packer - ERROR: One or more PGP signatures could not be verified!

Question

I'm trying to install ncurses5-compat-libs on Arch Linux with packer.

But I get this error:

==> ERROR: One or more PGP signatures could not be verified!

How can I fix it?

Answer 1

You should stick to a manual installation using makepkg and understand how the compilation and installation process from the AUR works before using an AUR helper.

Anyway, you have to import the PGP signature of the package before you install it. You can install the package without verifying its PGP signature but you shouldn't do it. You can import the PGP signature of ncurses5-compat-libs by using this command:

gpg --keyserver pgp.mit.edu --recv-keys F7E48EDB

Read the makepkg man page and this article before installing another package from the AUR.

Answer 2

I would like to extend the answer a bit.

==> Verifying source file signatures with gpg...
datamash-1.1.1.tar.gz ... FAILED (unknown public key 0A11B61D3657B901)
==> ERROR: One or more PGP signatures could not be verified!
==> ERROR: Makepkg was unable to build datamash.

Yes you need to add the key. That won't work until you have created your own gpg key.
You only need to generate your own key once.

gpg --full-gen-key

Then you can import the key that is holding up the build process.

gpg --recv-key 0A11B61D3657B901
gpg --lsign 0A11B61D3657B901

If you want to understand what is going on here is some reading
http://allanmcrae.com/2015/01/two-pgp-keyrings-for-package-management-in-arch-linux/

as well as the arch wiki.
https://wiki.archlinux.org/index.php/Arch_User_Repository
https://wiki.archlinux.org/index.php/GnuPG

Answer 3

Option 1 (recommended)

It is also important to keep the archlinux-keyring-package and the system up-to-date - especially the archlinux-keyring-package.

A not up-to-date archlinux-keyring-package can cause PGP signatures to be missing and thus problems with the PGP signatures.

--

Option 2 (not recommended)

As a quick and dirty fix this was proposed on the archbang forum:

Warning: Following these instructions chould damage yours and others system with dangerous malware!

Installation without (!) integrity check: packer -S --skipinteg <package>