Package Details: aurman 2.20.1-2

Git Clone URL: (read-only, click to copy)
Package Base: aurman
Description: AUR helper with almost pacman syntax
Upstream URL:
Licenses: MIT
Submitter: polygamma
Maintainer: polygamma
Last Packager: polygamma
Votes: 200
Popularity: 0.72
First Submitted: 2018-03-20 21:31
Last Updated: 2021-06-19 12:54

Pinned Comments

polygamma commented on 2018-08-21 18:02

aurman development for public use has been stopped. i suggest migrating to yay, i am not interested in any kind of feedback, bug reports, feature requests etc. anymore.

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 8 Next › Last »

eschwartz commented on 2018-06-18 18:43

@Cavsfan, I've already explained this. This is a GnuPG issue, not an issue with aurman itself. It is erroneous to ask for GnuPG support here, please consult one of the many Arch Linux support channels, e.g. the Wiki, the BBS, #archlinux on Freenode, and ask for help fixing your GnuPG which is unable to import PGP keys. This will get you an actual solution, unlike complaining here that this one key does not work (to which the only answer is "yes it does, you're wrong").

The aurman developer does not want to know about your GnuPG issues. His GnuPG works fine, and aurman works fine too. He's not necessarily an expert in GnuPG, but it's irrelevant because if he wanted to spend time providing support for GnuPG, he'd be on those other support channels providing general support on miscellaneous topics. Whereas this is the aurman-specific location for getting support specific to aurman itself.

There's no reason to "wait until it sorts itself out" -- if your GnuPG is broken, that won't magically fix itself, and it is something you should try to get fixed... by asking for support for GnuPG, in the appropriate places to get support for GnuPG on Arch Linux. Which is not here.

polygamma commented on 2018-06-18 18:26

@Cavsfan that still does not make it an aurman PKGBUILD problem, but a problem with importing PGP keys. You can find the needed public key e.g. here: and you may import it manually

Cavsfan commented on 2018-06-18 18:23

@polygamma, I read, duly noted and fully understood the pinned comments. The PKGBUILD was asking for this key to be installed and it failed. I thought that you would want to know as the package cannot be updated without the key. I fully apologize for making any comments on this page. @andreyv, thanks I tried that and it did not work. I'll just wait until it sorts itself out.

eschwartz commented on 2018-06-18 17:06

Please do not ask for support for GnuPG in the comments here. Thanks.

Also please make use of markdown backticks when posting code blocks and command output. But again this is GnuPG issues, not aurman issues.

andreyv commented on 2018-06-18 17:02

@Cavsfan Try manually and fix any problems.

polygamma commented on 2018-06-18 17:02

@j1simon, @Cavsfan, really, is it that hard, to read the pinned comments and accept, that this is NOT the right place for such "issues"?

Cavsfan commented on 2018-06-18 16:56

I meant "Y" not "U"

Cavsfan commented on 2018-06-18 16:55

@polygamma, I fully trust adding this key and gave it a "U" but, it got these errors:

gpg: keyserver receive failed: No data
2018-06-18 12:44:17,909 - classes - search_and_fetch_pgp_keys - ERROR - Import PGP key 4C3CE98F9579981C21CA1EC3465022E743D71E39 failed.
2018-06-18 12:44:17,909 - main - main - ERROR - 
Traceback (most recent call last):
  File "/usr/lib/python3.6/site-packages/aurman/", line 734, in main
  File "/usr/lib/python3.6/site-packages/aurman/", line 646, in process
    package.show_pkgbuild(noedit, show_changes, pgp_fetch, keyserver, always_edit, default_show_changes)
  File "/usr/lib/python3.6/site-packages/aurman/", line 1051, in show_pkgbuild
    self.search_and_fetch_pgp_keys(fetch_always, keyserver)
  File "/usr/lib/python3.6/site-packages/aurman/", line 935, in search_and_fetch_pgp_keys
    raise ConnectionProblem("Import PGP key {} failed.".format(pgp_key))
aurman.own_exceptions.ConnectionProblem: Import PGP key 4C3CE98F9579981C21CA1EC3465022E743D71E39 failed.

polygamma commented on 2018-06-17 12:22

@enbQao - Really depends on what you want to achieve. Do you want to be sure, that the guy on the GitHub picture is the one, who has pushed the changes? Guess you'll have to visit me in Kiel, Germany for that. Do you want to be sure, that the one who "owns" this AUR package is the one, who pushed the changes? Well, you have to hope, that nobody stole the SSH private key for this package. Do you want to be sure, that the one responsible for the GitHub repository is the one, who pushed the changes? Write an email to the E-Mail address mentioned on the GitHub profile and hope, that nobody hacked the GitHub Account and/or the E-Mail address.

Besides that: The PGP key has been newly created just for the purpose of signing aurman commits and releases, so there are no other people on earth who could really verify that it's the PGP key of "Jonni Westphalen". But since the commits and releases have not been signed at all just a few days ago, you do not lose any security by "trusting" the new PGP key. All in all aurman is open source, just look at the sourcecode if you want to be sure, that there is nothing "fishy".

Addition: As time passes, it's getting more and more unlikely, that the dev of aurman is not the one, who introduced PGP signing with that key, because well, guess he would not let it pass, that his accounts and private keys have been stolen without making noise.

enbQao commented on 2018-06-17 11:54

Hi, with the latest update, it said

"PGP Key 4C3CE98F9579981C21CA1EC3465022E743D71E39 found in PKGBUILD of aurman and is not known yet. Do you want to import the key?"

I know I can probably trust this, but how can I verify myself that I can trust this?

(seeing all the comments here I hope this is the right place to ask)