Well the public key worked here and the package built and installed. So I suspect your problem was the keyserver and nothing to do with the package or key. Perhaps you should try again?
Proof ==> Finished making: ncurses5-compat-libs 6.1-1 (Sun 05 Apr 2020 14:07:33 BST) ==> Cleaning up...
Checking keyring... Checking integrity... Loading package files... Checking file conflicts... Checking available disc space... Reinstalling ncurses5-compat-libs (6.1-1)... Transaction successfully finished.
For Signatures I use this
mkdir -p /home/username/.gnupg echo 'keyring /etc/pacman.d/gnupg/pubring.gpg' >> $HOME/.gnupg/gpg.conf chown -R username:username /home/username/.gnupg chmod 700 /home/username/.gnupg chmod 600 /home/username/.gnupg/*
Pinned Comments
WoefulDerelict commented on 2016-05-23 19:35 (UTC) (edited on 2018-08-18 20:22 (UTC) by WoefulDerelict)
This PKGBUILD verifies the authenticity of the source via PGP signatures which are not part of the Arch Linux keyring. In order to complete the process it is necessary to import the key(s) from the ‘validpgpkeys’ array into the user’s keyring before calling makepkg. There is a helpful article explaining this process by one of Arch Linux's developers located here: http://allanmcrae.com/2015/01/two-pgp-keyrings-for-package-management-in-arch-linux/
Instructions on importing keys from a keyserver and how to automate the retrieval process can be found in the Arch Linux wiki here: https://wiki.archlinux.org/index.php/GnuPG#Use_a_keyserver This article also contains helpful information describing the installation of GnuPG, its configuration and usage.
Execute the following to import keys using gpg:
gpg --recv-keys <KEYID - See 'validpgpkeys' array in PKGBUILD>The PGP signature check can be skipped by passing --skippgpcheck to makepkg.
Consult the makepkg manual page for a full list of options. [https://www.archlinux.org/pacman/makepkg.8.html]