==> Verifying source file signatures with gpg... jameica-linux64-2.8.1.zip ... FAILED (unknown public key 5A8ED9CFC0DB6C70)
@bjo thanks
my solution: gpg --receive-keys 5A8ED9CFC0DB6C70
Git Clone URL: | https://aur.archlinux.org/jameica.git (read-only, click to copy) |
---|---|
Package Base: | jameica |
Description: | free runtime environment for java applications |
Upstream URL: | https://www.willuhn.de/products/jameica/ |
Licenses: | GPL2 |
Submitter: | jakob |
Maintainer: | fordprefect |
Last Packager: | fordprefect |
Votes: | 87 |
Popularity: | 0.151332 |
First Submitted: | 2006-10-21 16:11 (UTC) |
Last Updated: | 2024-02-11 15:01 (UTC) |
« First ‹ Previous 1 .. 4 5 6 7 8 9 10 11 12 13 14 .. 16 Next › Last »
==> Verifying source file signatures with gpg... jameica-linux64-2.8.1.zip ... FAILED (unknown public key 5A8ED9CFC0DB6C70)
@bjo thanks
my solution: gpg --receive-keys 5A8ED9CFC0DB6C70
@kerel: thanks, implemented.
@fordprefect: Thanks for your work!
Upstream provides detached pgp signatures for the source files, so we could use them to verify the sources with pgp. Implementation: https://gitlab.com/kerel-fs/aurpkg-jameica/commits/pr/pgp-sigcheck
(Got into this when investigating why sha1 checksum changed last friday :) )
@ojaksch: while bumping hibiscus and Syntax, I also bumped jameica by accident. since this doesnt break anything, I'll just let upstream catch up. the other option would be downgrade (via epoch) which would be very awkward.
@fordprefect: Thanks for your work! But did I miss something? The download site states it is still at v2.8.0 ... https://www.willuhn.de/products/jameica/download.php
Please make sure to use Java9 or lower, since at least the MashUp plugin has some remaining issues with Java10.
@fordprefect Am I understanding it correctly that java-jce_ustrength is only needed with Java < 9? https://stackoverflow.com/a/39889731 If so, you might want to update the optional dependency's text.
Pinned Comments
fordprefect commented on 2020-03-06 08:28 (UTC) (edited on 2022-05-10 09:33 (UTC) by fordprefect)
In case of unknown PGP key run
gpg --receive-keys 5A8ED9CFC0DB6C70
Due to widespread keyserver rot the use of
keys.openpgp.org
is encouraged, e.g. by addingkeyserver keys.openpgp.org
to your~/.gnupg/gpg.conf
.