Package Details: gtypist 2.10.1-2

Git Clone URL: https://aur.archlinux.org/gtypist.git (read-only, click to copy)
Package Base: gtypist
Description: Universal typing tutor
Upstream URL: https://www.gnu.org/software/gtypist/gtypist.html
Licenses: GPL-3.0-or-later
Submitter: xyproto
Maintainer: vitaliikuzhdin
Last Packager: vitaliikuzhdin
Votes: 25
Popularity: 0.92
First Submitted: 2019-03-27 09:20 (UTC)
Last Updated: 2026-04-10 17:40 (UTC)

Pinned Comments

vitaliikuzhdin commented on 2026-04-10 17:45 (UTC)

To import the PGP key:

$ curl https://src.opensuse.org/jengelh/gtypist/raw/branch/master/gtypist.keyring | gpg --import -

This is the only location where I could find a valid key with a unique user ID, it comes from OpenSUSE: https://build.opensuse.org/package/show/Education/gtypist

Latest Comments

1 2 3 Next › Last »

vitaliikuzhdin commented on 2026-04-11 07:37 (UTC) (edited on 2026-04-11 07:40 (UTC) by vitaliikuzhdin)

@m040601, you're confusing hash verification with PGP verification. They work differently and provide different security guarantees, you can look that up if you’re interested. gtypist uses both for added security, but gtypist-git uses neither.

Hash verification is impossible in -git packages because you get a different source every time you build them, that's the whole point of VCS packages. PGP verification, on the other hand, is impractical: for the package to enforce it without constantly failing, every single commit would need to be signed, and signed with a known key (e.g., one listed in validpgpkeys=()).

That said, it is technically possible (though not practical) to skip hash verification and still use PGP verification:

source=("git+https://git.savannah.gnu.org/git/gtypist.git?signed" # <- ?signed enables PGP verification
    ncurses.patch)
sha256sums=('SKIP'
            'SKIP')
validpgpkeys=('...')

When yay calls gpgme (the PGP frontend utility) to retrieve keys based on the fingerprints listed in validpgpkeys=(), it contacts a keyserver. You’re getting the "no data" error because your default keyserver doesn't have the key:

$ gpg --recv-keys 0FB807D2E7C7C96C
gpg: keyserver receive failed: No data

If you switch to a keyserver that does have it, you'll instead get an error about a missing user ID:

$ gpg --keyserver hkps://keys.openpgp.org --recv-keys 0FB807D2E7C7C96C
gpg: key 0FB807D2E7C7C96C: new key but contains no user ID - skipped
gpg: Total number processed: 1
gpg:           w/o user IDs: 1

Both errors occur because the key owner didn't export it properly or upload it to common keyservers. You could try contacting them using the email associated with the correct key, but I didn't bother.

m040601 commented on 2026-04-11 02:58 (UTC) (edited on 2026-04-11 03:15 (UTC) by m040601)

vitaliikuzhdin:

Thanks for the comprehensive reply. I'm not an AUR expert.

Please confirm this to me. The reason I can install "gtypist-git" but not "gtypist" is because the "gtypist-git" skips the shasum verification.

sha256sums=('SKIP'
            'SKIP')

Am I correct ?

Now to my AUR helper, yay.

 Some AUR helpers might help you with this task ...

Yeah, actually an AUR helper is what I use to install stuff from the AUR . I dont manually use makepkg. I've been using yay for many many years,

$ yay -S gtypist

AUR Explicit (1): gtypist-2.10.1-2
Sync Make Dependency (1): help2man-1.49.3-2
:: (1/1) Downloaded PKGBUILD: gtypist
  1 gtypist                          (Build Files Exist)
==> Packages to cleanBuild?
==> [N]one [A]ll [Ab]ort [I]nstalled [No]tInstalled or (1 2 3, 1-3, ^4)
==>
  1 gtypist                          (Build Files Exist)
==> Diffs to show?
==> [N]one [A]ll [Ab]ort [I]nstalled [No]tInstalled or (1 2 3, 1-3, ^4)
==>
==> Making package: gtypist 2.10.1-2 (Sat 11 Apr 2026 03:49:41 AM WEST)
==> Retrieving sources...
  -> Downloading gtypist-2.10.1.tar.xz...
  % Total    % Received % Xferd  Average Speed  Time    Time    Time   Current
                                 Dload  Upload  Total   Spent   Left   Speed
100 801.2k 100 801.2k   0      0 663.5k      0   00:01   00:01         200.8k
  -> Downloading gtypist-2.10.1.tar.xz.sig...
  % Total    % Received % Xferd  Average Speed  Time    Time    Time   Current
                                 Dload  Upload  Total   Spent   Left   Speed
100    833 100    833   0      0   2158      0                              0
  -> Found gtypist_ncurses_is_ncursesw.patch
==> WARNING: Skipping verification of source file PGP signatures.
==> Validating source files with sha256sums...
    gtypist-2.10.1.tar.xz ... Passed
    gtypist-2.10.1.tar.xz.sig ... Skipped
    gtypist_ncurses_is_ncursesw.patch ... Passed
:: Remove make dependencies after install? [y/N] y
:: (1/1) Parsing SRCINFO: gtypist
gpg: error reading key: No public key

 :: PGP keys need importing:
 -> 02AEC665007301C280C5C43A0FB807D2E7C7C96C, required by: gtypist
:: Import? [Y/n] Y

I pressed "Y" yes there. I remember doing this for other AUR PKGBUILDS. The keys get imported and they successfully install.

