Arch Linux User Repository

This PKGBUILD verifies the authenticity of the source via PGP signatures which are not part of the Arch Linux keyring. In order to complete the process it is necessary to import the key(s) from the ‘validpgpkeys’ array into the user’s keyring before calling makepkg. There is a helpful article explaining this process by one of Arch Linux's developers located here: http://allanmcrae.com/2015/01/two-pgp-keyrings-for-package-management-in-arch-linux/

Instructions on importing keys from a keyserver and how to automate the retrieval process can be found in the Arch Linux wiki here: https://wiki.archlinux.org/index.php/GnuPG#Use_a_keyserver This article also contains helpful information describing the installation of GnuPG, its configuration and usage.

Execute the following to import keys using gpg:

gpg --recv-keys <KEYID - See 'validpgpkeys' array in PKGBUILD>

The PGP signature check can be skipped by passing --skippgpcheck to makepkg.

Consult the makepkg manual page for a full list of options. [https://www.archlinux.org/pacman/makepkg.8.html]

As there have been no changes relevant to the output generated by this PKGBUILD I have rolled the package release back to the same one given to the last release before this was dropped from [Multilib] to prevent more unnecessary updates and rebuilds. There is presently a signed binary package for this in the Arch Linux Archive here: https://archive.archlinux.org/packages/l/lib32-libmng/

This PKGBUILD verifies the authenticity of the source via PGP signatures which are not part of the Arch Linux keyring. In order to complete the process it is necessary to import the key(s) from the ‘validpgpkeys’ array into the user’s keyring before calling makepkg. There is a helpful article explaining this process by one of Arch Linux's developers located here: http://allanmcrae.com/2015/01/two-pgp-keyrings-for-package-management-in-arch-linux/

Instructions on importing keys from a keyserver and how to automate the retrieval process can be found in the Arch Linux wiki here: https://wiki.archlinux.org/index.php/GnuPG#Use_a_keyserver This article also contains helpful information describing the installation of GnuPG, its configuration and usage.

Execute the following to import keys using gpg:

gpg --recv-keys <KEYID - See 'validpgpkeys' array in PKGBUILD>

The PGP signature check can be skipped by passing --skippgpcheck to makepkg.

Consult the makepkg manual page for a full list of options. [https://www.archlinux.org/pacman/makepkg.8.html]

Sorry, but I have no time to take care of the package anymore.

punk0x29a: It appears that gpg is having some issues finding or connecting to the keyserver. Find out why gpg isn't connecting. The community for #archlinux on FreeNode can likely fill in when the documentation is lacking. There are a number of channels offering support in different languages. While the package release has been iterated a few times since lib32-libmng was dropped from [Multilib] the changes have been trivial and have absolutely no effect on the output. There is still a perfectly valid, recent, signed package for this available in the Arch Linux Archive one can use and no reason to rebuild it. https://archive.archlinux.org/packages/l/lib32-libmng/ lisu_ml: There is an example of the pin I use for PKGBUILDs with signed sources on libc++ here: https://aur.archlinux.org/pkgbase/libc%2B%2B/ Feel free to adapt it and use it as you see fit. I tried to keep it brief as I didn't want it burying everything else beneath a wall of text.

@punk0x29a: Have you tried again by any chance? Also if it still doesn't work, could you please run the command with '-v' switch: $ gpg -v --recv-keys F54984BFA16C640F and paste the output here?

@lisu_ml Hi, I've tried to follow your advice, as it's sound and it have worked in the past, but I get: $ gpg --recv-keys F54984BFA16C640F gpg: keyserver receive failed: No keyserver available $ gpg --keyserver pgp.mit.edu --recv-keys F54984BFA16C640F gpg: keyserver receive failed: No keyserver available What should I do? Thanks

Thanks @lisu_ml

@Rzarector and @archcid: Please read the pinned comment by @WoefulDerelict or simply just import the key to your keyring: $ gpg --recv-keys F54984BFA16C640F In case it doesn't work you can use alternative keyserver: $ gpg --keyserver pgp.mit.edu --recv-keys F54984BFA16C640F

Hello, It looks like this package can't be updated due to PGP signatures verification error. Is a fix on the way? It's been a week since this error first appeared. Thank you.

==> Проверка подписей исходных файлов с помощью 'gpg'... libmng-2.0.3.tar.xz ... СБОЙ (неизвестный открытый ключ F54984BFA16C640F) ==> ОШИБКА: Одна или больше PGP-подписей не могут быть проверены! ==> ОШИБКА: Makepkg не смог собрать lib32-libmng.