Arch Linux User Repository

While building package, it throws a warning like this:

WARNING: Package contains reference to $srcdir

@soh

Thanks that solved it.

@ kaputtnik If you run into this when using makepkg -si:

==> Verifying source file signatures with gpg...
    Python-3.10.11.tar.xz ... FAILED (unknown public key FFE87404168BD847)
==> ERROR: One or more PGP signatures could not be verified!

Simply running this will solve your problem

$ gpg --recv-key FFE87404168BD847
gpg: /home/user/.gnupg/trustdb.gpg: trustdb created
gpg: key 64E628F8D684696D: public key "Pablo Galindo Salgado <pablogsal@gmail.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1

Use an AUR helper like yay, paru will also help.

@kaputtnik, you need to fetch the signing key used to sign the python 3.10 release. According to the download page from python.org, this is a key belonging to Pablo Galindo Salgado (https://www.python.org/downloads/).

You can fetch and import that key into your keyring with curl <url> | gpg --import -. The url you'll find on that download page.

I get this gpg related error:

$:> LC_ALL=C makepkg ==> Making package: python310 3.10.11-1 (Sun May 7 13:14:51 2023) ==> Checking runtime dependencies... ==> Checking buildtime dependencies... ==> Retrieving sources... -> Found Python-3.10.11.tar.xz -> Found Python-3.10.11.tar.xz.asc ==> Validating source files with sha512sums... Python-3.10.11.tar.xz ... Passed Python-3.10.11.tar.xz.asc ... Skipped ==> Verifying source file signatures with gpg... Python-3.10.11.tar.xz ... FAILED (unknown public key FFE87404168BD847) ==> ERROR: One or more PGP signatures could not be verified!

Worked great for me, I simply installed the package using Paru. Thanks for making it available so quickly after 3.11 went into [core]. :)

@carsme

Could you figure out the real cause of unable to retrieving GPG key? At least in two of my machines I managed to successfully makepkg and gpg --recv-keys A035C8C19219BA821ECEA86B64E628F8D684696D. Maybe configuring auto-key-retrieve could help.

@FabioLolix

I am sorry, but I think according to PKGBUILD in ArchWiki,

An array of additional packages that the software provides the features of (or a virtual package such as cron or sh). Packages providing the same item can be installed side-by-side, unless at least one of them uses a conflicts array. Note: The version that the package provides should be mentioned (pkgver and potentially the pkgrel), in case packages referencing the software require one.

the line provides=("python=$pkgver") should be included.

Please remove the provides=() line as this isn't a drop-in replacement for python package

Fails to receive GPG key:

$ paru -S python310
:: Resolving dependencies...
:: Calculating conflicts...
:: Calculating inner conflicts...

Repo Make (1) xorg-server-xvfb-21.1.8-1
Aur (1) python310-3.10.11-1

:: Proceed to review? [Y/n]:

:: Downloading PKGBUILDs...
 PKGBUILDs up to date
 nothing new to review
:: keys need to be imported:
     A035C8C19219BA821ECEA86B64E628F8D684696D wanted by: python310-3.10.11-1
:: import? [Y/n]:
gpg: keyserver receive failed: No data
error: failed to run: gpg --recv-keys A035C8C19219BA821ECEA86B64E628F8D684696D: