37

I already got this installed:

1 core/archlinux-keyring 20170104-1 [installed]
10 blackarch/blackarch-keyring 20140118-3 [installed]

But I get an error when upgrading libc++abi from AUR:

==> Verifying source file signatures with gpg...
    llvm-3.9.1.src.tar.xz ... FAILED (unknown public key 8F0871F202119294)
    libcxx-3.9.1.src.tar.xz ... FAILED (unknown public key 8F0871F202119294)
    libcxxabi-3.9.1.src.tar.xz ... FAILED (unknown public key 8F0871F202119294)
==> ERROR: One or more PGP signatures could not be verified!
==> ERROR: Makepkg was unable to build libc++.
==> Restart building libc++abi ? [y/N]

How to resolve this? Is there a way to know which keyring I should install to solve this issue?

Matthias Braun
  • 8,239
Kokizzu
  • 9,699

3 Answers3

73

gpg --recv-keys 8F0871F202119294 (AUR)

  • the missing key needs to be added to your USER keyring

I did not need to trust the key for makepkg to finish the build.

  • ~/.gnupg/gpg.conf also needed:

keyserver-options no-honor-keyserver-url

in my particular case

  • Missing keys for official Arch repos are normally missing an updated archlinux-keyring
Stuart Cardall
  • 1,972
14

Keys from AUR are not in the keyrings provided by the distributions' repositories.

You will need to find and add the AUR package/upstream keys manually, if you trust them.

Start by checking the PKGBUILD file of the package, then the comments in the AUR to see where/if to get and add the keys.

Mio Rin
  • 3,040
-1

Try: sudo pacman -U /path/to/file.tar.xz

Do that for all of the file types, then try your upgrade again.

Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255
Germain Campman
  • 1