Package Details: spotify 1:1.2.79.427-1

Git Clone URL: https://aur.archlinux.org/spotify.git (read-only, click to copy)
Package Base: spotify
Description: A proprietary music streaming service
Upstream URL: https://www.spotify.com
Licenses: custom
Submitter: Foxboron
Maintainer: gromit (Antiz)
Last Packager: Antiz
Votes: 241
Popularity: 6.17
First Submitted: 2023-02-09 22:51 (UTC)
Last Updated: 2026-01-12 11:43 (UTC)

Pinned Comments

Antiz commented on 2025-11-23 18:37 (UTC) (edited on 2025-11-23 18:41 (UTC) by Antiz)

Please make sure to import the correct OpenPGP key first:

$ curl -sS https://download.spotify.com/debian/pubkey_5384CE82BA52C83A.gpg | gpg --import -

And always build in a clean chroot. It is as easy as:

pacman -S devtools
git clone https://aur.archlinux.org/spotify.git
cd spotify
pkgctl build
pacman -U <path-to-spotify-package>

It is expected that the package will break now and then, as spotify continuously changes download binaries, OpenPGP keys, etc (which is not appropriate, but we cannot change this). Please be patient if an update does not occur the next day, you can still use an existing spotify install or update the version yourself.

Antiz commented on 2023-09-13 13:21 (UTC)

@lightofpast Just pushed v1:1.2.20.1210-2 that now allows you to set custom launch flags in a spotify-flags.conf file under $XDG_CONFIG_HOME or ~/.config :)

Latest Comments

« First ‹ Previous 1 2 3 4 5 6 7 8 .. 23 Next › Last »

slav commented on 2025-11-23 20:01 (UTC)

it's OK now

Antiz commented on 2025-11-23 18:42 (UTC)

The OpenPGP key for source signature and the related instructions to import it from the PKGBUILD and the pinned comment have been updated :)

Antiz commented on 2025-11-23 18:37 (UTC) (edited on 2025-11-23 18:41 (UTC) by Antiz)

Please make sure to import the correct OpenPGP key first:

$ curl -sS https://download.spotify.com/debian/pubkey_5384CE82BA52C83A.gpg | gpg --import -

And always build in a clean chroot. It is as easy as:

pacman -S devtools
git clone https://aur.archlinux.org/spotify.git
cd spotify
pkgctl build
pacman -U <path-to-spotify-package>

It is expected that the package will break now and then, as spotify continuously changes download binaries, OpenPGP keys, etc (which is not appropriate, but we cannot change this). Please be patient if an update does not occur the next day, you can still use an existing spotify install or update the version yourself.

DigitalRust commented on 2025-11-23 17:27 (UTC)

Makepkg still complains about the keys eventhough I have them both imported and trusted. This is so sloppy. I'm just going to modify PKGBUILD

DigitalRust commented on 2025-11-23 16:13 (UTC)

@johanneswseitz may i ask how and where you found the new key from?

johanneswseitz commented on 2025-11-23 15:43 (UTC)

Looks like Spotify started to sign packages with a new key. When I try a clean build I get the error: spotify-1.2.74.477-2-Release ... FAILED (unknown public key 5384CE82BA52C83A) ==> ERROR: One or more PGP signatures could not be verified!

New key is at: https://download.spotify.com/debian/pubkey_5384CE82BA52C83A.gpg

Eeems commented on 2025-11-23 01:28 (UTC)

Why are we even pulling the repo Release and Packages files? We have a sha256sum of the source package, as long as that hasn't changed, we don't really need to verify the signing keys for files we aren't using in the actual build?

DigitalRust commented on 2025-11-22 01:05 (UTC) (edited on 2025-11-22 01:06 (UTC) by DigitalRust)

spotify-1.2.74.477-2-Release seems to be signed by two keys. The first is B420FD3777CCE3A7F0076B55C85668DF69375001 which is the same as the key in the pinned comment as well as the one provided by spotify. The second is E1096BCBFF6D418796DE78515384CE82BA52C83A which looks to me to be unknown and I can't find it on any key server.

Perhaps just outdated???

« First ‹ Previous 1 2 3 4 5 6 7 8 .. 23 Next › Last »