But here with "gtypist",

:: Importing keys with gpg...
gpg: keyserver receive failed: No data
 -> problem importing keys

I had never seen this response.

gpg: keyserver receive failed: No data

So should I then assume that it is a failure of "yay" handling this particular import case ?

I also tested with another dummy user account manually importing,

curl https://src.opensuse.org/jengelh/gtypist/raw/branch/master/gtypist.keyring | gpg --import -

And it was sucessfll.

vitaliikuzhdin commented on 2026-04-10 20:31 (UTC)

@m040601, correct, packages won't import any keys for you:

$ git clone https://aur.archlinux.org/gtypist.git
$ cd gtypist/
$ makepkg -si
==> Making package: gtypist 2.10.1-2 ([...])
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
  -> Downloading gtypist-2.10.1.tar.xz...
  -> Downloading gtypist-2.10.1.tar.xz.sig...
  -> Found gtypist_ncurses_is_ncursesw.patch
==> Validating source files with sha256sums...
    gtypist-2.10.1.tar.xz ... Passed
    gtypist-2.10.1.tar.xz.sig ... Skipped
    gtypist_ncurses_is_ncursesw.patch ... Passed
==> Verifying source file signatures with gpg...
    gtypist-2.10.1.tar.xz ... FAILED (unknown public key 0FB807D2E7C7C96C)
==> ERROR: One or more PGP signatures could not be verified!

This is because I can't remotely decide what you should or shouldn't trust. Some AUR helpers might help you with this task, but you shouldn't take this for granted and such helpers are unsupported: https://wiki.archlinux.org/title/AUR_helpers

Therefore, it is your responsibility as a user to manage your keys: https://wiki.archlinux.org/title/Arch_User_Repository#Acquire_a_PGP_public_key_if_needed

For your convenience, I have provided you with a simple command and have also exported the key to the git repo itself (see keys/pgp/).

m040601 commented on 2026-04-10 20:21 (UTC) (edited on 2026-04-10 20:30 (UTC) by m040601) 

3 hours    Add PGP verification                                   Vitalii Kuzhdin

This "gtypist" PKGBUILD doesnt build anymore,

gpg: error reading key: No public key

 :: PGP keys need importing:
 -> 02AEC665007301C280C5C43A0FB807D2E7C7C96C, required by: gtypist
:: Import? [Y/n]
:: Importing keys with gpg...
gpg: keyserver receive failed: No data
 -> problem importing keys

I dont understand this,

To import the PGP key:

$ curl https://src.opensuse.org/jengelh/gtypist/raw/branch/master/gtypist.keyring | gpg --import -

Isn't this, "gtypist" PKGBUILD supposed to take care of this for itself ? Or are you implying the AUR user has to do this extra by himself ?

I then uninstalled "gtypist", Maintainer vitaliikuzhdin, and installed "gtypist-git", Maintainer mctom, https://aur.archlinux.org/packages/gtypist-git, Last Updated: 2025-03-30

No complaint about GPG keys.

vitaliikuzhdin commented on 2026-04-10 17:45 (UTC)

To import the PGP key:

$ curl https://src.opensuse.org/jengelh/gtypist/raw/branch/master/gtypist.keyring | gpg --import -

This is the only location where I could find a valid key with a unique user ID, it comes from OpenSUSE: https://build.opensuse.org/package/show/Education/gtypist

mctom commented on 2025-03-30 15:02 (UTC)

@vitaliikuzhdin I fixed my PKGBUILD. Thanks again for your guidance!

vitaliikuzhdin commented on 2025-03-29 14:13 (UTC)

@mctom, after looking into it further, gengetopt is only required when building from a git checkout, not when using a tarball release (see 4ca87c2). So, it applies to gtypist-git but not to gtypist.

mctom commented on 2025-03-29 13:57 (UTC)

I was led to believe that gengetopt dependency has been introduced very recently: https://aur.archlinux.org/packages/gtypist-git#comment-1014771

Or perhaps it will be required in the next release.

Thanks for your pointers about my PKGBUILD, much appreciated and will be applied soon.

vitaliikuzhdin commented on 2025-03-29 13:42 (UTC) (edited on 2025-03-29 13:42 (UTC) by vitaliikuzhdin)

@mctom, gtypist-git is still useful since development is ongoing, but it needs some fixes. It lacks a pkgver() function and doesn't specify the version in provides=() (see wiki).

I have tested my package in a clean chroot, and it builds fine without gengetopt. I didn't see it mentioned in the documentation either, so it might not be required (anymore).

mctom commented on 2025-03-29 13:29 (UTC)

Hi,

I maintain "gtypist-git" package, which looks like almost exactly the same thing. Looks like my package became redundant but I'll let it be for now, just in case anyone's actually using it.

You may want to compare our dependencies, I believe you lack gengetopt.

Other than that, thanks for reviving it.

1 2 3 Next › Last »