On 07/03/16 at 02:45pm, Ilya Boka via arch-general wrote: > I don't know does it make sence, but you create signature with > "makepkg --sign" ? Nope, He is using OpenSuse's Build Service, which creates a private key per repository. This key is used to sign the packages and surprisingly also the repo database. I could reproduce the problem but I have no clue why pacman says the signature is invalid. > > On Sun, Jul 3, 2016 at 10:09 AM, Giovanni 'ItachiSan' Santini via > arch-general <arch-general@xxxxxxxxxxxxx> wrote: > > Good morning, > > some days ago I found a nice service called "Open Build Service", which > > allows all kind of packagers, including also Arch ones, to have > > different repos of their packages, having them built online. > > This is awesome for me, as some of them require heavy building time. > > > > I fought a bit against the service, in order to make the GPG public key > > to be uploaded to a key server, in order to allow users to add it > > properly to pacman-key. > > > > Now, I am facing a really strange issue: I've added the key to pacman > > keyring, using: > > > > sudo pacman-key -r 05E0A765C649DE23 > > sudo pacman-key --lsign-key 05E0A765C649DE23 > > > > Database syncing works properely and the signature is verified... > > But for packages it is not. > > Every time it gives an error as this: > > > > $pkgname-$pkgver $pkgsize $dw_speed 00:00 [--------------------] 100% > > (1/1) checking keys in keyring [--------------------] 100% > > error: $pkgname: unsupported signature format(0/1) checking package > > integrity > > (1/1) checking package integrity [--------------------] 100% > > error: GPGME error: No data > > > > I tried to download the public key and adding to my personal GPG > > keyring. Verifying the packages signatures works perfectly. To try this, > > I fetched the .sig file online and used the GPG --verify command. > > Any hints? > > > > Now, the needed data. > > My personal repo configuration for pacman > > > > [home_ItachiSan_archlinux_Arch_Extra] > > Server = > > http://download.opensuse.org/repositories/home:/ItachiSan:/archlinux/Arch_Extra/$arch > > > > The public key mentioned above: > > http://keyserver.ubuntu.com/pks/lookup?op=get&fingerprint=on&search=0x05E0A765C649DE23 > > or > > http://keyserver.ubuntu.com/pks/lookup?op=vindex&search=home%3AItachiSan&fingerprint=on > > > > Sorry to be so verbose. :< > > Thanks in advance! > > > > -- > > Giovanni Santini > > My blog: http://giovannisantini.tk > > My code: https://github.com/ItachiSan > > My code, again: https://gitlab.com/u/ItachiSan > > My Twitter: https://twitter.com/santini__gio > > My Facebook: https://www.facebook.com/giovanni.santini > > My Google+: https://plus.google.com/+GiovanniSantini/ > > My GPG: 2FADEBF5 -- Jelle van der Waa
Attachment:
signature.asc
Description: PGP signature
