Arch Linux User Repository

Seem the below key has broke again. Expired perhaps. There is a thread about this on somegit.dev but the suggestions there don't work except setting siglevel never.

extra-x86-64-v3: signature from "Archlinux CIE Repos (Build 2020/2021) cie@harting.dev" is invalid

paru fails adding the keys:

❯ paru -S alhp-keyring
:: Resolving dependencies...
:: Calculating conflicts...
:: Calculating inner conflicts...

Aur (1) alhp-keyring-20230504-4

:: Proceed to review? [Y/n]: Y

:: Downloading PKGBUILDs...
 PKGBUILDs up to date
 nothing new to review
:: keys need to be imported:
     2E3B2B05A332A7DB9019797848998B4039BED1CA wanted by: alhp-keyring-20230504-4
:: import? [Y/n]: Y
gpg: keyserver receive failed: Server indicated a failure
error: failed to run: gpg --recv-keys 2E3B2B05A332A7DB9019797848998B4039BED1CA: 

I manually downloaded the anonfunc.asc file from the git repo, added it (gpg --import /home/downloads/anonfunc.asc) and retried to install the package using paru. This time it worked.

@duanin2 Should be fixed now. If not, try clearing your DNS cache.

The download URL now returns 404 now.

installing this with "paru" doesn't work. Although with "yay" it works, yay asks to add the key. paru doesn't...

@RubenKelevra Importing/refreshing and managing the key to verify the source is expected to be done by the user, as with any other AUR package as well.

The key should be added the keyring when installing

==> Verifying source file signatures with gpg...
    alhp-keyring-20230504.tar.gz ... Passed (WARNING: the key has expired.)

I had to rm /var/lib/pacman/sync/*x86-64-v3.*, or I'd still get the "is unknown trust" messages

Thanks for the prompt reaction, replies and help provided to us, much appreciated.