Arch Linux User Repository

rcrath, I had the same problem and I found the dev's key from the hkps://hkps.pool.sks-keyservers.net. Here's the recv command

gpg --keyserver hkps://hkps.pool.sks-keyservers.net --recv-keys CACDA4B54202FA2F

Error:

  -> Found ncursesw.patch
==> Validating source files with sha512sums...
    duc-1.4.4.tar.gz ... Passed
    duc-1.4.4.tar.gz.asc ... Skipped
    ncursesw.patch ... Passed
==> Verifying source file signatures with gpg...
    duc-1.4.4.tar.gz ... FAILED (unknown public key CACDA4B54202FA2F)
==> ERROR: One or more PGP signatures could not be verified!
Failed to build duc

==> Verifying source file signatures with gpg... duc-1.4.4.tar.gz ... FAILED (unknown public key CACDA4B54202FA2F)

zwastik, upgrade your pango to 1.43.0-2 if you haven't already. duc will then build.

/usr/bin/ld: src/libduc-graph/graph-cairo.o: undefined reference to symbol 'g_object_unref'

/usr/bin/ld: /usr/lib/libgobject-2.0.so.0: error adding symbols: DSO missing from command line

collect2: error: ld returned 1 exit status

make[1]: *** [Makefile:580: duc] Error 1

make[1]: Leaving directory '/home/user/.cache/aurman/duc/src/duc-1.4.4'

make: *** [Makefile:397: all] Error 2

==> ERROR: A failure occurred in build().

Aborting...

2019-03-23 19:43:13,217 - wrappers - makepkg - ERROR - makepkg query ['makepkg', '-cf', '--noconfirm'] failed in directory /home/user/.cache/aurman/duc

~~ the following packages are now orphans

:: extra/leveldb

gpg --recv-keys F042F5CDB0A6EC6ACB80A829CACDA4B54202FA2F

Better to have multiple message digest than only md5. However sha512 should be sufficient.

Signature checking is failing despite the presence of validpgpkeys:

==> Verifying source file signatures with gpg...
duc-1.4.2.tar.gz ... FAILED (unknown public key CACDA4B54202FA2F)
==> ERROR: One or more PGP signatures could not be verified!

(as a side note providing checksums in md5, sha1, sha256 and sha512 seems a bit overkill too)