I get :
-> Failed to install the following packages. Manual intervention is required:
stellarium - exit status 1
Search Criteria
Package Details: stellarium 24.4-4
Package Actions
| Git Clone URL: | https://aur.archlinux.org/stellarium.git (read-only, click to copy) |
|---|---|
| Package Base: | stellarium |
| Description: | Software which renders realistic skies in real time with OpenGL |
| Upstream URL: | https://stellarium.org |
| Licenses: | GPL-2.0-or-later |
| Submitter: | arojas |
| Maintainer: | carlosal1015 |
| Last Packager: | carlosal1015 |
| Votes: | 75 |
| Popularity: | 0.95 |
| First Submitted: | 2022-04-01 18:43 (UTC) |
| Last Updated: | 2025-01-04 13:49 (UTC) |
Dependencies (19)
- calcmyskyAUR
- freetype2 (freetype2-macosAUR, freetype2-qdoledAUR, freetype2-gitAUR)
- gpsd
- libglvnd (libglvnd-gitAUR)
- libindi (libindi-gitAUR)
- libpng (libpng-gitAUR, libpng-apngAUR)
- nlopt
- openssl (openssl-staticAUR, openssl-gitAUR)
- qt6-charts
- qt6-multimedia
- qt6-positioning
- qt6-serialport
- qt6-webengine
- qxlsx
- cmake (cmake-gitAUR) (make)
- mesa (mesa-minimal-gitAUR, mesa-wsl2-gitAUR, mesa-amd-bc250AUR, mesa-gitAUR, amdonly-gaming-mesa-gitAUR, mesa-amber) (make)
- ninja (ninja-kitwareAUR, ninja-memAUR, ninja-fuchsia-gitAUR, ninja-gitAUR, ninja-jobserverAUR) (make)
- qt6-tools (make)
- man-db (optional) – manual pages for stellarium
Required by (0)
Sources (3)
vishvas commented on 2023-10-08 04:40 (UTC)
CaliforniaCoach commented on 2023-10-07 13:39 (UTC) (edited on 2023-10-07 13:39 (UTC) by CaliforniaCoach)
@carlosal1015 I tried, but same result. Note: To import the key from the key server you suggested, I had to give gpg the option "--allow-weak-digest-algos", too.
So as far as I can see, I got the right key into my local gpg database, no problem (although I had to use "--allow-weak-digest-algos" to allow SHA-1 for importing the key). But the problem is that "makepkg" still does not allow that SHA-1 signature/key and rejects the sig check.
Note: I use gpg version 2.2.41:
$ gpg --version
gpg (GnuPG) 2.2.41
libgcrypt 1.10.2-unknown
Copyright (C) 2022 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: /home/bernd/.gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
CaliforniaCoach commented on 2023-10-07 13:31 (UTC)
If I do it with additional option "--allow-weak-digest-algos" for gpg, it works. Don't know if it is possible to somehow tell "makepkg" to allow SHA-1 accordingly?
$ gpg --verify -v --allow-weak-digest-algos stellarium-23.3.tar.gz.asc stellarium-23.3.tar.gz
gpg: enabled compatibility flags:
gpg: Signature made Mon 25 Sep 2023 03:12:04 PM CEST
gpg: using RSA key F57F309D74C9A94E2B6AA5D09380E47C0374E169
gpg: using subkey 9380E47C0374E169 instead of primary key BF38D4D02A328DFF
gpg: using subkey 9380E47C0374E169 instead of primary key BF38D4D02A328DFF
gpg: using pgp trust model
gpg: Good signature from "Alexander Wolf <alex.v.wolf@gmail.com>" [unknown]
gpg: using subkey 9380E47C0374E169 instead of primary key BF38D4D02A328DFF
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 7915 1C2E 6351 E727 8DA1 A730 BF38 D4D0 2A32 8DFF
Subkey fingerprint: F57F 309D 74C9 A94E 2B6A A5D0 9380 E47C 0374 E169
gpg: binary signature, digest algorithm SHA512, key algorithm rsa1024
CaliforniaCoach commented on 2023-10-07 13:28 (UTC)
$ gpg --verify -v stellarium-23.3.tar.gz.asc stellarium-23.3.tar.gz
gpg: enabled compatibility flags:
gpg: Signature made Mon 25 Sep 2023 03:12:04 PM CEST
gpg: using RSA key F57F309D74C9A94E2B6AA5D09380E47C0374E169
gpg: Note: signatures using the SHA1 algorithm are rejected
gpg: using subkey 9380E47C0374E169 instead of primary key BF38D4D02A328DFF
gpg: WARNING: signing subkey 9380E47C0374E169 has an invalid cross-certification
gpg: Can't check signature: General error
carlosal1015 commented on 2023-10-07 13:27 (UTC)
Hi @CaliforniaCoach, I tried today and it works, maybe you could made an attempt before with this command gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 79151C2E6351E7278DA1A730BF38D4D02A328DFF
dimich commented on 2023-10-07 13:23 (UTC)
@CaliforniaCoach What is output of
$ gpg --verify -v stellarium-23.3.tar.gz.asc stellarium-23.3.tar.gz
?
CaliforniaCoach commented on 2023-10-07 12:21 (UTC) (edited on 2023-10-07 12:22 (UTC) by CaliforniaCoach)
I am getting a PGP signature verification error, even though I have received the required keys (I know I could disable sig checking, then building works fine, but I would feel better with enabled sig checking):
$ makepkg -s
==> Making package: stellarium 23.3-1 (Sat 07 Oct 2023 02:13:40 PM CEST)
==> Checking runtime dependencies...
==> Checking buildtime dependencies...
==> Retrieving sources...
-> Found stellarium-23.3.tar.gz
-> Found stellarium-23.3.tar.gz.asc
-> Found indi-2.0.patch
==> Validating source files with md5sums...
stellarium-23.3.tar.gz ... Passed
stellarium-23.3.tar.gz.asc ... Skipped
indi-2.0.patch ... Passed
==> Validating source files with sha256sums...
stellarium-23.3.tar.gz ... Passed
stellarium-23.3.tar.gz.asc ... Skipped
indi-2.0.patch ... Passed
==> Verifying source file signatures with gpg...
stellarium-23.3.tar.gz ... FAILED (error during signature verification)
==> ERROR: One or more PGP signatures could not be verified!
Note: This is different to the error which I get if I do not have the keys at all. In that case, the last two lines look like this:
stellarium-23.3.tar.gz ... FAILED (unknown public key 9380E47C0374E169)
==> ERROR: One or more PGP signatures could not be verified!
Mr.Smith1974 commented on 2023-05-12 06:21 (UTC)
% gpg --recv-keys 9380E47C0374E169
gpg: keyserver receive failed: Server indicated a failure
afontenot commented on 2023-03-07 08:14 (UTC)
Anyone who isn't using the telescope control plugin (probably the overwhelming majority of us) can simply remove the libindi dependency and build with
-DUSE_PLUGIN_TELESCOPECONTROL=0
As of version 1.2, that's the only code that uses it.
Pinned Comments
carlosal1015 commented on 2022-11-01 05:22 (UTC)
Pre-built binaries of this package and its dependencies can be found in the arch4edu repository.
carlosal1015 commented on 2022-04-02 19:14 (UTC) (edited on 2022-07-07 16:46 (UTC) by carlosal1015)
Important note: Is recommended to receive the following key before to install:
Also is possible skip the verification, adding the flag for (e.g
makepkg,yay)--skippgpcheck,--nopgpfetch, respectively.