Arch Linux User Repository

68D21823342A13683AEB3E4EFB4C685B5DC1C13E key missing

I keep getting key 68D21823342A13683AEB3E4EFB4C685B5DC1C13E could not be imported error. I can't find it on the https://github.com/archlinuxhardened/selinux/blob/master/_pgp_cache/ or ubuntu/gnupg key server.

UPDATE: I found it. It has hiding: https://github.com/archlinuxhardened/selinux/blob/127684ada271f3f756b9bc4f47c39a195231d2da/libselinux/keys/pgp/68D21823342A13683AEB3E4EFB4C685B5DC1C13E.asc

To install updated PGP keys run: wget https://raw.githubusercontent.com/archlinuxhardened/selinux/master/_pgp_cache/B8682847764DF60DF52D992CBC3905F235179CF1.asc && gpg --import B8682847764DF60DF52D992CBC3905F235179CF1.asc

Jason's key can be imported running this command:

gpg --keyserver keys.gnupg.net --recv-keys 63191CE94183098689CAB8DB7EF137EC935B0EAF

Petr Lautrbach plautrba@redhat.com's key expired or revoked; anyone building should import the other dev key.

Pillgar: for information the gpg key is available on Ubuntu keyserver (https://keyserver.ubuntu.com/pks/lookup?search=0xE853C1848B0185CF42864DF363A8AD4B982C4373&fingerprint=on&op=index ) and on GitHub's user bachradsusi (https://github.com/bachradsusi.gpg ). I also uploaded it on https://github.com/archlinuxhardened/selinux/blob/master/_pgp_cache/E853C1848B0185CF42864DF363A8AD4B982C4373.asc when I updated the SELinux packages, to make it easier to discover (and it seems you found the key on keys.gnupg.net too). If you found a public keyserver which do not have this key, feel free to send an email to the SELinux mailing list (selinux@vger.kernel.org) asking for the key to be uploaded to this keyserver.

I'm getting an "ERROR: Remote key not fetched correctly from keyserver", when trying to upgrade this package. Not sure if the server is temporarily down, but I thought I'd mention it none the less.

Looks like that key was updated two days ago: https://github.com/archlinuxhardened/selinux/blob/master/_pgp_cache/E853C1848B0185CF42864DF363A8AD4B982C4373.asc

Update: gpg --keyserver keys.gnupg.net --recv-keys BE22091E3EF62275 worked! I had incorrectly used pacman-key --recv-keys BE22091E3EF62275 before!

As a workaround of the build issue with gcc 10, it is possible to use clang. Using "make CC=clang" in build() seems to work fine (at least with the latest package, clang 10.0.0-2). I will test other SELinux packages and updates the PKGBUILD to use clang instead of gcc if it is confirmed to work.

hashworks: Thanks for the build log. I managed to reproduce the issue after upgrading my system. It seems to be caused by gcc 10: on another Arch Linux system with gcc 9, libsepol still builds fine. This is therefore a serious issue and unfortunately I will not have much time to investigate it in the following days.

Nevertheless it seems that the current upstream master branch (https://github.com/SELinuxProject/selinux/tree/master/libsepol) builds fine with gcc 10, but this could be caused by some changes in the way libsepol is linked (to help with LTO) that happened a few months ago, and these changes are not easy to backport.

If you have time to help make libsepol package compatible with gcc 10, please submit a Pull Request on https://github.com/archlinuxhardened/selinux

I mainly used extra-x86_64-build here since we have a user where it doesn't build, but it worked for me with yay and makepkg. I could reproduce the error with extra-x86_64-build though. Here is the build log if you want to take a look: https://fb.hash.works/68TTA/