signatures with gpg...
    system76-driver git repo ... FAILED (unknown public key 87F211AF2BE4C2FE)
==> ERROR: One or more PGP signatures could not be verified!
Error: Failed to build system76-driver
galago% 
galago% 
galago% gpg --recv-keys 87F211AF2BE4C2FE 
gpg: WARNING: unsafe permissions on homedir '/home/rsv2/.gnupg'
gpg: keyserver receive failed: No data
galago% 

So I did the following and get this error:

galago% gpg --recv-keys 87F211AF2BE4C2FE 
gpg: WARNING: unsafe permissions on homedir '/home/rsv2/.gnupg'
gpg: keyserver receive failed: No data
galago% 

Thx
Reid

and what are the current (apparently, for some reason, unsafe) permissions?
ls -al ~/.gnupg
or
ls -al /home/rsv2/.gnupg

I asked you to create a new topic for help with restoring proper permissions in your home directory, not create a duplicate topic. You’ll be able to import the GPG key once that is solved. I’ve edited your topic title and moved your thread.

Sorry - I misunderstood what was asked.

galago% ls -al /home/rsv2/.gnupg
total 72
drwxr-xr-x  5 rsv2 rsv2  4096 Jan 10 19:43 .
drwxrwxr-x 71 rsv2 rsv2  4096 Jan  6 11:15 ..
drwxr-xr-x  2 rsv2 rsv2  4096 Feb 20  2019 crls.d
-rw-rw-r--  1 rsv2 rsv2  2912 Jan  4  2018 dirmngr.conf
-rw-rw-r--  1 rsv2 rsv2  5191 Jan  4  2018 gpg.conf
drwxr-xr-x  2 rsv2 rsv2  4096 Jan 18  2018 openpgp-revocs.d
drwx------  2 rsv2 rsv2  4096 Jan 18  2018 private-keys-v1.d
-rw-r--r--  1 rsv2 rsv2 15949 Nov  3 17:16 pubring.kbx
-rw-r--r--  1 rsv2 rsv2 14550 Feb 17  2021 pubring.kbx~
-rw-rw-r--  1 rsv2 rsv2   600 Oct  2  2020 random_seed
-rw-rw-r--  1 rsv2 rsv2  1360 Jan 18  2018 trustdb.gpg
galago% 
type or paste code here

WARNING: unsafe permissions on homedir

the files should be rw only to the owner - not the group or others

this is the exception, this can stay like this
it’s not what the link above says
but that is like it is in my .gnupg directory as well

Thx Nachlese -
But I’m not sure what’s needed here.
FYI, I haven’t touched a thing in this folder.

What is needed is to set the permissions of the files to 600 (rw for the user only)
and the permissions for the directories to 700 (rwx for the user only)

chmod is the command
man chmod for how to use it (or ask google …)
or do it with the help of your file manager

It’s mentioned in the link as well - that’s why I used it

Thanks - I get it.

Hi -
Made all of the permission changes:

galago% ls -al ~/.gnupg 
total 72
drwx------  5 rsv2 rsv2  4096 Jan 11 10:10 .
drwx------ 71 rsv2 rsv2  4096 Jan  6 11:15 ..
drwx------  2 rsv2 rsv2  4096 Feb 20  2019 crls.d
-rw-------  1 rsv2 rsv2  2912 Jan  4  2018 dirmngr.conf
-rw-------  1 rsv2 rsv2  5191 Jan  4  2018 gpg.conf
drwx------  2 rsv2 rsv2  4096 Jan 18  2018 openpgp-revocs.d
drwx------  2 rsv2 rsv2  4096 Jan 18  2018 private-keys-v1.d
-rw-------  1 rsv2 rsv2 15949 Nov  3 17:16 pubring.kbx
-rw-------  1 rsv2 rsv2 14550 Feb 17  2021 pubring.kbx~
-rw-------  1 rsv2 rsv2   600 Oct  2  2020 random_seed
-rw-------  1 rsv2 rsv2  1360 Jan 18  2018 trustdb.gpg
galago% 

But when I try to import the key I get this result:

galago% gpg --recv-keys 87F211AF2BE4C2FE
gpg: keyserver receive failed: No data
galago% 

Thanks for your help

that should not matter
because, as you said yourself (in the other thread):

Reid

17h

changed the command and have imported the key:

galago% sudo gpg --recv-keys 87F211AF2BE4C2FE
[sudo] password for rsv2: 
Sorry, try again.
[sudo] password for rsv2: 
gpg: key 87F211AF2BE4C2FE: public key "Jeremy Soller (https://soller.dev) <jackpot51@gmail.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1

hi Nachlese -
Now I’m just confused. I can’t install the system76-driver because of the following:

.
.
==> Verifying source file signatures with gpg...
    system76-driver git repo ... FAILED (unknown public key 87F211AF2BE4C2FE)
==> ERROR: One or more PGP signatures could not be verified!
Error: Failed to build system76-driver
galago% 

If I try to import the key I get this:

galago% 
galago% gpg --recv-keys 87F211AF2BE4C2FE
gpg: keyserver receive failed: No data
galago% 

Earlier I was able to import the key (maybe, in some way) when I added an “sudo” to get around a permissions complaint but got the same failure notice from pamac re: PGP signatures not able to be verified, and I was also corrected by Yochanan who said it was a bad idea to use “sudo” in a home directory, which makes sense of course.
Feels like I’m missing something.

