Il 03/07/2016 18:03, Jelle van der Waa ha scritto: > On 07/03/16 at 02:45pm, Ilya Boka via arch-general wrote: >> I don't know does it make sence, but you create signature with >> "makepkg --sign" ? > > Nope, > > He is using OpenSuse's Build Service, which creates a private key per > repository. This key is used to sign the packages and surprisingly also > the repo database. > > I could reproduce the problem but I have no clue why pacman says the > signature is invalid. > Exactly. Additionally, the strangest thing is that: - repository information are signed with the same key and their signature work - using "gpg --verify" over the package signature (to be clear, the file named "$pkgname-$pkgver.pkg.tar.xz.sig") works properly, after importing the key and locally signing it. I tried to remove, re-add and re-sign locally the key but no success, even changing the remoter keyserver for fetching the key. -- Giovanni Santini My blog: http://giovannisantini.tk My code: https://github.com/ItachiSan My code, again: https://gitlab.com/u/ItachiSan My Twitter: https://twitter.com/santini__gio My Facebook: https://www.facebook.com/giovanni.santini My Google+: https://plus.google.com/+GiovanniSantini/ My GPG: 2FADEBF5
