Arch Linux User Repository

This package makes use of GPG keys for integrity verification. Here are the PGP keys you need to import (if you trust them):

$ gpg --recv-keys A917B1ECDA84AEC2B568FED6F50ABC807BD5DCD0 528995BFEDFBA7191D46839EF9BA0ADA31CBD89E 1729F83938DA44E27BA0F4D3DBDB397470D12172

Receiving GPG keys might fail with the following error message: $ gpg: keyserver receive failed: Connection refused. If this happens, just check your DNS or use other ones.

Knowing the source and having checked the integrity manually, I went with

makepkg --skipinteg

Thanks for maintaining this package

If --skipinteg isn't working, try --skippgpcheck. Not sure if the first includes the other.

-Michael.

Hi,

That was the same problem yramagicman was having. See my comment there, but to summarize:

Either run the command "gpg --receive-keys <...>" where <...> is the strings between validpgpkeys=( and the following ) without the apostrophes, or

in ~/.gnupg/gpg.conf add the following line:

keyserver-options auto-key-retrieve

Hope this helps,

-Michael.

==> Verifying source file signatures with gpg...

php-7.1.15.tar.xz ... FAILED (unknown public key F9BA0ADA31CBD89E)

==> ERROR: One or more PGP signatures could not be verified!

Sorry about that -- not sure how I missed it. It's fixed now.

The php71-fpf systemd service file is wrong. ExecStart is /usr/bin/php-fpm but should be /usr/bin/php-fpm71, currently all php71-fpm jobs will actually use the system php.

Hi,

There's a couple options:

First, if you just want to verify php71-noconflict and won't need to for any other packages very often, open the PKGBUILD, and look for validpgpkeys=

Take each line after that which is surrounded by '', and type gpg --receive-keys <...> where <...> is the string of letters and numbers between the ''.

Second, if you build many packages from the AUR with pgp checks, you can add the following to ~/.gnupg/gpg.conf:

keyserver-options auto-key-retrieve

In the first case you will have imported all of the pgp keys into your keyring, so makepkg can verify the package. In the second case you will automatically import any needed keys into your keyring, thus being able to verify any package that uses validpgpkeys

Hope this helps!

-Michael.

PGP keys for php-7.1.14.tar.xz could not be verified. What's the best fix?

 serenity ~/Sites
 > yay -S php71-noconflict                                                                                                                                                                                                        [ 10:26 am ]
:: Querying AUR...
[Aur: 1]  php71-noconflict-7.1.14-4

1 php71-noconflict                         (Build Files Exist)
==> Packages to cleanBuild?
==> [N]one [A]ll [Ab]ort [I]nstalled [No]tInstalled or (1 2 3, 1-3, ^4)
==> A
==> PKGBUILDs to edit?
==> [N]one [A]ll [Ab]ort [I]nstalled [No]tInstalled or (1 2 3, 1-3, ^4)
==> N
:: Deleting (1/1): /home/jonathan/.cache/yay/php71-noconflict
:: Downloading PKGBUILD (1/1): php71-noconflict
==> Making package: php71-noconflict 7.1.14-4 (Tue Mar 20 10:27:12 EDT 2018)
==> WARNING: Skipping dependency checks.
==> Retrieving sources...
  -> Downloading php-7.1.14.tar.xz...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   184  100   184    0     0    968      0 --:--:-- --:--:-- --:--:--   968
100 11.6M  100 11.6M    0     0  1389k      0  0:00:08  0:00:08 --:--:--  762k
  -> Downloading php-7.1.14.tar.xz.asc...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   184  100   184    0     0    910      0 --:--:-- --:--:-- --:--:--   906
100   825  100   825    0     0   1673      0 --:--:-- --:--:-- --:--:--  1673
  -> Found apache.patch
  -> Found apache.conf
  -> Found php-fpm.patch
  -> Found php-fpm.tmpfiles
  -> Found php.ini.patch
  -> Found enchant-2.patch
==> Validating source files with sha256sums...
    php-7.1.14.tar.xz ... Passed
    php-7.1.14.tar.xz.asc ... Skipped
    apache.patch ... Passed
    apache.conf ... Passed
    php-fpm.patch ... Passed
    php-fpm.tmpfiles ... Passed
    php.ini.patch ... Passed
    enchant-2.patch ... Passed
==> Verifying source file signatures with gpg...
    php-7.1.14.tar.xz ... FAILED (unknown public key DBDB397470D12172)
==> ERROR: One or more PGP signatures could not be verified!
Error downloading sources: php71-noconflict