All I’m saying is that, from what we see, from what you yourself wrote, you already imported the key
so I was wondering why you would even want to
or need to
import it again.
Perhaps you imported it into root’s keystore, because of your use of sudo?
I don’t know.

There is more than one keyserver - perhaps try to get/download the key from a different one
because this one doesn’t seem to be reachable at the moment.
But which server, which additional option, how to do that … I don’t know.

I see. OK. Thanks for your help and patience.

All I was trying to say is that even though it appeared to imported with “sudo” the pamac driver install doesn’t appear to “see” it or recognize that key, and like you say, the keyserver is presently unreachable. I’ll try another time.

Reid

The keyserver is working just fine. The key needs to be imported to your personal keyring, not the system keyring. Do not use sudo.

❯ gpg --search-keys jackpot51@gmail.com | grep 2022
gpg: data source: https://162.213.33.8:443
Keys 1-4 of 4 for "jackpot51@gmail.com".  	  4096 bit RSA key 87F211AF2BE4C2FE, created: 2022-01-10

Ok… got it solved and it’s installed and working, but had to find a different way. By way of trying to learn more, here’s the confusing point of your post, Yuckanan. I think your gpg command points to the package maintainer, so I executed it, too (I think), hoping it would give me the option to import the key I needed. I got this response:

galago% gpg --search-keys jackpot51@gmail.com | grep 87F211AF2BE4C2FE
gpg: data source: http://pgp.surf.nl:11371
Keys 1-3 of 3 for "jackpot51@gmail.com".  Enter number(s), N)ext, or Q)uit > n
galago% gpg --search-keys jackpot51@gmail.com | grep 87F211AF2BE4C2FE
gpg: data source: http://pgp.surf.nl:11371
Keys 1-3 of 3 for "jackpot51@gmail.com".  Enter number(s), N)ext, or Q)uit > 1
gpg: key 4FAA9089C20FF93C: "Jeremy Soller <jackpot51@gmail.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
galago% gpg --search-keys jackpot51@gmail.com | grep 87F211AF2BE4C2FE
gpg: data source: http://pgp.surf.nl:11371
Keys 1-3 of 3 for "jackpot51@gmail.com".  Enter number(s), N)ext, or Q)uit > 2
gpg: key 97509D1F04B03630: "Jeremy Soller <jackpot51@gmail.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
galago% gpg --search-keys jackpot51@gmail.com | grep 87F211AF2BE4C2FE3
gpg: data source: http://pgp.surf.nl:11371
Keys 1-3 of 3 for "jackpot51@gmail.com".  Enter number(s), N)ext, or Q)uit > 3
gpg: key D5D7844C3E0A5091: "Jeremy Soller <jackpot51@gmail.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1
galago% 

None of the three keys offered were a match so I went to an old Arch-Wiki page here:

https://bbs.archlinux.org/viewtopic.php?id=220274

and found this:

gpg --recv-keys --keyserver hkp://pgp.mit.edu 1D1F0DC78F173680

I replaced that key with the key I was looking for, and it worked. Key imported, package loaded. Not sure what the output of other command was supposed to yield, or how I’d know if the key I needed might be one of those offered until I download it (them).

anyway, thx.

It was just to show you the current key, nothing else.

…they’re all a match as they’re all the same key. Jeremy just renewed it, so only the hash from 2022 is valid (the public key starting with D3FB):

❯ gpg --fingerprint 87F211AF2BE4C2FE
pub   rsa4096 2022-01-10 [SC] [expires: 2023-01-10]
      D3FB 3AF9 711C 1CD1 2639  C9F5 87F2 11AF 2BE4 C2FE
uid           [ unknown] Jeremy Soller (https://soller.dev) <jackpot51@gmail.com>
sub   rsa4096 2022-01-10 [A] [expires: 2023-01-10]
      ED76 1DC4 4D8C F3A2 60A4  E9ED F24A E86F 11F3 D316
sub   rsa4096 2022-01-10 [E] [expires: 2023-01-10]
      8211 58A8 165E AA0F BF1D  D95B 4E39 FEB9 6C1C E841

That’s Xyne’s key:

❯ gpg --search-keys 1D1F0DC78F173680
gpg: data source: https://162.213.33.8:443
(1)	Xyne. (key #3) <xyne@archlinux.ca>
	  4096 bit RSA key 1D1F0DC78F173680, created: 2013-09-15

No need to use MIT’s keyserver. Both his and Jeremy’s are available from the default server that is used: keyserver.ubuntu.com.

Again, the only reason why your original command didn’t work is because the permissions in your Home directory were incorrect.